Construction Scope is built on industry-standard security practices. Customer payment data never touches our servers — it's tokenized and held by Stripe.
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Backups are encrypted and stored across multiple regions.
Owner, Admin, Office, Crew, and Read-only roles. Crews can log time and materials but cannot view financial reports.
Card and ACH details are tokenized and held by Stripe — they never touch Construction Scope servers. PCI compliance is inherited.
Required for Owners and Admins. SMS and authenticator app supported. SSO available on the Pro plan.
Every estimate sent, change order approved, and invoice paid is logged with user, IP address, and timestamp.
Automatic backups every six hours. 30-day point-in-time restore for paid plans, 90-day for Pro.
Data export and deletion available on request. Customer-facing privacy notices included in approval emails.
Active disclosure program with payouts up to $10,000. Report findings to security@constructionscope.net.
Stripe, AWS, Postmark, and Sentry. Full list at constructionscope.net/sub-processors.