Security

User authentication is handled through a dedicated identity provider with industry-standard session management and secure sign-in flows.

Access to projects and documents is scoped to authenticated workspace members. Role-based and account-level controls limit exposure of operational data.

Data in transit is protected with encrypted transport (TLS). Stored project files and platform data reside in secure cloud storage architectures with provider-level encryption.

Sensitive operational metadata is handled with the same care as uploaded construction documents.

Uploaded PDFs are processed within controlled application workflows for preview, ordering, and packet generation. File access is mediated through authenticated API routes.

Download and export paths are designed to serve authorized users without exposing raw storage locations publicly.

We use established cloud and infrastructure providers selected for reliability, security features, and operational maturity.

Provider environments are configured to reduce attack surface and support monitoring, patching, and incident response workflows.

Platform activity is monitored for errors, performance degradation, and anomalous behavior to support uptime and incident response.

Operational logging helps diagnose workflow issues while avoiding unnecessary collection of sensitive document content in logs.

Customer project data is logically isolated within the application layer so workspaces do not cross-contaminate documents, metadata, or generated packets.

Access checks are enforced on dashboard, library, and API operations before files or project records are returned.

We are building toward formal compliance programs as the platform scales. We do not claim certifications such as SOC 2 or HIPAA unless and until they are completed and verified.

Security questions, vendor reviews, or enterprise diligence requests can be directed to hello@submittalstack.com.