Start Your Project
Case study · Construction & contracting
SealedWorks

Sealed bids and audit trails you can prove.

Tender decisions worth millions were being made over email and spreadsheets, with no way to prove the process was fair. We built the neutral procurement integrity layer: locked criteria, sealed pricing, blind evaluation and a verifiable certificate for every work package.

Sealed pricing protocol Blind evaluation Verifiable certificate
Sector
Construction
Region
GCC · UAE
Scope
Procurement platform
Roles
Contractor · sub · consultant
Output
Integrity certificate
The product

A guided tour of SealedWorks

Five screens from a live tender - step through the platform contractors, subbies and consultants use every day.

SealedWorks - Contractor dashboard (desktop)
SealedWorks - Contractor dashboard (ipad)
SealedWorks - Contractor dashboard (mobile)
SealedWorks - Integrity certificate (desktop)
SealedWorks - Integrity certificate (ipad)
SealedWorks - Integrity certificate (mobile)
SealedWorks - Subcontractor compliance (desktop)
SealedWorks - Subcontractor compliance (ipad)
SealedWorks - Subcontractor compliance (mobile)
SealedWorks - Create a work package (desktop)
SealedWorks - Create a work package (ipad)
SealedWorks - Create a work package (mobile)
SealedWorks - Import the bill of quantities (desktop)
SealedWorks - Import the bill of quantities (ipad)
SealedWorks - Import the bill of quantities (mobile)
01 / 05 Contractor dashboard

Every active work package, bids received and pool health in a single view.

The challenge

Most tenders are organised. Few are defensible.

Tender decisions worth millions were made over email and spreadsheets. Pricing could be seen before the deadline, evaluators knew who had bid, and there was no tamper-evident record of who submitted what, or when. When an award was challenged - by a losing subbie, an auditor or the board - the process was honest, but a spreadsheet and an inbox could not prove it.

Pricing visible before deadline
Evaluators could see who bid
No tamper-evident record
What we built

An online tender portal where criteria are locked, pricing is sealed, evaluation is blind, and every award ends in a certificate anyone can verify.

01Sealed bid submission
Bids are encrypted on arrival and stay locked until the deadline passes - not even the contractor can open one early.
02Blind evaluation
Identities are redacted on every score sheet. Evaluators score independently; scores stay sealed until consensus.
03Append-only audit trail
Every action is timestamped, hashed and chained. Tampering with a single entry breaks the chain.
04Integrity certificates
Each award is sealed into a verifiable SHA-256 certificate any third party can check independently.
05Role-based access
Contractors, subbies and consultants each see only their slice of a tender, and nothing more.
Procurement routes

Four routes, one standard of proof

Not every award needs to be fully blind. Each route produces a proportional, independently verifiable certificate - the assurance matches the procurement, and the proof is always there.

Maximum assurance
Full Blind
Certificate
Independently Verified Blind Procurement
High assurance
Structured Open
Certificate
Verified Open Procurement
Moderate assurance
Selective
Certificate
Selective Procurement - Contractor-Curated Pool
Minimum assurance
Negotiated / Direct
Certificate
Direct Award - Justification Required
Feature 01

Bids stay sealed until the moment they shouldn't

Subbies submit priced bids through the portal. Each is encrypted the instant it lands and stays locked until the deadline - not even the contractor can open a bid early. When the clock runs out, every bid unseals at once onto a single tender board.

01Encrypted at rest - locked from the moment of submission.
02Unsealed on deadline - all at once, never early.
03One board - every bid compared on the same criteria.
WP-0142 · MEP HVAC Sealed · 14d 06h
Sealed bids · 6 of 8 submitted
Bidder Status Ref
Bidder ASealed8F14E45F
Bidder BSealed2C3D4A91
Bidder CSealed7B3E4D8F
Bidder DSealed9A2B3C5E
Signature moment · Feature 02

Every award carries a certificate anyone can verify

When an award is made, SealedWorks assembles the decision into a Procurement Integrity Certificate stamped with a SHA-256 hash of the underlying record. Change a single line and the hash no longer matches. A losing subbie, an auditor or the board can verify it independently, without access to the system.

