Security Policy

How Does StructionSite Keep Your Business Secure?


Protecting Customer Data

At StructionSite our approach to security is simple: Your data belongs to you, and we take the job of protecting it very seriously. We aim to be transparent about how we do that by providing a security overview here.


Data Encrypted in Transit and at Rest

All traffic between mobile device applications, web browsers, backend servers, and databases are secured with industry-standard 2048-bit encryption. This means all sensitive data is kept incredibly safe while in transit.

Photos and images, team communications, and all other customers data are also encrypted in transit and at rest. They are not shared with anyone but designated collaborators on a project.

Data and files on the mobile device are secured according to the corporate policy of the company owning the device, for example, requiring passcodes to unlock the device, and encrypting all stored data while it is locked. Once uploaded to our secure servers, the original files are removed from the device.

Your files, photos, and other media are at least as secure as anywhere else they are stored on the phone/device.


Data Storage and Removal

Customer data is removed as soon as it is deleted or expires. This is why we advise our customers to make backups or export their data to another file management system before deleting it on StructionSite. Current customers should always contact us when in doubt.


Secure Login with Password

A password is required to log in to StructionSite.com or the StructionSite mobile app. Your unique password is encrypted using SSL when sent to our servers, and is encrypted with a hash function on the server.

Logging into the StructionSite mobile app always requires the user to enter their password, and we don’t provide an option to “save” the password after logging out on the mobile app.

Only the person created who created their password knows what it is. We never transmit or store passwords in plain text, and we can not read or decrypt them ourselves. This is why we require a customer to rest their password when it is forgotten.


Controlled Access

StructionSite offers enhanced access controls to data. Different user permission levels allow for control over who can access data, and who can give others access to information.

Project administrators can manage certain types of access to shared data. For example, when you generate public share links to view photos, the administrator can globally turn those off.

Our mobile app also allows for the ability to securely transfer and remove photos from the hardware upon capture, to prevent unwanted leakage of sensitive project imagery.


Safety in the Cloud

Depending on Google and Amazon to solve our core infrastructure problems allows StructionSite to focus on our customers and solving their problems. Google and Amazon employ teams of physical security staff and digital security engineers so we don’t have to.

Read more about how each of our cloud providers solve security in general:

Google Security Model

AWS Security Compliance


Native Mobile Development Philosophy

We believe in developing native mobile experiences, not only for better performance but the well-known security enhancements that come with being able to leverage a mobile operating systems’ security protocols.

We choose to develop on native iOS to leverage best-in-class security tools to minimize vulnerabilities which can be exposed in non-native development frameworks.


Further Questions? Please Ask!

We hope this overview shows how committed StructionSite is to keeping our customers data secure. This is just an overview, so please contact us with any further questions!