Overview
Contractor Hub is designed with a security-first approach across our infrastructure, application, and operational processes. We continuously improve safeguards to protect customer data.
Data Protection
- Encryption in transit via TLS 1.2+ for all connections.
- Encryption at rest for databases and backups.
- Least-privilege access controls and scoped API credentials.
Application Security
- OWASP-aligned secure coding practices and reviews.
- Rate limiting, CSRF protection, and input validation.
- Dependency monitoring and regular patching.
Operational Security
- Role-based access control and MFA for internal tools.
- Backups with routine restore testing and retention.
- Monitoring, alerting, and incident response procedures.
Compliance & Privacy
We align with industry best practices and are committed to protecting personal data as described in our Privacy Policy.
Responsible Disclosure
If you believe you’ve found a security issue, please contact us at security@contractorhub.app with details. We take reports seriously and will respond promptly.