Security
How we treat your data.
The short version: infrastructure we control, encryption where it matters, honest off-boarding, and a real human reading [email protected].
Hosting and tenant isolation
BuilderGrid runs on infrastructure we control. Customer records, documents, and project data are logically isolated by tenant, and raw application state is not shared between customer organizations.
Authentication
Single sign-on through the major identity providers, plus password login with two-factor authentication. Passwords are never stored in a recoverable form. Sessions are short-lived and rotated.
Encryption
Encrypted in transit on every public endpoint and at rest across the database and object storage. Backups are encrypted before they leave the host.
Backups and recovery
Automated backups run on a regular schedule with encrypted off-site copies. Point-in-time recovery is supported. Recovery procedures are documented and rehearsed.
Logging and access
Authentication events, administrative actions, and access to sensitive resources are logged with user, source, and timestamp. Logs are retained for an operationally appropriate window and used during incident response.
Vulnerability disclosure
Found something? Email [email protected] with reproduction steps. A real person reads it, and we will keep you in the loop through fix and disclosure.
Data ownership, export, and deletion
Your customer data is yours. You can request a full structured export at any time and remove your private data on request. Aggregated, anonymized, and entity-level data derived from your use of the platform may be retained at our discretion, consistent with our Privacy Policy.
Aggregated analytics and benchmarking
BuilderGrid uses aggregated, anonymized, and de-identified data from across the platform to power benchmarking and intelligence products such as BuilderBI and TradesBI. These products surface industry-wide patterns and peer comparisons without exposing any individual customer’s identifiable records to another customer. The data rights and opt-out information are described in our Privacy Policy.
AI and machine learning
We do not provide your data to third-party model providers for the purpose of training their foundation models. Where third-party AI services power product features, the data is processed under enterprise terms that prohibit retention or training on it.
Service levels and compliance
Response and uptime commitments are scoped per contract. Different customer tiers get different SLAs, and we will tell you exactly what yours are in writing. Our compliance posture matures alongside the business; security questionnaires are answered honestly with what is in place today and what is planned.