Data Processing Agreement
DPAGDPR Article 28 processor terms covering sub-processors, international transfers, breach notification, and deletion.
- Version
- v1.2
- Effective
- 17 July 2026
- File
- PDF · 4 KB
Bespoke pricing for bid teams, consortia and framework leads running 15+ tenders a month. Everything in Scale, plus the controls larger organisations need.
Separate workspaces per business unit or framework, with cross-workspace answer library sharing.
Okta, Azure AD, Google Workspace. SCIM provisioning available.
DPA, SOC 2 report, penetration test summary, and named data-processing contacts.
Direct ingest from SharePoint, OneDrive or your internal DMS as the answer library source of truth.
Send these straight to your procurement, legal, and infosec teams. For SOC 2 reports and penetration-test summaries under NDA, request them in the form above.
GDPR Article 28 processor terms covering sub-processors, international transfers, breach notification, and deletion.
Technical and organisational controls: hosting, encryption, access control, logging, backups, and incident response.
Documents are provided for review purposes. The DPA becomes binding on countersignature as part of the Enterprise order form.
Let your bid team sign in with the same account they use for everything else. BidClarity supports SAML 2.0 and OpenID Connect, with just-in-time provisioning so new team members get access the moment IT adds them to the right group.
Any SAML-compliant IdP. Signed assertions, encrypted attributes, IdP-initiated or SP-initiated flows.
OpenID Connect authorization code flow with PKCE for modern identity platforms.
Users at your verified email domain(s) are automatically routed to your IdP — no separate login URL.
Optional. Push user create, update and deprovision events directly from your IdP.
Tell us in the enquiry form above (or email hello@bidclarity.co.uk) that you want SSO, and which IdP you use.
You receive our ACS (assertion consumer) URL, Entity ID, and required attribute mappings for your IdP admin.
Reply with your IdP metadata URL (or XML) and the email domain(s) that should route through SSO.
SSO goes live in your workspace, usually within one business day. Users at your domain sign in through your IdP from then on.
email, given_name, family_name