Trust & Security
Your project data, protected
Bildura is the system of record for RFIs, pay applications, and the lien chain — so security is not an afterthought. Every organization is isolated from every other, data is encrypted in transit and at rest, and the accountability ledger is tamper-evident by design. SOC 2 readiness is in progress; the controls below are the same control map our in-app auditor evidence pack exports.
7
Controls in place
3
In progress
10
Mapped criteria
Authentication
In placePasswords are bcrypt-hashed; sessions use 256-bit crypto-strong tokens; a password policy rejects weak and email-derived passwords.
Role-based access
In placeEvery server action authorizes the user against the organization before any data is read or written.
Tenant isolation
In placeEvery record is organization-scoped; an automated build check refuses any query that omits the tenant filter.
Encryption
In placeData is encrypted in transit (TLS) and at rest; integration secrets carry an additional application-layer encryption layer.
Tamper-evident audit log
In placeThe accountability ledger is SHA-256 hash-chained — altering, reordering, or deleting any past event is detectable.
Periodic access review
In placeOwners and admins re-confirm who has access on a quarterly cadence; each attestation is recorded as immutable evidence.
Security-event monitoring
In placeSign-ins, failed sign-ins, password resets, and membership changes are captured in a dedicated security-event log.
Change management
In progressEvery code change flows through review, automated checks, and a test-coverage record; branch protection is the remaining step.
Vendor management
In progressA vendor register lists every subservice organization, the data shared, and its own compliance posture.
Availability & backups
In progressThe platform runs on autoscaling managed infrastructure with automated backups; a documented SLA is in progress.
Scope: Security (Common Criteria), Availability, and Confidentiality. Have a security review or need our vendor register? Email security@bildura.com.