Trust Center

Security at ContractShield

Built for construction teams that expect strong protection. ContractShield layers secure infrastructure, proven practices, and modern tooling to keep your projects safe.

Infrastructure & encryption

Hosted on SOC 2 and ISO 27001 certified providers (Supabase, Vercel) with TLS 1.3 in transit and AES-256 at rest across databases and object storage.

Identity & access management

Row-level security policies, role-based access controls, and full audit trails on sensitive operations. MFA support available for all accounts.

Application security

Automated dependency scanning, static analysis in CI, CSRF protection, and rate limiting on all API endpoints.

Compliance roadmap

Assurance & certifications

SOC 2 certification is on our compliance roadmap. Today we align with the CIS Critical Security Controls, maintain a vendor management register, and comply with GDPR and CCPA requirements.

Incident response

Prepared for the unexpected

Structured runbooks and predefined escalation paths ensure quick, organized responses during the rare events that require mitigation.

Automated monitoring and alerting on infrastructure and application health around the clock.

Defined severity levels and communication protocols for customer-impacting events.

Post-incident reviews shared with affected customers including remediation timelines.

Report a security concern

Reach out directly for vulnerability disclosures, responsible reporting, or compliance questions.

Email: legal@contractshield.io

We acknowledge security reports within one business day and provide status updates through resolution.