Skip to main content

Trust & Security

Your project data, protected

Bildura is the system of record for RFIs, pay applications, and the lien chain — so security is not an afterthought. Every organization is isolated from every other, data is encrypted in transit and at rest, and the accountability ledger is tamper-evident by design. SOC 2 readiness is in progress; the controls below are the same control map our in-app auditor evidence pack exports.

7

Controls in place

3

In progress

10

Mapped criteria

CC6.1

Authentication

In place

Passwords are bcrypt-hashed; sessions use 256-bit crypto-strong tokens; a password policy rejects weak and email-derived passwords.

CC6.3

Role-based access

In place

Every server action authorizes the user against the organization before any data is read or written.

CC6.6

Tenant isolation

In place

Every record is organization-scoped; an automated build check refuses any query that omits the tenant filter.

CC6.7

Encryption

In place

Data is encrypted in transit (TLS) and at rest; integration secrets carry an additional application-layer encryption layer.

CC6.8

Tamper-evident audit log

In place

The accountability ledger is SHA-256 hash-chained — altering, reordering, or deleting any past event is detectable.

CC6.2

Periodic access review

In place

Owners and admins re-confirm who has access on a quarterly cadence; each attestation is recorded as immutable evidence.

CC7.2

Security-event monitoring

In place

Sign-ins, failed sign-ins, password resets, and membership changes are captured in a dedicated security-event log.

CC8.1

Change management

In progress

Every code change flows through review, automated checks, and a test-coverage record; branch protection is the remaining step.

CC9.2

Vendor management

In progress

A vendor register lists every subservice organization, the data shared, and its own compliance posture.

A1.2

Availability & backups

In progress

The platform runs on autoscaling managed infrastructure with automated backups; a documented SLA is in progress.

Scope: Security (Common Criteria), Availability, and Confidentiality. Have a security review or need our vendor register? Email security@bildura.com.