Your company data — bid history, rates, project details, ABN — is commercially sensitive. Here is exactly how we protect it.
Last updated: May 2026
The Bindy web application is hosted on Vercel’s global edge network with automatic SSL termination. All HTTP traffic is upgraded to HTTPS.
All subscriber data (company profiles, bid history, pipeline) is stored in Supabase hosted in the ap-southeast-2 (Sydney, Australia) region. Data does not leave Australian borders as part of core platform operations.
Bid generation and tender classification use Anthropic’s API (servers in the United States). Tender text and your company profile context are transmitted to Anthropic as part of this process. No data is retained by Anthropic for model training under their standard data processing agreement.
Daily digest emails are sent via Resend (US-based). Email addresses and tender summaries are transmitted for delivery purposes only.
All client-to-server communication is encrypted using TLS 1.2+ (TLS 1.3 preferred). Vercel enforces HTTPS on all routes; HTTP requests are redirected automatically.
Supabase encrypts all data at rest using AES-256. Encryption is applied at the storage layer — data is encrypted before being written to disk and decrypted on authorised read.
Passwords are never stored in plaintext. Authentication is delegated entirely to Supabase Auth, which uses bcrypt-based hashing with a per-user salt.
Every Supabase table has Row-Level Security (RLS) policies enforced at the database layer. An authenticated subscriber can only read and write their own rows — not other subscribers’ data.
The Supabase service-role key (which bypasses RLS) is only loaded inside API routes that explicitly require it. It is never exposed to client-side code or included in the JavaScript bundle.
All LLM-spending endpoints (bid generation, capability statement, tender analysis) are rate-limited by IP address using in-database counters. This limits the blast radius of any credential exposure to a capped number of AI calls per hour.
In addition to IP rate limits, per-user monthly usage caps are enforced server-side. Generating unlimited AI content is not possible regardless of how requests are crafted.
Admin-level dashboard access (subscriber management, impersonation for support) is restricted to email addresses in a server-side allowlist. There is no admin role in the database that can be escalated to from a subscriber account.
Company name, ABN, email, trades, certifications, notable projects, insurance details, bid drafts, pipeline status, and account preferences. We do not store payment card numbers (Stripe handles billing and provides only masked card metadata).
Your company profile and bid content are never shared between subscribers. They are not used to train AI models. You can export all your data at any time from Account Settings → Export my data.
You can delete your account from Account Settings → Delete my account. This cancels your subscription, soft-deletes your subscriber record, and schedules a hard delete of all your data within 30 days — matching the retention period described in our Privacy Policy.
Soft-deleted rows are purged by an automated cron job at the 30-day mark. Supabase retains point-in-time backups for a rolling 7-day window (this is a platform constraint, not deliberate retention). No personally identifiable information is retained in application-level storage after the 30-day mark.
Bindy collects and handles personal information in accordance with the Australian Privacy Principles (APPs). Our Privacy Policy (at bindy.au/privacy) describes collection, use, disclosure, and how to access or correct your information.
Daily digest emails include a one-click unsubscribe link in the footer and RFC 8058 List-Unsubscribe headers. Clicking unsubscribe does not require login and takes effect immediately.
Subscription invoices are issued by Stripe and include the applicable GST line item. Our ABN is disclosed on all tax invoices.
.env and .env.local files are gitignored. API keys, database URLs, and service-role keys are stored as Vercel environment variables scoped per environment (production / preview / development) — never hardcoded in source.
Anthropic’s automatic GitHub key-scanning is active on the repository. Keys detected in commits are revoked within hours of the push.
Every push to master runs a CI workflow: TypeScript type-check, ESLint, and a production build. Builds that introduce type errors or import failures cannot be deployed to production.
Node.js and Python dependencies are reviewed for security advisories. npm audit and GitHub Dependabot alerts are monitored.
2026-04-15 — Anthropic API key exposure (resolved)
An ANTHROPIC_API_KEYwas committed in plaintext to an agent runner script on 2026-04-09. Anthropic’s automatic GitHub key-scanning detected and revoked the key within hours. The file was rewritten to read the key from a gitignored .env file. A new key was provisioned and stored only in runtime environments. No customer data was exposed; the key had no access to subscriber databases.
Why git history was not rewritten: The leaked key was revoked before any third party could realistically use it. Rewriting history would invalidate all downstream SHAs, breaking Vercel build logs and CI references. For a secret that is no longer valid, the disruption cost outweighs the security benefit.
If you discover a security issue, please report it responsibly. Do not open a public GitHub issue or pull request for security-sensitive findings.
Security:We appreciate responsible disclosure. There is no formal bug bounty programme at present, but we will acknowledge researchers who help us improve security.