Bank-level encryption, SOC 2 compliant infrastructure, and enterprise-grade access controls — so you can focus on building.
Your project data, financial records, client information, and subcontractor details are critical to your business. We treat every byte of your data with the same care you put into every job. Here is how we protect it.
Opsite runs on Vercel's globally distributed edge network backed by Amazon Web Services (AWS). Both providers maintain SOC 2 Type II, ISO 27001, and SOC 3 certifications, ensuring the physical and logical infrastructure meets the highest industry standards.
All traffic passes through enterprise-grade firewalls and DDoS mitigation. Our infrastructure uses private networking, strict security groups, and automated monitoring to detect and respond to threats in real time.
Production, staging, and development environments are fully isolated. Access to production systems is restricted to authorized personnel and requires multi-factor authentication.
Our infrastructure is designed for high availability with automatic failover, load balancing, and redundant systems. We maintain a 99.9% uptime track record so your operations never stop.
All data transmitted between your browser and Opsite is encrypted using TLS 1.2 or higher. Every connection is secured with strong cipher suites, ensuring your data cannot be intercepted or tampered with in transit.
All stored data — including project files, documents, invoices, and database records — is encrypted at rest using AES-256, the same encryption standard used by banks and government agencies.
Opsite enforces role-based permissions so team members, subcontractors, and clients only see the data they need. Admins control exactly who can view, edit, or manage each part of the platform.
Opsite supports multi-factor authentication to add a second layer of protection to user accounts. Even if credentials are compromised, unauthorized access is blocked.
User sessions are securely managed with automatic expiration and token rotation. Inactive sessions are terminated to minimize exposure from unattended devices.
Subcontractor portals use scoped, time-limited access tokens. Subs can only access their assigned jobs and documents — nothing else. No account creation required, no risk of over-permissioning.
Our codebase follows OWASP best practices. We conduct regular code reviews and use automated static analysis to catch vulnerabilities before they reach production.
Third-party libraries and packages are continuously monitored for known vulnerabilities. We use automated dependency scanning tools and apply security patches promptly.
We perform regular penetration testing and vulnerability assessments to identify and remediate potential security issues. Our security posture is continuously evaluated and improved.
All user inputs are validated and sanitized to prevent injection attacks, cross-site scripting (XSS), and other common web application vulnerabilities.
Your data is backed up automatically on a continuous basis. Backups are stored in geographically separate locations to protect against regional outages or disasters.
Our database infrastructure supports point-in-time recovery, allowing us to restore your data to any moment in time. Your project history, invoices, and documents are never lost.
Opsite maintains a formal incident response plan that covers detection, containment, eradication, recovery, and post-incident analysis. In the event of a security incident:
Opsite complies with the California Consumer Privacy Act (CCPA). California residents can request access to, deletion of, or opt out of the sale of their personal information. See our Privacy Policy for details.
Opsite is built on infrastructure providers (AWS, Vercel) that maintain SOC 2 Type II certifications, ensuring our hosting environment meets rigorous standards for security, availability, and confidentiality.
All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of certification in the payment industry. Opsite never stores credit card numbers or sensitive payment data on our servers.
We evaluate the security posture of all third-party vendors and integrations before incorporating them into our platform. Only services that meet our security standards are used.
We value the work of security researchers and encourage responsible disclosure of any vulnerabilities found in our platform. If you believe you have discovered a security issue, please report it to:
We ask that you give us a reasonable amount of time to investigate and address the issue before disclosing it publicly. We will acknowledge receipt of your report within 48 hours and work with you to understand and resolve the issue promptly.
We are happy to discuss our security practices in detail. Reach out to our team and we will get back to you promptly.
Contact security team →