Procurement integrity certificate

MEP HVAC - Al Maryah Tower

Certificate idPIC-2026-AMT-MEP-9A2B3C
Bids received6 of 8 invited
Anonymity ratio2.0 : 1
Awarded valueAED 4,200,000
Issued28 Mar 2026 16:42 GST
SHA-256 chain-of-custody
8f14e45fceaab570a3f2c8b1d94e7120cd7c8d22
SHA-256 hash Public verification link Tamper-evident
Feature 03

Compliance that is current, not last quarter's PDF

Every subcontractor's documents - trade licences, insurances, certifications - live in one register with expiry dates the system watches. Pool health is assessed against a 2:1 anonymity ratio before a package is ever tendered, so compliance stops being a scramble at award time.

01Documents & expiry - watched automatically, flagged before they lapse.
02Pool health - anonymity ratio checked before tendering.
03One register - every subbie in a single place.
Subcontractor compliance 11 trades
Subcontractor Document Status
Al Rashid HVACTrade licenceValid
Gulf MechanicalInsuranceExpires 12d
Premier FireTrade certExpires 18d
Skyline SteelISO 9001Valid
Feature 04

Build a tender from the bill of quantities, not from scratch

Import a bill of quantities straight from a spreadsheet and SealedWorks turns it into structured, line-item work packages. Criteria are locked and hashed before a single subbie is invited, and reusable templates mean the next package of the same shape starts most of the way done.

01BoQ import - straight from a spreadsheet, no re-keying.
02Locked criteria - fixed and hashed before invitations go out.
03Reusable templates - the next package starts ahead.
Create package · import BoQ 142 items
BoQ-AMT-MEP.xlsx · imported
Item Description Qty
M-01AHU supply & install12 no
M-02Ductwork - GI rectangular2,400 m²
M-03Chilled water piping1,850 m
M-04VAV terminal units86 no
Integrations

A work package starts from your estimate, not a blank form

SealedWorks connects to the estimating and commercial systems contractors already run. During Create Work Package, a priced bill of quantities is pulled in and mapped to line-item packages automatically - no re-keying, and no detail lost between the estimate and the tender.

Causeway RIB CostX Excel / CSV
Create Work Package
BoQ mapped on import
Structured BoQ
Priced line items
CausewayFlagship integration

During Create Work Package, SealedWorks pulls a priced bill of quantities straight from Causeway and maps it to structured, line-item packages. Estimators keep working where they already work, and the tender begins from real numbers rather than a re-typed spreadsheet.

RIB CostX

Measured quantities and rates, imported without re-keying.

Bluebeam

Takeoff quantities brought across without re-measuring.

Excel / CSV

Any bill of quantities as a spreadsheet, mapped on import.

Custom connectors

A bespoke connector built to whatever system you already run.

Every integration is built by BY BANKS to fit the contractor - not an off-the-shelf plugin. If it holds your bills of quantities, it can feed a work package.

How it works

From bill of quantities to a sealed, certified award

01
Lock criteria

Scope and evaluation criteria are fixed and hashed before any invitation.

02
Invite the pool

Subbies are selected against a recommended 2:1 anonymity ratio.

03
Seal pricing

Bids are encrypted on submission and stay locked until the deadline.

04
Blind evaluation

Identities are redacted; evaluators score independently until consensus.

05
Award & certify

The decision is sealed into a verifiable integrity certificate.

Architecture

Built to prove it, and to run lean

The production platform runs in a single UAE region, with a small number of deliberate decisions doing the heavy lifting - on cost, on responsiveness and on the integrity guarantees the certificate depends on.

Presigned S3 - files move browser-to-S3 direct via presigned URLs, and never touch the app server.
Users / roles
Contractor
Subcontractor
Consultant
sealedworks.com - PHP on Sevalla
Static marketing, off the AWS bill
Edge
Route 53
CloudFront
WAF
AWS me-central-1 · UAE data residency
Application tier
ALB
Fargate - web
Nuxt 3 SSR
Fargate - workers
BullMQ background jobs
ECR
NAT Gateway
Data tier
Aurora Serverless v2
Postgres · append-only audit
ElastiCache Redis
Queue + cache
S3presigned
Versioned documents
Supporting
Secrets Manager CloudWatch AWS Backup Resend / SES GuardDuty
Redaction pipeline - Textract + Comprehend + RekognitionPhase 2
Strips PII, logos and letterheads to protect blind-route integrity
Polling 15-30s, no WebSockets Append-only audit log Blind ID isolation PIC verify - SHA-256, no login Encrypted at rest
Presigned S3, direct

Uploads and downloads run browser-to-S3, so document traffic never hits the app tier. Compute and storage margins hold as volume grows.

