Security

Your job-site data, protected like it matters.

Solis is being built with security as a first-class concern, not an afterthought. Here's where we are today and what's on the roadmap before general availability.

What's in place today

The foundations we build every feature on top of.

Encryption in transit

All traffic between the Solis mobile app, web app, and our servers is encrypted with TLS 1.2+. No plaintext over the wire.

Encryption at rest

Databases and object storage are encrypted at rest using AES-256 via our cloud provider's managed keys.

Least-privilege access

Production access is restricted to a short list of engineers, gated by SSO with enforced two-factor authentication.

No data selling. Ever.

We do not sell, rent, or share your crew or job-site data with advertisers, data brokers, or any third party outside the sub-processors required to run the service.

GPS collected only at check-in

We do not continuously track your crew. GPS is captured at the moment of check-in and check-out to verify presence, then stopped.

Your data, exportable

You can export your projects, photos, timesheets, and invoices at any time. Cancel your account and your data stays downloadable during the export window.

On the roadmap

Work underway between here and general availability.

  • 1

    SOC 2 Type II readiness

    We are implementing the policies, evidence collection, and monitoring required for a SOC 2 audit. We have not yet completed an audit and make no claim of certification today.

  • 2

    Audit logs for admin actions

    Every account-level change (user added, role changed, data exported) is written to an immutable log available to the account owner.

  • 3

    Third-party penetration test

    Before general availability, we'll engage an independent firm for a full pen test and publish a summary of findings and remediations.

  • 4

    Responsible disclosure program

    A public channel for security researchers to report issues with a documented response SLA.

Found something? Tell us.

If you believe you've discovered a security issue, reach us through the waitlist signup on our homepage. We take every report seriously and will respond within two business days.

Reach us via the waitlist