Security

How we protect your project data and your clients’ information.

Your project data is safe with us.

All data encrypted in transit (TLS 1.3) and at rest (AES-256)

Hosted in the UK — your data never leaves the UK/EU

Role-based access control with row-level database isolation

Share links are cryptographically random and unique — revocable at any time

PIN and email-gated sharing — you control exactly who sees each project

Full audit trail of all access events, update publishes, and authentication activity

GDPR compliant — self-service data export and account deletion built in

Designed to align with Cyber Essentials standards

No tracking or advertising cookies — session cookies only

EXIF metadata (including GPS) stripped from all uploaded photos on ingestion

Share PINs stored as bcrypt hashes — the raw PIN is never stored or logged

Rate limiting and account lockout on all authentication endpoints

Encryption

All traffic served over HTTPS with TLS 1.3. HTTP requests are automatically redirected.
HSTS (HTTP Strict Transport Security) enforced with preload.
Database encrypted at rest with AES-256.
Uploaded site photos stored encrypted at rest with AES-256.

Authentication & Sessions

Email/password authentication with industry-standard bcrypt hashing.
Google OAuth available as an alternative sign-in method.
Sessions use secure, HttpOnly, SameSite=Strict cookies.
Rate limiting on all authentication endpoints — repeated failures trigger a temporary account lockout.
Account lockout sends an immediate email alert to the account holder.
Share PINs stored as bcrypt hashes — the raw PIN is never stored or accessible.
Email magic links for client share access are single-use and expire after use.

Data Isolation

Every API query is scoped to the authenticated organisation. It is architecturally impossible for one organisation to read or modify another organisation’s data through any application route. Public viewer routes serve only the data fields explicitly enabled by the project manager — no internal IDs, cost data, or audit logs are ever exposed to unauthenticated viewers unless the PM has enabled that section.

AI Processing

The AI draft feature is powered by the Google Gemini API. When you use it, stage names, progress percentages, and your typed notes are sent to Google’s API to generate a draft summary. Google’s API terms prohibit use of API data for model training. No data is retained by Google after the request completes. Use of this feature is restricted to paid plan subscribers.

Cyber Essentials Alignment

SiteGlance is designed to support organisations that require Cyber Essentials or Cyber Essentials Plus certification from their supply chain.

Control	Our Implementation
Firewalls	Managed infrastructure with network-level DDoS protection. No direct public access to the database or application server.
Secure Configuration	No default passwords. All secrets stored as environment variables. Strict security headers (CSP, HSTS, X-Frame-Options) enforced on every response.
User Access Control	Role-based access (Owner, Member). Every database query is scoped to the authenticated organisation — cross-org access is architecturally impossible. No shared accounts.
Malware Protection	File uploads validated by MIME type and re-encoded through a server-side image processing pipeline. Executable file types are rejected. Content-Security-Policy headers prevent XSS attacks.
Patch Management	Regular dependency audits. Managed hosting platform with automated OS-level security patching.

Sub-Processors

We use the following third-party services to deliver SiteGlance. All are bound by appropriate data processing agreements.

Provider	Purpose	Region	Notes
Google LLC (Gemini API)	AI update summary generation	US	No data retention after request. API terms prohibit use for model training.
Stripe	Payment processing	US/EU	PCI DSS Level 1 certified. Card data never touches our servers.
Resend	Transactional email	US	Used for magic links, notifications, and stale project reminders only.
OpenWeatherMap	Site weather data	EU	Only a project postcode is sent. No personal data transmitted.

Vulnerability Disclosure

If you discover a security vulnerability in SiteGlance, please report it responsibly to support@siteglance.co.uk. We will acknowledge receipt within 48 hours and aim to resolve critical issues within 7 days.

Contact

For security questions or concerns: support@siteglance.co.uk