BidPacto

Legal

Security

This page summarizes BidPacto's practical security posture for account access, workspace persistence, AI processing, and billing integration.

Last updated

Product Security

  • Authentication uses Firebase-supported sign-in methods when configured, including magic link and Google sign-in.
  • Workspace data is scoped by user id in Firebase-backed storage when Firebase is enabled.
  • Public marketing pages and authenticated workspace pages are separated by route and host conventions.
  • Billing checkout and webhooks are handled server-side with Polar tokens and webhook verification secrets.
  • Full payment card numbers are not stored by BidPacto.

Customer Content

BidPacto processes RFPs, company sources, extracted text, generated answers, and review metadata to provide the requested workspace features. Users should only upload content they are authorized to process.

Customer Content may be sent to configured AI providers when needed for extraction, retrieval, drafting, or summarization.

Operational Safeguards

  • Secrets are expected to be stored in deployment environment variables, not in client-side code.
  • Server billing routes require Polar credentials before checkout or webhook handling can operate.
  • Access to production systems should be limited to people with a business need.
  • Support and incident handling should prioritize payment, account, security, and data exposure issues.

Incident Reporting

Report suspected vulnerabilities or data exposure to security@bidpacto.com. Include the affected account, route, browser or request details, and reproduction steps if safe to share.

We aim to investigate credible reports promptly and notify affected customers or authorities where required by law.

Customer Responsibilities

  • Use a secure email account and protect your sign-in provider.
  • Review workspace members and shared devices before uploading confidential proposal data.
  • Do not upload regulated data unless you have confirmed the service is suitable for that data.
  • Export and submit final proposal files through your normal secure process.