Effective Date: February 25, 2026
Our Security Commitment
Opsite Solutions LLC is committed to protecting your data with the highest standards of security. As a construction management platform, we understand that you entrust us with sensitive business information including financial data, contracts, client details, and project documentation. We take this responsibility seriously.
Security Features
Encryption
- ✓TLS 1.3 encryption for all data in transit
- ✓AES-256 encryption for data at rest
- ✓HTTPS enforced on all connections
- ✓Encrypted database backups
Authentication
- ✓Secure password hashing (bcrypt)
- ✓Session token management
- ✓Automatic session expiration
- ✓Role-based access controls (RBAC)
Infrastructure
- ✓Hosted on Vercel's secure cloud platform
- ✓SOC 2 Type II compliant infrastructure
- ✓Automatic DDoS protection
- ✓Global CDN with edge caching
Data Protection
- ✓Supabase enterprise-grade storage
- ✓Automated daily backups
- ✓Multi-region data redundancy
- ✓Point-in-time recovery available
How We Handle Your Data
Data Isolation
Each contractor's data is logically isolated. Users can only access data for contractors they are explicitly authorized to view. Our role-based access control system ensures that team members only see what they need to do their job.
Third-Party Integrations
When you connect third-party services like QuickBooks, we use secure OAuth 2.0 authentication. We never store your third-party passwords. Integration tokens are encrypted and can be revoked at any time.
AI & Machine Learning
Our AI features (document categorization, Lino assistant) process your data to provide intelligent recommendations. This processing happens in real-time and we do not use your data to train general AI models. Your business data remains private and is never shared with other customers.
File Storage
Documents, photos, and attachments uploaded to Opsite are stored securely in Supabase's enterprise cloud infrastructure. Files are encrypted at rest and in transit. Access is controlled through the same role-based permissions as other data.
Data Residency
All primary data is stored in the United States. Backups are stored in geographically separate U.S. regions for disaster recovery. We do not store customer data outside the United States unless specifically requested and agreed upon in writing. For Enterprise customers requiring specific data residency arrangements, please contact us at security@useopsite.com.
Compliance & Certifications
SOC 2 Type II
Our infrastructure providers (Vercel, Supabase) maintain SOC 2 Type II compliance
GDPR Ready
Data handling practices aligned with EU General Data Protection Regulation
CCPA Compliant
Full compliance with California Consumer Privacy Act requirements
Our Security Practices
Security-First Development
We follow secure coding practices, including input validation, output encoding, parameterized queries, and regular code reviews focused on security.
Dependency Management
We regularly update dependencies and monitor for known vulnerabilities using automated security scanning tools.
Access Controls
Internal access to production systems is strictly limited, requires authentication, and is logged for audit purposes.
Incident Response
We have documented incident response procedures and will notify affected users promptly in the event of any security incident that may affect their data.
Penetration Testing & Vulnerability Assessment
We conduct annual third-party penetration testing of our application and infrastructure. Critical and high-severity findings are remediated within 30 days. We also perform continuous automated vulnerability scanning of our codebase and dependencies. Results of penetration tests are available to Enterprise customers under NDA upon request.
Business Continuity & Disaster Recovery
We maintain documented business continuity and disaster recovery plans. Key commitments include:
- ✓Automated daily backups with point-in-time recovery
- ✓Multi-region redundancy with automatic failover
- ✓Recovery Time Objective (RTO) of 4 hours for critical systems
- ✓Recovery Point Objective (RPO) of 1 hour for all customer data
- ✓Annual disaster recovery testing
Reporting Security Vulnerabilities
We take security vulnerabilities seriously. If you discover a potential security issue, please report it to us responsibly:
Email our security team:
security@useopsite.comPlease include as much detail as possible about the vulnerability, including steps to reproduce. We commit to acknowledging reports within 48 hours and will work with you to understand and resolve the issue promptly.
Responsible Disclosure Program
We welcome security researchers to report vulnerabilities through our responsible disclosure program. We commit to:
- ✓Acknowledging reports within 48 hours
- ✓Providing an initial assessment within 5 business days
- ✓Not pursuing legal action against researchers who act in good faith and comply with this policy
- ✓Recognizing researchers in our security hall of fame (with permission)
Please report vulnerabilities to security@useopsite.com with the subject line "Security Vulnerability Report."
Your Security Responsibilities
Security is a shared responsibility. To help keep your account secure:
- ✓Use a strong, unique password for your Opsite account
- ✓Never share your login credentials with others
- ✓Log out of shared or public computers
- ✓Report any suspicious activity to our support team immediately
- ✓Keep your device and browser up to date
- ✓Be cautious of phishing attempts - we will never ask for your password via email
Insurance Coverage
Opsite maintains cyber liability insurance and errors & omissions (E&O) insurance policies appropriate for a technology platform handling sensitive business data. Details of coverage are available to Enterprise customers upon request.
Questions?
If you have any questions about our security practices, please contact us:
Security inquiries: security@useopsite.com
General support: support@useopsite.com
Privacy concerns: privacy@useopsite.com