Security & Trust

Your data is your business.
We protect it like ours.

BuilderMaxPro handles sensitive financial data, legal documents, and business information. We take that responsibility seriously.

Encryption

All data encrypted in transit (TLS 1.3)
Database encrypted at rest (AES-256)
Session tokens use secure, HTTP-only cookies
API keys and secrets stored in environment variables, never in code

Infrastructure

Hosted on enterprise-grade VPS infrastructure
Automated daily backups with point-in-time recovery
DDoS protection via Cloudflare
SSL certificates auto-renewed via Let's Encrypt
Isolated database instances per environment

Access Control

Role-based access control (Admin, PM, Estimator, Field Worker)
Multi-tenant architecture — company data is fully isolated
Session-based authentication with secure token rotation
All API endpoints require authentication (except public marketing pages)

Data Handling

Your data belongs to you — full export available at any time
No third-party data selling or sharing
Document storage on Cloudflare R2 (S3-compatible, encrypted)
GDPR-aligned data handling practices
Automatic session expiration after inactivity

Compliance & Legal

Texas-based operations and data storage
Lien document generation includes mandatory legal disclaimers
Platform is NOT a law firm — clear compliance automation disclaimers
Bilingual legal glossary reviewed for accuracy (EN/ES)
Notario público distinction clearly communicated per FTC guidance

Security Roadmap

Current commitments and near-term controls for BuilderMaxPro security operations.

SOC 2 Type II auditPlanned Q3 2026

Two-factor authentication (2FA)In Development

Single Sign-On (SSO) for EnterprisePlanned

Audit logging for all data accessIn Development

Penetration testing by third-party firmPlanned Q2 2026

Bug bounty programUnder Review

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please report security issues directly — do not post them publicly. security@buildermaxpro.com

Questions about security?

We're happy to discuss our security practices in detail.

Your data is your business.We protect it like ours.