Buildr's Security Details

Last updated: February 25, 2026

As a web-based application, we recognize the importance of excellent security practices.

This document covers our security practices and policies. If you are looking for our data collection practices, please see our privacy policy.

General Practices

  • Access to servers, source code, and third-party tools requires two-factor authentication.
  • We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues.
  • We are aggressive about proactively applying patches and deploying quickly.
  • We use strong, randomly-generated passwords that are never re-used.

Access Control and Organizational Security

Our employees and contractors sign an NDA before gaining access to sensitive information.

Employees and contractors are given the lowest level of access that allows them to get their work done. This rarely includes access to production systems or data.

Authentication

At sign-up, a customer will receive an email invitation to their company's account. They will then have the ability to invite additional team members. Each invited team member will receive a link to set up their user account with their email and password.

User passwords are hashed using bcrypt before being stored.

Encryption

All communication between the Buildr client and our backend is encrypted with TLS 1.2. Our application is managed by Heroku and uses their Automated Certificate Management service. User data is stored in Heroku Postgres and details of their implementation can be found here.

Vulnerability Detection

Both the client and our backend are regularly scanned for dependencies with known security vulnerabilities.

Vulnerable dependencies are patched and redeployed rapidly.

Hosting

Our application is hosted on Heroku, which runs on top of Amazon Web Services.

Amazon's data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Data Availability

Backups

Buildr's production systems and data are backed up on a regular basis. We run through a checklist to verify data is recorded and usable. Backups are tested on a periodic basis.

Status Page

Buildr service statuses, maintenance updates, and any incidents affecting our users are documented and available at status.buildr.com.

FAQs

How do I report a potential vulnerability or security concern?

If you have a concern please email us at security@buildr.com, which will notify us very loudly and we'll get back to you ASAP.

Are you SOC 2 or ISO 27001 certified?

While we'd eventually love to achieve these certifications, we don't hold them at this time.

Do you conduct background checks on your employees/contractors?

Yes. All employees sign an NDA and undergo a background check before starting.

What insurance do you carry?

  • $3M Cyber Liability (each occurrence)
  • $3M Errors and Omissions (each occurrence)
  • $1M General Commercial Liability (each occurrence)
  • $5M Umbrella Liability (each occurrence)

Any further questions?

Great! Please email us and we'll get back to you.