Security

Built to be trusted
by the people who build.

Construction data — payroll records, GPS coordinates, incident reports, crew information — is sensitive. We treat it that way from the first line of code.

Six layers of protection

01

Encryption In Transit & At Rest

All data in transit is encrypted using industry-standard TLS. Sensitive fields — GPS coordinates, payroll records, personal identifiers — are encrypted at rest using AES-256, provided by our infrastructure providers.

02

Privacy-First GPS

Location is captured only at the exact moment of clock-in and clock-out. The mobile app requests foreground ("when in use") location access only — it never requests background location permission, so there is no continuous or between-shift tracking.

03

Role-Based Access

Workers see only their own data. Project managers see their assigned crew. Admins control organization-wide settings. Access is scoped by role and enforced in every data query, not just hidden in the interface.

04

Organisation Isolation

Every organisation's data is scoped by organisation ID at the database layer. One organisation's timesheets, projects, and reports are not queryable by another organisation's account.

05

Time-Stamped Activity Records

Every clock-in, pause, resume, and clock-out is recorded with a timestamp and sequence number, giving your organisation a reliable record for payroll and disputes.

06

Reversible Account Deletion

Organisation owners can delete their account from the web dashboard, which starts a 30-day recovery period before permanent erasure. Admins and other members delete from the mobile app once they have left every organisation — that deletion is immediate and permanent, with no recovery period. See our Account & Data Deletion page for details.

Our GPS promise

We know where your crew clocked in.
That is it.

PulseIQ captures GPS coordinates at two moments per shift: clock-in and clock-out. The mobile app never requests background location access. Workers are not tracked between events — not during lunch, not while driving home. Not ever.

This is not just policy. The app is architecturally incapable of background tracking because we never request the operating system permission that would allow it.

Location captured at clock-inYes
Location captured at clock-outYes
Worker can view their own GPS historyYes
Background location trackingNo
Continuous GPS monitoring between shiftsNo
Location data sold to third partiesNo

Compliance & certifications

GDPR

Supported

We support data subject rights for EU/UK users — access, correction, deletion, and portability. Data processing agreements available on request.

CCPA

Supported

California consumer privacy rights are supported. We do not sell or share personal information.

Infrastructure Security

SOC 2 Type II

Our cloud infrastructure and database providers are independently audited for SOC 2 Type II compliance annually, with regular third-party penetration testing.

Common questions

Do you sell or share worker location data?

Never. GPS data is used solely for work-site verification within your organisation. It is never sold, shared with third parties, or used for advertising.

Can workers see what data is being collected on them?

Yes — full transparency is a core principle. Workers can see every clock-in, clock-out, and GPS coordinate attached to their profile at any time from the mobile app.

Where is data physically stored?

Production data is stored on cloud infrastructure in the United States. We do not currently offer region-specific data residency options.

What happens to our data if we cancel?

You can request account or organisation deletion at any time. Organisation owners get a 30-day recovery period before permanent erasure; admins and other members delete via the mobile app once they have left every organisation, which is immediate and permanent — see our Account & Data Deletion page for details.

How do you handle a security incident?

We take security incidents seriously and will notify affected organisations without undue delay if we become aware of a breach affecting their data, consistent with applicable law.

Have a specific security concern or need documentation for a compliance review?

security@projectpulseiq.com →