Security
Built to be trusted
by the people who build.
Construction data — payroll records, GPS coordinates, incident reports, crew information — is sensitive. We treat it that way from the first line of code.
Six layers of protection
Encryption In Transit & At Rest
All data in transit is encrypted using industry-standard TLS. Sensitive fields — GPS coordinates, payroll records, personal identifiers — are encrypted at rest using AES-256, provided by our infrastructure providers.
Privacy-First GPS
Location is captured only at the exact moment of clock-in and clock-out. The mobile app requests foreground ("when in use") location access only — it never requests background location permission, so there is no continuous or between-shift tracking.
Role-Based Access
Workers see only their own data. Project managers see their assigned crew. Admins control organization-wide settings. Access is scoped by role and enforced in every data query, not just hidden in the interface.
Organisation Isolation
Every organisation's data is scoped by organisation ID at the database layer. One organisation's timesheets, projects, and reports are not queryable by another organisation's account.
Time-Stamped Activity Records
Every clock-in, pause, resume, and clock-out is recorded with a timestamp and sequence number, giving your organisation a reliable record for payroll and disputes.
Reversible Account Deletion
Organisation owners can delete their account from the web dashboard, which starts a 30-day recovery period before permanent erasure. Admins and other members delete from the mobile app once they have left every organisation — that deletion is immediate and permanent, with no recovery period. See our Account & Data Deletion page for details.
Our GPS promise
We know where your crew clocked in.
That is it.
PulseIQ captures GPS coordinates at two moments per shift: clock-in and clock-out. The mobile app never requests background location access. Workers are not tracked between events — not during lunch, not while driving home. Not ever.
This is not just policy. The app is architecturally incapable of background tracking because we never request the operating system permission that would allow it.
Compliance & certifications
GDPR
Supported
We support data subject rights for EU/UK users — access, correction, deletion, and portability. Data processing agreements available on request.
CCPA
Supported
California consumer privacy rights are supported. We do not sell or share personal information.
Infrastructure Security
SOC 2 Type II
Our cloud infrastructure and database providers are independently audited for SOC 2 Type II compliance annually, with regular third-party penetration testing.
Common questions
Do you sell or share worker location data?
Never. GPS data is used solely for work-site verification within your organisation. It is never sold, shared with third parties, or used for advertising.
Can workers see what data is being collected on them?
Yes — full transparency is a core principle. Workers can see every clock-in, clock-out, and GPS coordinate attached to their profile at any time from the mobile app.
Where is data physically stored?
Production data is stored on cloud infrastructure in the United States. We do not currently offer region-specific data residency options.
What happens to our data if we cancel?
You can request account or organisation deletion at any time. Organisation owners get a 30-day recovery period before permanent erasure; admins and other members delete via the mobile app once they have left every organisation, which is immediate and permanent — see our Account & Data Deletion page for details.
How do you handle a security incident?
We take security incidents seriously and will notify affected organisations without undue delay if we become aware of a breach affecting their data, consistent with applicable law.
Have a specific security concern or need documentation for a compliance review?
security@projectpulseiq.com →