Security & Compliance
How we protect your construction financial data.
Data Security
ConstructIQ is built on Supabase and Lovable Cloud infrastructure. All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. Authentication is provided by Supabase Auth with support for email/password and Google SSO.
Access Controls
ConstructIQ implements role-based access control (RBAC) with five roles: Owner, Admin, Project Manager, Viewer, and Accountant. All data is isolated by organization using Row Level Security (RLS) enforced at the database level. No user can access another organization's data. Sessions automatically time out after 30 minutes of inactivity, and quarterly access reviews are recorded in the SOC 2 Evidence Center.
Backups & Recovery
ConstructIQ project financial data is backed up continuously via Supabase WAL archiving with daily snapshots retained 7 days. Owners verify and log a successful snapshot at least monthly in the SOC 2 Evidence Center, and restore tests are documented as part of disaster recovery readiness.
Sub-Processors
| Vendor | Purpose | Region |
|---|---|---|
| Supabase Inc. | Database and authentication | US |
| Anthropic PBC | AI analysis features | US |
| Lovable AB | Application hosting | EU/US |
| Stripe Inc. | Payment processing | US |
SOC 2 Status
ConstructIQ is currently pursuing SOC 2 Type II certification. Security assessment documentation is available to enterprise customers under NDA. Contact security@constructiqinsights.com.
Reporting Security Issues
To report a security vulnerability, email security@constructiqinsights.com. We commit to acknowledging reports within 48 hours and providing remediation timelines within 5 business days.
GDPR
For data subject requests under GDPR including access, correction, deletion, or portability requests, contact privacy@constructiqinsights.com. We will respond within 30 days.