Security

How we protect your tender documents and business data.

Encryption

  • All data encrypted in transit with TLS 1.3
  • Documents encrypted at rest using AES-256
  • Database connections encrypted with SSL

Infrastructure

  • Hosted on AWS with SOC 2 Type II certified infrastructure
  • Data stored in region-specific AWS data centers
  • Automated backups with point-in-time recovery
  • Network isolation with VPC and security groups

Access Control

  • Role-based access control (Owner, Admin, Member, Viewer)
  • Organization-scoped data isolation
  • JWT-based authentication with secure token management
  • Per-project member assignments with granular roles

Data Privacy

  • Your documents are never used to train AI models
  • Strict data isolation between organizations
  • Activity logging for audit trails
  • Data deletion available upon request

Application Security

  • Input validation and sanitization on all endpoints
  • Rate limiting to prevent abuse
  • CORS protection and secure headers
  • Regular dependency updates and vulnerability scanning

Questions about security? Contact us at security@lastdraft.in