Legal

AutoRFP.ai Legal Agreements

  • ISO 27001:2022
  • SOC 2 Type II
  • GDPR
  • CCPA

What is AutoRFP.ai?

AutoRFP.ai is a Software as a Service (SaaS) with customers in 30+ countries that automates the repetitive elements of Request for Proposals (RFPs) by leveraging private Artificial Intelligence (AI).

The platform helps Sales, Marketing and Bid teams to respond to public and private RFPs.

Trusted by Global Enterprises

  • Workforce.com
  • SugarCRM
  • HEPTAGON Capital
  • fintechOS
  • ecoPortal
  • Jobylon
  • IMTC
  • Red Rover
  • MedeAnalytics
  • perk

Other Questions

How does AutoRFP.ai protect my sensitive RFP data?

AutoRFP.ai employs enterprise-grade security measures to protect your sensitive RFP data, including AES-256 encryption both in transit and at rest. We utilize a secure, logically separated environment for each customer with strict access controls based on role-based permissions. Our infrastructure undergoes regular security assessments and penetration testing, with critical vulnerabilities addressed within 24 hours according to our documented vulnerability management procedures. We maintain strict data boundaries between clients and implement comprehensive security controls as part of our ISO 27001:2022 certified information security management system.

Who has access to our RFP content within the AutoRFP.ai system?

Access to your RFP content is strictly limited to authorized users within your organization based on the roles and permissions you configure. AutoRFP.ai employees do not have direct administrative access to production data during normal business operations, as stated in our Data Protection Policy. All access attempts are logged and monitored in accordance with our Logging and Monitoring Policy, with user access rights reviewed annually to ensure appropriate access levels are maintained.

Is my data used to train AutoRFP.ai's AI models?

No. AutoRFP.ai implements logical separation of customer data at the database/datastore level using unique customer identifiers. Our data protection controls ensure that your proprietary RFP responses and content remain isolated from other customers. As explicitly stated in our Terms and Conditions, AutoRFP.ai “will not use Your Data for training of artificial intelligence models.” While we may generate aggregated and de-identified data for improving our services, your specific content is never used to train our AI systems.

What certifications and compliance standards does AutoRFP.ai maintain?

AutoRFP.ai is certified under ISO 27001:2022, the international standard for information security management systems. Our comprehensive security program implements controls across all aspects of our organization, from risk assessment to incident response. We have designed our data handling practices with privacy regulations in mind and can provide customers with documentation to support their compliance needs. For customers in regulated industries, we can discuss specific compliance requirements and our ability to meet them.

How is data segregated between different customers on the AutoRFP.ai platform?

AutoRFP.ai implements strict multi-tenant isolation through logical data segregation. As documented in our Data Protection Policy, “Customer data is logically separated at the database/datastore level using a unique identifier for the customer.” Our application enforces this separation through our API layer, where the customer identifier is included in the access token and used to restrict data access to the appropriate account. All database queries include the account identifier to maintain this separation, ensuring your competitive information remains confidential.

What is AutoRFP.ai's data retention and deletion policy?

In accordance with our Data Retention Policy, customer data is retained for as long as the account is active. When an account is voluntarily closed, expired data is retained for 2555 days (7 years), unless the customer explicitly requests deletion. If an account is involuntarily suspended, there is a 90-day grace period during which the account remains inaccessible but can be reopened if payment obligations are met. After 120 days, suspended accounts are closed and enter the expired state, with data being retained for the 7-year period thereafter (except when legally required to retain longer).

What security measures are in place for AutoRFP.ai's AI capabilities?

AutoRFP.ai's systems, including any AI functionality, operate within our ISO 27001:2022 certified security framework. All systems are subject to our comprehensive security controls, including access management, encryption, monitoring, and vulnerability management. Our secure software development lifecycle ensures that all features, including AI capabilities, undergo appropriate security review before deployment.

How does AutoRFP.ai ensure business continuity and disaster recovery?

AutoRFP.ai maintains a robust business continuity and disaster recovery program as documented in our Business Continuity Plan and Disaster Recovery Plan. Our systems are designed with redundancy in mind, with a Recovery Point Objective (RPO) of 60 seconds and a Recovery Time Objective (RTO) of 6 hours for critical services. In accordance with our policies, we conduct disaster recovery testing at least annually to verify our ability to restore services effectively, ensuring minimal disruption to your business operations in the event of a significant incident.

What is AutoRFP.ai's process for security vulnerability management?

AutoRFP.ai employs a comprehensive vulnerability management program as outlined in our Vulnerability Management Policy. This includes automated vulnerability scanning tools and regular penetration testing. Vulnerabilities are prioritized based on severity, with critical issues addressed within 24 hours, high-severity issues within 7 days, and medium-severity issues within 1 month. We maintain a responsible disclosure program through our dedicated security@autorfp.ai email address, and our Security Officer is responsible for analyzing and reporting security findings.

Does AutoRFP.ai provide an audit trail of user actions within the system?

Yes, AutoRFP.ai maintains comprehensive audit logs for system activities in accordance with our Logging and Monitoring Policy. These logs capture user authentication events, access attempts, data modifications, and administrative actions. Our logging system records details such as the type of action performed, when it occurred, who performed it, and whether it was successful. We retain them for a period sufficient to support security investigations and compliance requirements.

Who do I contact about data protection and privacy at AutoRFP.ai?

Louis Lloyd-Besson, our Chief Technology Officer, serves as the Information Security Officer responsible for privacy and data protection at AutoRFP.ai. For any privacy enquiries, data subject access requests, deletion requests, or questions about how we handle your data, contact security@autorfp.ai and our team will respond in line with our documented response times.

Product Demo

See it in Action

Find 30 minutes to learn more about AutoRFP.ai and what the ROI might be for you.