SECURITY & DATA FAQ
Ask us the hard ones.
Everything security teams, procurement, and legal ask us about how we handle contracts and data, answered in full. For the architecture itself, start with the security overview.
Validated on arrival
Type allowlist, 40 MB cap, byte-signature check.
Isolated in your tenant
Row-level security and private storage, enforced by the database.
Every touch logged
Views and downloads, yours and ours, in an audit trail you can read.
Deleted for real
Your retention policy, your export, and a hard delete that removes rows and files.
HOW WE HANDLE YOUR CONTRACTS
What happens the moment I upload a contract?
Where are contract files stored?
Who touches my contract while it is being benchmarked?
How do file downloads work?
Can I share a report with someone outside my organization?
Is emailing contracts in safe?
WHO CAN SEE WHAT
Who can see my contracts?
How is tenant isolation actually enforced?
Can I restrict a contract inside my own organization?
Can VendorBenchmark employees browse customer data?
Is my pricing visible to other customers?
DATA LIFECYCLE
How long do you keep my data?
Can we export everything we have put in?
What happens when I delete a contract?
What happens to our data if we leave?
Are there backups?
AI AND BENCHMARKS
Is my data used to train AI models?
Which AI provider do you use, and what do they see?
How do I know an AI answer is grounded and not invented?
What goes into the benchmark pool from my deals?
IDENTITY AND ACCESS
Do you support multi-factor authentication?
Do you support SSO and automatic provisioning?
Can I see where my account is signed in?
What are the password rules?
How do roles work inside my organization?
How are API keys and integration credentials protected?
INFRASTRUCTURE AND ASSURANCE
Where does the platform actually run?
What hardening is in place at the edges?
Can our security team review you before we buy?
Can we monitor the platform from our own security stack?
How do we report a vulnerability?
What happens if something goes wrong?
A question we didn’t answer? Ask it.
Send your security questionnaire. We answer all of it, and we demonstrate the isolation model live.
Request access