Security & Trust

Your project — and the money behind it — protected by design.

Schetech holds sensitive commercial data: programmes, claims, feasibilities, drawings, and the financier figures behind a build. We treat protecting it as a first-class part of the product, not an afterthought. Here's how.

How we protect your data

The controls below are built into the platform and verified by an automated security test suite that runs on every change.

Tenant isolation

Every organisation's data is walled off from every other. Isolation is enforced in code and covered by a dedicated cross-tenant test suite — one builder can never see another's projects, prices, or figures.

Encryption in transit

All traffic is served over TLS (HTTPS), with strict transport security and modern response-security headers applied to every request.

Role-based access

Least-privilege access by role — owner, finance, construction manager, PM, client, subcontractor. Subcontractors only ever see their own scope; financier and developer figures are gated to the parties involved.

Strong authentication

Salted, hashed passwords, brute-force throttling, durable sessions, plus optional two-factor authentication and single sign-on (Google) for staff accounts.

Encrypted backups & recovery

The database runs on durable storage with automated nightly encrypted backups to independent object storage, a 30-day history, and a tested restore procedure. A backup we can't restore isn't a backup.

Secure by build

A security test gate runs on every code change — tenant-isolation, access-control coverage, and injection checks must pass before anything ships. Changes are code-reviewed with security in mind.

Your data, your control

It's your data. You can see it, take it, and have it removed.

Infrastructure & monitoring

Reputable hosting

Hosted on established cloud infrastructure with a persistent, backed-up data store. Secrets are held in a managed secrets store, never in code.

Daily health checks

An automated canary checks the live service every morning — availability, database health, security headers, and backup freshness — and alerts us if anything drifts.

Rate limiting & abuse protection

Login, password-reset, and public endpoints are rate-limited to resist credential-stuffing and abuse.

Minimal attack surface

A deliberately lean stack with very few third-party dependencies keeps the supply-chain surface small.

Independent testing & roadmap

We're honest about where we are. Schetech has been through a thorough internal security review and hardening programme, with automated testing guarding every release. As we scale, our roadmap adds:

Building a security or procurement questionnaire? We're glad to complete it and share our controls in detail — just ask.

Questions about security?

Talk to us directly — we'll walk your team through our controls.

Contact us