Bidor

Compliance

Built with security and compliance standards in mind from day one.

Compliance Standards

BIDOR is built on AWS infrastructure that meets rigorous compliance standards. While we don't claim specific certifications, our platform is designed to support your compliance requirements.

AWS Compliance Foundation

By leveraging AWS services, BIDOR benefits from industry-leading compliance programs:

  • AWS Infrastructure Security: Our infrastructure runs on AWS, which holds SOC 2, ISO 27001, and other certifications for its data centers
  • ISO 27001: Information security management system standards
  • PCI DSS: Payment processing through Stripe (PCI DSS Level 1 certified)

GDPR Readiness

BIDOR implements features to support GDPR compliance:

  • Right to Access: Users can export their data at any time
  • Right to Deletion: Complete data removal upon request
  • Data Minimization: We only collect necessary information
  • Consent Management: Clear terms of service and privacy policy
  • Data Portability: Export data in standard formats
  • Breach Notification: Procedures for timely notification of data breaches

Regulatory Compliance

Note

BIDOR is built with security best practices and runs on AWS infrastructure that holds industry certifications. We are not currently SOC 2 or HIPAA certified. If your organization has specific compliance requirements, please contact us to discuss how we can support your needs.

Security Features for Compliance

BIDOR includes features to help you meet your compliance obligations:

  • Audit Trails: Complete logging of all workflow actions, approvals, and data changes
  • Access Controls: Role-based permissions and organization isolation
  • Encryption: TLS 1.3 in transit and AES-256 at rest
  • Document Classification: Confidentiality levels (Public, Internal, Confidential, Restricted)
  • Digital Signatures: Timestamped approval signatures with IP tracking

Data Residency

Your data is stored in AWS data centers:

  • Primary region: US East (N. Virginia)
  • Backup and disaster recovery in multiple AWS regions
  • Data does not leave AWS infrastructure
  • Enterprise customers can request specific region preferences

Vendor Security

We carefully vet all third-party services:

  • AWS: Industry-leading security certifications for its infrastructure
  • Stripe: PCI DSS Level 1 certified for payment processing
  • MongoDB: Industry-standard security practices
  • All vendors undergo security assessments before integration

Your Responsibilities

Shared responsibility model for compliance:

Your Organization's Responsibilities:

  • Properly classify sensitive data using confidentiality levels
  • Assign appropriate roles and permissions to team members
  • Train users on security best practices
  • Maintain strong passwords and enable MFA when available
  • Review audit logs regularly
  • Report security concerns promptly

Continuous Improvement

We continuously improve our security and compliance posture:

  • Regular security assessments and penetration testing
  • Monitoring of security advisories and patches
  • Employee security training programs
  • Incident response procedures and drills
  • Continuous monitoring and alerting

Need Compliance Documentation?

Contact us at hello@bidor.ai for compliance documentation, security questionnaires, or to discuss your specific regulatory requirements.

Back to DocsSecurity Best Practices