Security

How we protect your construction project data

Enterprise-Grade Security

SpecAlign is built with security at its core. Your construction project data is protected by industry-leading security measures, encryption, and infrastructure.

Infrastructure Security

Secure Cloud Hosting

All data is hosted on enterprise-grade cloud infrastructure with continuous monitoring, providing reliability and security.

99.9% Uptime SLA

Our infrastructure is designed for high availability with redundant systems and automatic failover capabilities.

Geographic Redundancy

Data is replicated across multiple availability zones to ensure durability and disaster recovery capabilities.

Regular Backups

Automated daily backups with point-in-time recovery ensure your data is never lost.

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is protected with TLS 1.3 encryption, the latest security standard.

Encryption at Rest

All stored data, including documents and database records, is encrypted with AES-256 encryption.

Secure Document Storage

Uploaded documents are stored with server-side encryption and access controlled through secure, signed URLs.

Password Security

Passwords are hashed using bcrypt with appropriate cost factors. We never store plaintext passwords.

Access Control

Role-Based Access Control (RBAC)

Granular permissions system allows you to control exactly who can access, edit, or manage different aspects of your projects.

Multi-Factor Authentication (MFA)

Optional two-factor authentication adds an extra layer of security to your account using authenticator apps.

Multi-Tenant Isolation

Each organization's data is completely isolated. Users can only access data within their own organization and assigned projects.

Session Management

JWT-based authentication with configurable session expiration. Sessions are invalidated on password change or logout.

Audit & Compliance

Comprehensive Audit Logs

All changes to specifications, rooms, and project data are logged with timestamps, user attribution, and before/after values.

Version History

Complete version control for specifications enables you to track changes over time and understand what was installed when.

Change Control Workflows

Optional approval workflows ensure specification changes are reviewed before being applied to your project.

Data Export

Export your project data and audit logs for compliance purposes or backup to your own systems.

AI Processing Security

When you upload documents for AI-powered extraction, your data is handled securely:

  • Documents are transmitted to AI providers over encrypted connections
  • Your documents are not used to train AI models for other customers
  • AI processing occurs in memory and is not permanently stored by AI providers
  • We use enterprise AI APIs with data protection agreements in place

Our Security Practices

Secure Development

Our development follows security best practices including code reviews, dependency scanning, and secure coding guidelines.

Regular Updates

We regularly update our dependencies and infrastructure to address security vulnerabilities promptly.

Monitoring & Alerting

24/7 monitoring for suspicious activity with automated alerts for potential security incidents.

Incident Response

Documented incident response procedures ensure we can quickly address any security issues that arise.

Security Questions?

If you have questions about our security practices or need to report a security issue, please contact us.

Contact Security Team

security@specalign.ai

Ready to eliminate rework?

Join construction teams already saving time and reducing errors with SpecAlign.

Request a DemoView Pricing

14-day free trial • No credit card required