Security & Privacy
Your bid content is
private. Always.
BidWriter stores everything on UK-hosted infrastructure, isolated per organisation, and your content is never used to train AI models. Here is exactly what that means.
UK-hosted infrastructure
All BidWriter data — your bids, bid library, pipeline, and AI-generated content — is stored on UK-based servers. We do not transfer your data outside the United Kingdom. This matters for organisations with UK data residency requirements and for aligning with UK GDPR expectations.
- UK data centres only
- No transatlantic or cross-border data transfer for stored content
- Aligns with UK GDPR Article 44 requirements
- Operated by eSourcing Data Ltd, a UK-registered company
Data isolation per organisation
Your organisation's bids, bid library content, past responses, case studies, and AI drafts are completely isolated from all other organisations on the platform. There is no shared pool of bid content. No other user or organisation can see what you have written, uploaded, or generated.
- Strict per-organisation data partitioning
- No cross-organisation content sharing or pooling
- Your bid library is private to your account only
- AI drafts are not visible to any other user or organisation
Your data is not used for AI training
Content you upload, write, or generate in BidWriter is not used to train any AI model — ours or anyone else's. AI responses are generated in isolated inference calls and discarded. Your commercially sensitive bid content, pricing strategies, and case studies stay entirely within your organisation.
- Zero use of your content for model training
- AI inference is stateless — no content stored in model memory
- Third-party AI providers (where used) are contracted under data processor agreements with equivalent protections
- No opt-in or opt-out required — this is the default, always
GDPR compliance
BidWriter is built and operated under UK data protection law (UK GDPR and the Data Protection Act 2018). eSourcing Data Ltd acts as data controller for user account information and data processor for organisational bid content. A Data Processing Agreement (DPA) is available on request for organisations that require one.
- UK GDPR compliant by design
- Data Processing Agreement (DPA) available on request
- Lawful basis for processing clearly documented
- User rights (access, erasure, portability) supported on request
Encryption and access controls
Data is encrypted in transit (TLS 1.2+) and at rest. Access to your BidWriter account is protected by secure authentication via NextAuth, with optional organisation-level seat management. Admin accounts have the ability to remove users immediately.
- TLS 1.2+ encryption in transit
- Encryption at rest for stored bid content
- NextAuth-based authentication with secure session handling
- Seat and role management: add or remove users from your team settings
Confidential bid content
Procurement bid responses frequently contain commercially sensitive pricing, delivery models, team CVs, financial information, and proprietary methodologies. BidWriter is designed for this. Your content is private by default, stored in your organisation's isolated account, and never used or surfaced in any way beyond your own team.
- Commercially sensitive bid content stays private to your organisation
- No analytics or insight products that could expose your bid strategy
- Staff do not access customer bid content except where explicitly requested for support
- Content deletion on account closure: request full deletion at any time
Security questions
Common questions from procurement and compliance teams.
Need a Data Processing Agreement?
A DPA is available on request for organisations with formal data-processing documentation requirements. Contact us with your organisation name and we will return it within 2 working days.
Request a DPA →Ready to write better bids?
Free plan. No credit card. UK-hosted. Your data stays yours.