Security & Trust

Your bids, pricing, and subcontractor relationships stay yours.

PreconIntel runs on enterprise infrastructure with database-level tenant isolation, end-to-end encryption, and audit logging on every sensitive action — because your estimating data is the most valuable thing in your business.

Request DPAView subprocessors

How your data is protected

Multi-tenant isolation

PostgreSQL row-level security scopes every read and write to your company. Cross-tenant access is mathematically impossible at the database layer, not just enforced in app code.

Encryption at rest and in transit

TLS 1.2+ for every connection. AES-256 at rest for database and object storage. OAuth tokens (Procore, Gmail) encrypted with a separate key before storage.

Least-privilege access

Edge functions split duties between a user-scoped client (for identity verification) and a service-role client (for privileged writes), with explicit tenant filtering on every query.

Audit logging

Every admin action, every destructive operation, every data export is logged with actor, timestamp, and scope. Audit logs are append-only and retained per your contract.

SSRF, webhook, and prompt-injection defenses

URL allowlisting on outbound fetches, HMAC signature verification on inbound webhooks, and untrusted-input wrapping for AI prompts so sub-supplied data can’t hijack the model.

Vendor discipline

Subprocessors are listed publicly and changed only with notice. Data residency stays in US regions by default.

Three things we will never do with your data.

  • We don’t train models on your data. Your bids, scope notes, and subcontractor relationships never become training material for anyone else’s model.
  • We don’t resell or aggregate your pricing. Your benchmarks are yours. Cross-customer benchmarks are never exposed without explicit opt-in.
  • We don’t share subcontractor relationships. Who you invite, who wins, and why are not visible to other customers.

Compliance, honestly.

SOC 2 Type I is in progress. Type II, HIPAA readiness, and GDPR DPAs follow. If your procurement team needs documentation for a specific framework, email security@preconintel.com and we’ll tell you where we are, honestly.