Security & Compliance

Enterprise-Grade Security

Your construction data protected at every layer — from the database to your browser.

Security Features

🔐

SOC 2 Type II

Audit in progress. We follow SOC 2 security, availability, and confidentiality trust principles. Expected certification Q3 2026.

256-bit AES Encryption

All data at rest is encrypted using AES-256, the same standard used by banks and government agencies. Your data is unreadable without your credentials.

🛡️

TLS 1.3 in Transit

Every byte transferred between your browser and our servers is protected with TLS 1.3. We enforce HTTPS everywhere and reject older protocols.

🧱

Row-Level Security

Powered by Supabase RLS policies. Each user can only access their own organization's data — enforced at the database layer, not just the application layer.

🌍

GDPR Compliant

We honor data subject rights: access, correction, deletion, and export. Data processing agreements available. EU residents can request their data at any time.

🧪

Penetration Testing

Annual third-party penetration tests are conducted by independent security firms. Findings are remediated within 30 days. Reports available under NDA for Enterprise customers.

Built on Supabase + Vercel

Industry-leading infrastructure so you can focus on building — not on uptime.

Cloud Provider

AWS us-east-1 (via Supabase + Vercel)

Uptime SLA

99.9% monthly — Enterprise 99.99%

Automatic Backups

Daily backups with 30-day retention

Point-in-Time Recovery

Restore to any second in the last 7 days

CDN & Edge Network

Vercel global edge — <50ms for 95% of users

Database

PostgreSQL 15 (Supabase managed)

Our Data Practices

We believe your data belongs to you. Full stop.

🚫

We Never Sell Your Data

Your project data, documents, and company information are never sold to third parties — ever. Period.

Data Export Anytime

Export all your data in machine-readable JSON or CSV format at any time from Settings. No hoops to jump through.

🗑️

30-Day Retention After Cancel

When you cancel, your data is preserved for 30 days. After that it is permanently deleted. You can also request immediate deletion.

Responsible Disclosure

Found a security vulnerability? We take all reports seriously. Please email us at security@saguarocontrol.net and we will respond within 24 hours. We do not pursue legal action against good-faith researchers.

✓ We acknowledge receipt within 24h✓ We remediate critical findings within 7 days✓ We credit researchers who disclose responsibly

Questions about security?

Our security team is here to help.

security@saguarocontrol.net

Also see: Privacy Policy · Terms of Service · SLA