Skip to main content

Security & Privacy

Security4 min read

SiteHut is built for construction teams handling commercially sensitive jobs. Security combines technical controls, role-based access, and clear policies on sitehut.app.

Technical measures

  • Encryption in transit — application traffic uses HTTPS (TLS).
  • Authentication — password login with session tokens; optional API keys for integrations.
  • Backups — production data is backed up on a scheduled basis (operational detail may vary by environment).
  • Separation — workspace data is scoped by workspace identity on API requests (X-Workspace-Id / slug headers).

Access control

  • Workspace roles — Owner, Admin, Editor, Viewer, plus custom RBAC roles. See Roles & permissions.
  • Job team — narrower roles on a single project (viewer, editor, client contact, and others).
  • Permissions — module-level scopes (quotes, expenses, integrations, and so on) gate menus and API access.

Your responsibilities

  • Full policy: Privacy policy (also linked from Legal).
  • Subprocessors and DPA: published on sitehut.app where applicable.