Mitigate Procurement

Security and privacy

How your procurement documents and data are protected.

Procurement documents are sensitive. They contain pricing, strategy, technical details, and sometimes personal data. Here's how we handle them.

Data storage

Documents are stored in Amazon S3 (AWS cloud storage) with encryption at rest. Access is restricted to your organization's account - other users can't see your files.

Analysis results, findings, scores, and metadata are stored in a PostgreSQL database, also encrypted at rest.

All connections between your browser and our servers use HTTPS (TLS encryption in transit).

Who can access your data

  • Your organization members - everyone in your organization sees all procurements, documents, and results
  • Platform administrators - for troubleshooting and support purposes only
  • No one else - your data is not shared with other customers, and not used to train AI models

AI processing

When you run an analysis, your documents are sent to AI services (language models) for processing. Here's what that means:

  • Document text is sent to the AI provider for reading, searching, and analysis
  • The AI provider doesn't store your data for training purposes. We use API access with data processing agreements that prohibit training on customer data.
  • Processing happens in real time - text is sent, processed, and the response comes back. There's no persistent copy at the AI provider.

The AI providers we use (Anthropic, OpenAI, Google) all offer enterprise API terms with clear commitments about not using API data for model training.

Document parsing

Uploaded files are sent to LlamaParse for text extraction. Similar to AI processing:

  • Files are processed and results returned
  • The parsing service doesn't retain your documents after processing

Authentication and access

  • Email and password authentication
  • Organization-based access - you see everything in your organization, nothing from others
  • No public access - all data requires authentication

Data deletion

When you delete a procurement, all associated data is removed:

  • Uploaded documents are deleted from storage
  • Analysis results, findings, and scores are deleted from the database
  • This is permanent and cannot be undone

When you delete your account, all your data is removed.

What we don't do

  • We don't sell your data
  • We don't use your documents to train AI models
  • We don't share your data with third parties (except the processing services described above)
  • We don't access your documents unless you explicitly ask for support help

If your organization has specific security requirements or needs a data processing agreement, contact us at info@mitigate.dev.

On this page

Data storageWho can access your dataAI processingDocument parsingAuthentication and accessData deletionWhat we don't do