Your data. Your control.
RFxAI is built with enterprise-grade security from the ground up. ISO 27001 aligned, SOC 2 roadmap in progress, and In country.
Procurement data is sensitive. We treat it that way.
Procurement teams will not trust a platform that mixes their data. RFxAI is designed from the ground up for confidentiality, company separation, and procurement-grade compliance.
Company data stays in your silo
Every company on RFxAI gets its own isolated knowledge environment. Your proposals, certifications, and procurement documents are never shared with other companies.
Buyer and seller data never crosses
The platform is architected so that buyer procurement documents and seller bid data are completely separated. Winning a tender does not expose your pricing or strategy to competitors.
Sensitive bid information stays protected
Go/No-Go decisions, win/loss records, proposal drafts, and evaluation scores are scoped to your organization and protected from any external access.
RFxBrain is your private knowledge layer
Your company knowledge base is built exclusively from information you upload. RFxAI's AI uses your data to generate answers — it is not trained on your data and does not share it.
Permission-controlled access
Team members only see what they are authorized to see. Role-based access controls, audit logs, and approval workflows ensure procurement integrity at every step.
Built for procurement-grade compliance
SOC 2 Type II in progress. ISO 27001 aligned. Data residency in Qatar and the GCC. Designed for regulated government and enterprise procurement environments.
Built for enterprise trust
Security and data sovereignty are not afterthoughts — they are foundational to how RFxAI is engineered, from infrastructure through to access controls.
SOC 2 Aligned
Our security controls are designed to meet SOC 2 Type II standards. Formal certification audit is in progress.
ISO 27001 Aligned
Information security management aligned with the ISO 27001 framework. Formal certification underway.
GDPR Compliant
Full GDPR compliance for all EU data subjects. Privacy-by-design principles are foundational to the platform.
Enterprise Controls
End-to-end encryption at rest and in transit
Single Sign-On (SSO) and multi-factor authentication
Granular role-based access control (RBAC)
Your data is never used to train AI models
Security by design
Data Residency
- All data stored in Microsoft Azure Qatar Region
- No cross-border data transfer without explicit consent
- Aligned with Qatar Personal Data Protection Law
- GDPR-compatible data handling practices
Encryption
- AES-256 encryption at rest for all stored data
- TLS 1.3 encryption for all data in transit
- Encrypted database backups with key rotation
- End-to-end encrypted file uploads
Access Control
- Role-based access control (RBAC) across all modules
- SSO support (SAML 2.0, OIDC) for enterprise accounts
- Multi-factor authentication required for all accounts
- Principle of least privilege for internal systems
Compliance
- Aligned with ISO 27001 information security framework
- SOC 2 certification roadmap in progress
- Regular third-party penetration testing
- Vulnerability disclosure programme
AI Security
- Your data is never used to train AI models
- Isolated, single-tenant AI inference environments
- Model output filtering for sensitive content
- Audit logs for all AI-generated content
Monitoring & Response
- 24/7 automated threat detection and alerting
- Defined incident response plan with SLAs
- Customer notification within 72 hours of breach
- Regular disaster recovery drills
Responsible Disclosure
If you believe you've discovered a security vulnerability in RFxAI, please report it responsibly. We investigate all reports and will acknowledge receipt within 48 hours.
Report a Vulnerability