Pillar OS is designed to support construction companies with sales, project management, financial workflows, approvals, documents, and daily operations. We take security seriously and use reasonable administrative, technical, and organizational safeguards to protect customer data.
This page summarizes our current security approach. Security practices may evolve as the platform grows.
Tenant Isolation
Each company account is treated as a separate tenant. Customer data is scoped by company account, and access to company records is limited based on authorized users, roles, permissions, and application-level controls.
Pillar OS is designed so users should only access the company workspace and data they are authorized to view.
Account Access and User Permissions
Customers are responsible for managing their own team members, user access, permissions, and internal controls.
Each customer should only invite authorized employees, contractors, or representatives who need access to the platform. Customers are responsible for removing access when a team member no longer needs it.
Platform Owner Access
Pillar OS may access customer accounts or data when necessary for support, onboarding, troubleshooting, billing, security, product improvement, customer success, or legal compliance.
Platform owner access is limited to legitimate business purposes.
Server-Side Secrets
Sensitive platform credentials, including payment processor keys, service-role keys, AI provider keys, email provider keys, and integration credentials, are intended to remain server-side and should not be exposed in browser code.
Data Protection
Pillar OS uses reasonable safeguards intended to protect customer data from unauthorized access, loss, misuse, or disclosure. However, no software platform, hosting provider, database, network, or internet transmission can be guaranteed to be completely secure.
Customers are responsible for using strong passwords, protecting login credentials, securing their devices, and limiting access to trusted users.
Third-Party Providers
Pillar OS may rely on third-party providers for hosting, authentication, payments, email, storage, analytics, artificial intelligence, and other platform services.
These providers may process customer data only as needed to support the platform and related services.
AI Features
AI features may assist with summaries, drafts, workflows, project notes, financial organization, and other operational tasks. AI-generated content may be incomplete, inaccurate, or require human review.
Customers are responsible for reviewing AI outputs before using them for business, legal, financial, client-facing, or operational decisions.
Customer Data Ownership
Customers retain ownership of the business data they submit into Pillar OS.
Pillar OS does not claim ownership over customer project records, client information, documents, estimates, invoices, expenses, or other business data uploaded or entered into the platform.
Data Export and Offboarding
Upon cancellation or offboarding, customers may request a reasonable export of their business data, subject to technical limitations, account status, payment status, legal obligations, and platform policies.
Pillar OS may retain certain records where necessary for backup, audit, billing, security, legal, tax, fraud prevention, or legitimate business purposes.
Incident Reporting
If you believe you found a security issue or unauthorized access, contact us immediately at: