Security built into the platform
WorksiteHQ is designed for compliance-grade trust. Access control, data isolation, and audit logging are enforced at every layer.
How WorksiteHQ protects your data
- Role-based access control — Three roles (Admin, Manager, Viewer) enforced on every API request. Permissions are checked server-side.
- Organisation-level data isolation — All data is scoped by organisation ID at the database and API layer. No cross-organisation access.
- Immutable audit log — Every compliance action is recorded in an insert-only event log with timestamp, actor, and detail.
- Deterministic approval engine — Approved-to-Work status is computed from document state, never manually overridden.
- HTTPS in transit — All connections are encrypted via TLS. No data is transmitted in plaintext.
- Managed infrastructure — PostgreSQL and object storage run on managed cloud services with standard platform-level protections.
Questions about security?
Book a walkthrough and we will show you how WorksiteHQ enforces access control, data isolation, and audit logging in practice.