Security & Trust, Built Into Every Workflow
Sledge is designed to securely run your construction business—from financial workflows to AI-powered document processing—with full transparency and control.
Built Secure From the Ground Up
Your data is protected across every layer—from infrastructure to AI workflows.
Encryption
Secure Infrastructure
Data Privacy
AI Data Protection
Google Verified
Your Data Is Not Our Product
Your business data is not something we monetize or share.
Sledge exists to help you run your business—not to extract value from your data.
We do not sell your data
We do not use your data to train AI models
We do not share your data with other customers
Your data remains private to your company
Data Ownership & Privacy
Logical separation of company data
No cross-customer visibility
Data only used for workflows
Encryption
TLS (in transit)
AES-256 (at rest via providers)
Encrypted service-to-service communication
Infrastructure
AWS (backend)
Supabase (database & auth)
Vercel (frontend)
GitHub (deployments)
Authentication & Account Security
Email/password via Supabase
Google & Microsoft OAuth
CASA compliance for Google integrations
Secure sessions and tokens
AI Data Handling
No training on customer data
Request-based processing
No cross-customer exposure
Isolated processing
Who Can Access My Data?
Only your team
Limited Sledge employee access
Only for support/debugging
Access is monitored
Security & Compliance Roadmap
Building enterprise-grade security infrastructure, layer by layer
AI Data Handling
Secure cloud infrastructure (AWS, Supabase, Vercel) / Google Security Verification (CASA)
Encryption in transit (TLS) and at rest (AES-256 via providers) / Data isolation and privacy-first architecture
Secure authentication (email/password + Google & Microsoft OAuth)
Bot and abuse protection (CAPTCHA, traffic monitoring) / AI data protection (no training on customer data)
Security Program Formalization
Establish formal security policies and procedures
Begin third-party compliance tooling (e.g., Vanta / Drata)
Implement internal controls aligned with CIS Controls and NIST frameworks
Centralize logging, monitoring, and alerting
SOC 2 Type I
Complete SOC 2 Type I audit
Document controls and operational processes
Establish audit readiness
SOC 2 Type II
Complete SOC 2 Type II audit
Continuous monitoring and evidence collection
Enterprise-grade compliance baseline
Advanced Security & Access Controls
Role-based access control (RBAC)
Multi-factor authentication (MFA)
Granular permissions and access policies / Advanced audit logging
International & Enterprise Compliance
ISO 27001 certification
ISO 27701 (privacy extension, if required)
Expanded data governance controls
Public Sector & Regulated Markets
StateRAMP readiness
CMMC Level 2 alignment
NIST 800-171 alignment
Federal Compliance
FedRAMP Moderate authorization
Expanded controls for high-security environments
