Security

Glass Bids is built for organizations where auditability, access control, and data protection are mission-critical. Our security program is designed to support government procurement, evaluation, finance, and vendor collaboration workflows without adding unnecessary complexity for end users.

Security practices apply to our marketing website, platform infrastructure, and customer environments provisioned under applicable agreements.

Platform access is governed by role-based controls, including:

• Role-based access control (RBAC) aligned to agency workflows.
• Single Sign-On (SSO) integration with enterprise identity providers.
• Secure vendor portals with restricted access to assigned solicitations and documents.
• Separation of duties through configurable approval paths and permissions.

Customer procurement data is protected using administrative, technical, and organizational safeguards, including:

• Encryption of data in transit and at rest.
• Least-privilege access for personnel and systems.
• Secure development and change management practices.
• Logical separation of customer environments in our cloud-native architecture.

For more information on how we handle personal information, see our Privacy Policy.

Glass Bids maintains comprehensive activity logs to support oversight, public records workflows, and internal audits. Logged events may include user authentication, document access, workflow actions, approvals, and configuration changes.

Agencies can use these records to demonstrate accountability, respond to audit requests, and enforce policy-driven governance across the procurement lifecycle.

The platform is deployed on a cloud-native, scalable architecture designed for reliability and operational resilience. We monitor platform health, apply security patches, and maintain backup and recovery procedures appropriate for production workloads.

Specific uptime, disaster recovery, and data residency commitments may be defined in your organization's order form or master agreement.

We maintain procedures to detect, investigate, and respond to security incidents affecting the Services. Customers with active agreements will be notified of confirmed incidents in accordance with contractual obligations and applicable law.

For security questionnaires, vendor assessments, or reported vulnerabilities, contact us at inbox@bids.glass.

Social Glass, Inc.
Salesforce Tower, 415 Mission Street, Floor 37
San Francisco, CA 94105