Security and data protection
Your bid content and company data are commercially sensitive. Here is exactly how we protect them.
How we protect your data
Encryption everywhere
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Your company documents and bid content are never stored in plaintext.
Cloud infrastructure
KimonBids is hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA, automated backups, and geographic redundancy. Infrastructure is provisioned using infrastructure-as-code with no manual changes.
Access controls
Strict role-based access controls ensure your data is only accessible to you. Kimon Services staff access to production data requires multi-factor authentication and is logged and audited.
Application security
We follow OWASP security best practices. The platform undergoes regular security testing. Dependencies are monitored for known vulnerabilities and patched promptly.
GDPR compliance
KimonBids is designed to comply with UK GDPR. We are registered as a data controller with the Information Commissioner's Office (ICO). See our Privacy Policy for full details.
Monitoring and logging
All access to your data is logged. We operate 24/7 infrastructure monitoring with automated alerting for anomalous activity.
Your data, your control
KimonBids does not sell your data. We do not use your bid content or company information for any purpose other than providing you with the service you have subscribed to.
The AI matching and bid drafting features process your data to deliver results for you. We use API agreements with our AI infrastructure providers that prohibit using your data for model training. Your queries are processed and discarded.
You can export your data at any time from your account settings. You can request deletion of your account and all associated data by contacting us at privacy@kimonbids.com. Deletion is permanent and irreversible.
Access your data
Download all your account data at any time from account settings.
Correct your data
Edit your profile and company information directly in the platform.
Delete your data
Request full account deletion. All data removed within 30 days.
Data portability
Export bid history, match data, and documents in standard formats.
Security FAQ
Where is my data stored?
Your data is stored within the UK and EEA on enterprise cloud infrastructure. We do not transfer personal data outside the UK or EEA.
Who can access my company documents?
Your uploaded documents are used solely for AI-assisted bid drafting within your account. They are not shared with other users or organisations. Kimon Services staff cannot access your documents except in exceptional circumstances for support purposes, with your consent.
What happens to my data if I cancel?
Your data is retained for 30 days after cancellation to allow export. After that, it is permanently and irreversibly deleted. You can request immediate deletion by contacting us.
Do you share data with AI providers?
The AI matching and bid drafting features use large language model APIs. Query data (tender text and bid context) is sent to these APIs for processing. We use API agreements that prohibit training on your data. Your data is not retained by the AI provider beyond the request.
Can I get a data processing agreement (DPA)?
Yes. Enterprise customers can request a formal DPA. Contact us at privacy@kimonbids.com.
Do you have Cyber Essentials certification?
We are working towards Cyber Essentials certification. Current security controls align with Cyber Essentials requirements. Contact us for a security questionnaire if needed for your procurement process.
Security questions?
If you need a security questionnaire completed for your procurement process, or have any other security enquiry, contact us directly.
Contact our team