Keeping your data safe

Bridgit is proudly SOC 2 Type 2 certified. We take a layered approach to ensure your data is always safe, secure, and available to you at all times.

SOC for Service Organizations
Control your transparency

Control your transparency

Bridgit products include robust permissions and data protection that allow for greater control over the accessibility of your data.

  • Cloud-based SaaS
  • Supports SSO via OAuth2.0 with Microsoft, Google, Procore and Autodesk identity providers
  • Strong access controls that include custom permission groups for controlled transparency
Encrypted Data

Encrypted Data

Our trusted infrastructure protects your data at every level.

  • Data is fully encrypted in transit and at rest with RSA 256-bit encryption
  • TLS 1.2 with perfect forward security ciphers and 1.3 with HSTS
Vulnerability assessment and monitoring

Vulnerability assessment and monitoring

Bridgit applications are routinely checked against the Open Web Application Security Project (OWASP) top vulnerability list.

We ensure you always have access to your data with 99% uptime for Bridgit applications.

View our Platform Terms of Service →

Bridgit Security and compliance FAQ

Data Storage and Resiliency

Where is customer data for Bridgit Bench stored?

Bridgit Bench is hosted on AWS in North America.  All customer data is stored in AWS in the US. More specifically: We host on the west coast across multiple Availability Zones and have Disaster Recovery infrastructure in central US.

Is customer data in Bridgit Bench backed up?

Yes, customer data in Bridgit Bench is backed up continuously and the backups are encrypted at rest.  Customer data is also replicated across availability zones.

Does Bridgit have a Disaster Recovery and Business Continuity Plan?

Yes, Bridgit has a Disaster Recovery and Business Continuity Plan.

Data Retention

How long does Bridgit retain customer data? Can a customer request deletion of their data?

By default, we retain customer data for the duration of your contract. If a customer requests the deletion of their data, we will delete their data within 90 days unless legally prohibited. Customer data that is part of the historical data import prior to implementation will be retained only as long as needed by the implementation team and will be deleted within 100 days of collecting the data from the customer.

Security Compliance and Certifications

What security compliance/certifications does Bridgit have?

Bridgit currently has certification for SOC 2 Type 2.  Bridgit has no other security compliance/certifications at this point in time. SOC 2 Type 2 report can be shared with a signed NDA in place.

Integrations

Is data secure moving between Bridgit Bench and other software?

All access to Bridgit REST API endpoints require an access key and are secured with TLS. This access key can be regenerated on demand by customers. Learn more about our Open API here.

Integrations with other applications are all opt-in and authenticate via OAuth or other applicable mechanisms required by the third-party application. Integrations can be disabled at any time.

Bridgit Employees

Are Bridgit employee computers secure?

It is mandatory for employee computers to have strong passwords, encrypted disks, firewalls, and, where applicable, inbound and outbound network traffic monitoring and alerting.

View our Platform Terms of Service →

Todd Wynne, CIO at Rogers-O'Brien

“There is a newdawn of workforce management, combining historical and situational data with experience. Bridgit Bench is your foundation to the future.”

Todd Wynne, CIO at Rogers-O’Brien

Workforce intelligence for construction.

Put more time back in your day and make informed decisions.

Talk to an expert