Polling, not sockets

Live updates poll every 15-30 seconds. Procurement is not a trading floor, so there are no WebSockets or sticky sessions to scale.

Append-only audit

The audit log carries no UPDATE or DELETE permissions. Every action is recorded once, permanently, and feeds the certificate hash.

Blind ID isolation

The mapping between contractor identity and tender number is cryptographically isolated - hidden even from database admins during an active tender.

UAE data residency

Everything runs in AWS me-central-1, with WAF and GuardDuty in place for tier-1 client security requirements.

Serverless data tier

Aurora Serverless v2 scales with the spikes around tender deadlines, then settles back to a low floor between them.

We priced a leaner stack - Sevalla with Cloudflare R2 and Neon Postgres - at roughly a third of the AWS cost, and chose AWS anyway. Guaranteed UAE data residency was non-negotiable for the founding client. The marketing site stays on PHP, hosted separately and off the AWS bill, so it never depends on product uptime.

Result

Every award is defensible.

Procurement disputes drop because the decision trail is complete and tamper-proof. When an award is questioned, the answer is a certificate, not a search through inboxes.

Complete audit trail Independently verifiable Tamper-evident
Built with

A secure web application with encrypted bid storage and role-based access control.

Encrypted bid storage

Bids are unreadable until the deadline unseals them - even to us.

Role-based access control

Contractors, subbies and consultants each see only their slice.

Tamper-evident audit trail

Every award sealed with a SHA-256 certificate anyone can verify.

Design system

The system behind the surface

SealedWorks was built on its own design system - a system of record that looks like the artefact it produces. Two surfaces, one ledger-green accent, three typefaces each doing one job.

Palette
Slate
#1F2630 · chrome
Slate deep
#0F1418 · deepest
Parchment
#F2EBD8 · canvas
Parchment 25
#FBF7EC · highest
Ledger green
#4F6F4A · accent
Ledger 800
#2A4226 · certified
Bronze
#A8794A · seal
Bronze 500
#C9944F · CTA
Signal amber
#B8854A · warning
Signal rust
#A84A2E · error
Typography
Marcellus · display
SealedWorks
Procurement you can prove
Inter · interface
Aa Bb Cc 0123

Body, nav, buttons, fields and table cells. Ninety-five per cent of the interface.

JetBrains Mono · evidence
PIC-2026-AMT-MEP-9A2B3C
8f14e45fceaab570a3f2c8b1d
AED 4,200,000
Components
Status pills
Sealed In evaluation Locked Expiring
Buttons
Book a demo Verify certificate How it works
Card & hash row
Work packageWP-0142
MEP HVAC · Al Maryah TowerTendering
SHA-256 verification id
8f14e45fceaab570a3f2c8b1d94e7120cd7c8d22
Get in Touch

Ready To Transform?

Let's discuss how we can build the systems
and intelligence your business needs.

Paul Banks
Paul Banks Founder & Lead Consultant I handle all enquiries personally and look forward to hearing about your project.

Quick Assistance

Chat with us directly on WhatsApp.

Open WhatsApp →

Email Us

Gmail, Outlook, Yahoo & more.

Choose your email app →

BY BANKS L.L.C-FZ

License No. 2425027.01

Meydan Free Zone, Dubai, UAE

Procurement-ready · UAE registered

Not ready to talk yet? See if we're the right fit Pick your preferred AI and it'll ask about your project, then assess whether BY BANKS is a good match. AI-generated output, not BY BANKS advice. See our Terms.

Web clients open in a new tab

Still exploring?

We'd love to help you find what you're looking for. Whether you have a project in mind or just want to learn more about what we do.