Security & data handling
Buyers upload commercially sensitive documents to BidCheck, so here is exactly what happens to them.
Where your documents live
- Uploaded RFPs are stored in a private storage bucket (Supabase, hosted on AWS). Files are never publicly accessible; access requires your authenticated session.
- Every database row is protected by row-level security: your account can only ever read your own documents and reports.
AI processing
- Analysis runs on Anthropic's Claude models via the Anthropic API.
- Your documents are not used to train AI models. Anthropic does not train on API customer data by default.
- Document text is sent to the API for analysis and is not retained by BidCheck beyond the stored file and the generated report.
Deletion
Delete an RFP and its report anytime from your dashboard — removal is immediate. Or email us to delete your entire account and all associated data; we complete account deletions within 7 days.
Sharing
Report share links use unguessable tokens and are read-only. Anyone with the link can view that single report (and nothing else). Don't share the link if you don't want that.
Questions
Email katie@bidcheckapp.com— you'll get an answer from the founder.