BLDR implements comprehensive security measures to protect your data. Learn about our encryption, access controls, and security practices.
Encryption
In Transit
- TLS 1.3 encryption for all connections
- HTTPS required (HTTP redirected)
- Certificate pinning in mobile apps
At Rest
- AES-256 encryption for stored data
- Encrypted database backups
- Encrypted file storage
Access Controls
- Role-based access - Users only see what they need
- Project-level permissions - Access limited by assignment
- Session management - Automatic timeout, single session options
- Two-factor authentication - Available for all accounts
Password Security
- Passwords hashed with bcrypt
- Minimum complexity requirements enforced
- Password history prevents reuse
- Secure password reset process
Infrastructure Security
- Hosted on AWS with SOC 2 certification
- Web Application Firewall (WAF)
- DDoS protection
- Regular security audits and penetration testing
- 24/7 monitoring and alerting
Compliance
- SOC 2 Type II compliant infrastructure
- GDPR ready
- CCPA compliant
Security Best Practices for Users
- Use strong, unique passwords
- Enable two-factor authentication
- Don't share login credentials
- Log out on shared devices
- Report suspicious activity immediately
Security Incident Reporting
If you suspect a security issue or unauthorized access, contact us immediately at security@bldr.app