Security at Site Service Pro

Your data is your business. We built our platform from the ground up to keep it that way.

Isolated Databases

Every subscription gets its own dedicated database. Your data is never co-mingled with other customers.

Dedicated Storage

Documents, photos, and files are stored in your own isolated storage container — separate from every other customer.

Private AI Servers

Choose our Private AI option and your AI data never leaves our own network — no third-party cloud AI providers involved.

Tenant-Level Data Isolation

Unlike platforms that use a single shared database for all customers, Site Service Pro provisions a dedicated PostgreSQL database for every subscription. This architecture means:

  • Your project data, timesheets, employee records, and financial information exist only in your database
  • There is no risk of a misconfigured query or software bug exposing one customer's data to another
  • Database backups, retention policies, and restores operate independently per subscription
  • If you cancel your subscription, your database can be cleanly exported and then permanently deleted

Isolated Document Storage

Every subscription receives its own isolated document storage container. Whether you're uploading blueprints, site photos, safety documents, or signed contracts, those files are stored separately from every other customer on the platform.

  • Storage containers are access-controlled per tenant — no shared buckets
  • Files are encrypted at rest and in transit
  • Access is authenticated and authorized through your subscription's unique credentials

Private AI Infrastructure

Site Service Pro offers an optional Private AI tier where all AI processing runs on our own servers, managed by our own team. This means:

  • Your prompts, documents, and AI-generated content never leave our private network
  • No data is sent to OpenAI, Google, or any other third-party AI provider
  • Our AI Gateway at ai.ssvcpro.com routes requests to dedicated GPU servers that we own and operate
  • Ideal for contractors handling sensitive government, defense, or proprietary project data

For customers who don't require private infrastructure, we also offer a Cloud AI tier that uses industry-leading providers with strong privacy agreements in place. You choose the level of isolation that fits your needs.

Encryption

We use encryption at every layer of the stack:

  • In Transit: All traffic is encrypted with TLS 1.2+ (HTTPS everywhere)
  • At Rest: Database storage and document storage are encrypted using AES-256
  • Passwords: Stored using industry-standard hashing (ASP.NET Identity with PBKDF2)
  • API Keys: Hashed and never stored in plain text

Authentication & Access Control

  • Passwords require a minimum of 8 characters with uppercase, lowercase, and numeric requirements
  • Account lockout after 5 failed login attempts
  • Role-based access control within each subscription (admins, project managers, field staff)
  • Separate admin and customer authentication systems to prevent privilege escalation
  • Session cookies are HTTP-only and secured

Infrastructure Security

  • Hosted on enterprise-grade infrastructure with 24/7 monitoring
  • Automated backups with configurable retention per subscription
  • DNS managed through Cloudflare with DDoS protection
  • Regular security assessments and dependency updates
  • Serilog-based audit logging for all administrative actions

Payment Security

We never store your credit card information on our servers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of certification available in the payments industry.

Questions?

If you have security concerns or need more details about our data protection practices, we're happy to talk.

Site Service Pro, LLC
Email: [email protected]
Support: [email protected]
Website: siteservicepro.com
Related Documents