Security You Can
Trust

Your construction billing data is sensitive. We protect it with modern security practices and trusted infrastructure partners.

How We Protect Your Data

Multiple layers of security ensure your billing data stays private and secure.

Encryption at Rest & Transit

All sensitive data is encrypted using AES-256-GCM at rest. All connections use TLS 1.3 encryption in transit.

Role-Based Access Control

Granular permissions with Owner, Manager, Staff, and Viewer roles. All data access is scoped by organization.

Comprehensive Audit Logging

Every significant action is logged with user, timestamp, and metadata for compliance and accountability.

Automated Backups

Daily automated backups with point-in-time recovery. Your data is protected against accidental loss.

Rate Limiting & DDoS Protection

Built-in rate limiting protects against abuse. Vercel Edge Network provides DDoS mitigation.

Security Headers

HSTS, X-Frame-Options, Content Security Policy, and other security headers protect against common attacks.

Built on Trusted Infrastructure

We partner with industry-leading providers who maintain rigorous security certifications.

Vercel

SOC 2 Type II

SOC 2 Type II certified hosting with global edge network

Neon

SOC 2 Type II

SOC 2 Type II certified PostgreSQL with built-in encryption

Clerk

SOC 2 Type II

SOC 2 Type II certified authentication with MFA support

Stripe

PCI DSS Level 1

PCI DSS Level 1 certified payment processing

AWS S3

SOC 2

SOC 2 certified file storage with server-side encryption

Our infrastructure partners maintain their own SOC 2 and security certifications. Rivet inherits security benefits from these certified platforms.

Application Security

Our application is built with security best practices at every layer, from data storage to user authentication.

OAuth tokens encrypted before database storage
Secure session management via Clerk
Input validation and sanitization
SQL injection prevention via Prisma ORM
XSS protection via React and security headers
Webhook signature verification

Data Privacy

Multi-tenant isolation: Your data is strictly isolated from other organizations through application-level controls.

Minimal data collection: We only collect data necessary to provide our services.

No selling of data: We never sell your data to third parties.

Stripe handles payments: We never store credit card numbers. Stripe (PCI DSS Level 1) handles all payment data.

Questions About Security?

We're happy to discuss our security measures and answer any questions you may have.

security@slpwlk.io

Security You Can
Trust

Your construction billing data is sensitive. We protect it with modern security practices and trusted infrastructure partners.

How We Protect Your Data

Multiple layers of security ensure your billing data stays private and secure.

Encryption at Rest & Transit

All sensitive data is encrypted using AES-256-GCM at rest. All connections use TLS 1.3 encryption in transit.

Role-Based Access Control

Granular permissions with Owner, Manager, Staff, and Viewer roles. All data access is scoped by organization.

Comprehensive Audit Logging

Every significant action is logged with user, timestamp, and metadata for compliance and accountability.

Automated Backups

Daily automated backups with point-in-time recovery. Your data is protected against accidental loss.

Rate Limiting & DDoS Protection

Built-in rate limiting protects against abuse. Vercel Edge Network provides DDoS mitigation.

Security Headers

HSTS, X-Frame-Options, Content Security Policy, and other security headers protect against common attacks.

Built on Trusted Infrastructure

We partner with industry-leading providers who maintain rigorous security certifications.

Vercel

SOC 2 Type II

SOC 2 Type II certified hosting with global edge network

Neon

SOC 2 Type II

SOC 2 Type II certified PostgreSQL with built-in encryption

Clerk

SOC 2 Type II

SOC 2 Type II certified authentication with MFA support

Stripe

PCI DSS Level 1

PCI DSS Level 1 certified payment processing

AWS S3

SOC 2

SOC 2 certified file storage with server-side encryption

Our infrastructure partners maintain their own SOC 2 and security certifications. Rivet inherits security benefits from these certified platforms.

Application Security

Our application is built with security best practices at every layer, from data storage to user authentication.

OAuth tokens encrypted before database storage
Secure session management via Clerk
Input validation and sanitization
SQL injection prevention via Prisma ORM
XSS protection via React and security headers
Webhook signature verification

Data Privacy

Multi-tenant isolation: Your data is strictly isolated from other organizations through application-level controls.

Minimal data collection: We only collect data necessary to provide our services.

No selling of data: We never sell your data to third parties.

Stripe handles payments: We never store credit card numbers. Stripe (PCI DSS Level 1) handles all payment data.

Questions About Security?

We're happy to discuss our security measures and answer any questions you may have.

security@slpwlk.io

Security You CanTrust

How We Protect Your Data

Encryption at Rest & Transit

Role-Based Access Control

Comprehensive Audit Logging

Automated Backups

Rate Limiting & DDoS Protection

Security Headers

Built on Trusted Infrastructure

Vercel

Neon

Clerk

Stripe

AWS S3

Application Security

Data Privacy

Questions About Security?

Security You CanTrust

How We Protect Your Data

Encryption at Rest & Transit

Role-Based Access Control

Comprehensive Audit Logging

Automated Backups

Rate Limiting & DDoS Protection

Security Headers

Built on Trusted Infrastructure

Vercel

Neon

Clerk

Stripe

AWS S3

Application Security

Data Privacy

Questions About Security?

Security You Can
Trust

Security You Can
Trust