Trust center

Security by separation

BidFury is designed around a simple rule: intelligence does not become authority without passing explicit, inspectable controls.

Current security posture

BidFury is in a private pilot. The current product surface supports read-only Amazon Ads monitoring, shadow recommendations, and offline-safe simulations. Live advertising writes are disabled while the authorization, guardrail, and verification layers are completed and reviewed.

Core controls

Invite-only identity

There is no public BidFury registration path. Access depends on an active invitation and organization membership.

Strong operator authentication

The production design uses verified email sessions and requires TOTP two-factor authentication for privileged roles.

Private service network

Database, workflow, object storage, and Amazon worker services are not intended to be directly reachable from the public internet.

Encrypted credentials

Amazon refresh credentials are stored as versioned authenticated ciphertext and are isolated from the public web surface.

Separated authority

Reasoning, policy, workflow, and Amazon access run across explicit boundaries. The AI layer cannot contact Amazon directly.

Durable audit evidence

Recommendations, policy decisions, approvals, execution attempts, and verification results are represented as distinct records.

What we do not claim

DreamHire does not currently claim a third-party security certification for BidFury. This page describes architectural intent and implemented pilot boundaries, not an independent audit or a guarantee that incidents cannot occur.

Reporting a concern

Pilot operators should report suspected credential exposure, unauthorized access, or unexpected Amazon activity immediately through their established DreamHire contact. Do not include passwords, Amazon tokens, recovery codes, or other secrets in a report.