Security & trust

Security & Compliance

How we protect your construction financial data.

Data Security

ConstructIQ is built on Supabase and Lovable Cloud infrastructure. All data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256. Authentication is provided by Supabase Auth with support for email/password and Google SSO.

Access Controls

ConstructIQ implements role-based access control (RBAC) with five roles: Owner, Admin, Project Manager, Viewer, and Accountant. All data is isolated by organization using Row Level Security (RLS) enforced at the database level. No user can access another organization's data. Sessions automatically time out after 30 minutes of inactivity, and quarterly access reviews are recorded in the SOC 2 Evidence Center.

Backups & Recovery

ConstructIQ project financial data is backed up continuously via Supabase WAL archiving with daily snapshots retained 7 days. Owners verify and log a successful snapshot at least monthly in the SOC 2 Evidence Center, and restore tests are documented as part of disaster recovery readiness.

Sub-Processors

VendorPurposeRegion
Supabase Inc.Database and authenticationUS
Anthropic PBCAI analysis featuresUS
Lovable ABApplication hostingEU/US
Stripe Inc.Payment processingUS

SOC 2 Status

ConstructIQ is currently pursuing SOC 2 Type II certification. Security assessment documentation is available to enterprise customers under NDA. Contact security@constructiqinsights.com.

Reporting Security Issues

To report a security vulnerability, email security@constructiqinsights.com. We commit to acknowledging reports within 48 hours and providing remediation timelines within 5 business days.

GDPR

For data subject requests under GDPR including access, correction, deletion, or portability requests, contact privacy@constructiqinsights.com. We will respond within 30 days.