Your drawings, protected at every layer
Construction drawing sets are sensitive intellectual property. Clash Nexus AI is built so your documents stay private to your team — isolated, encrypted, access-controlled, and monitored from upload through report.
Tenant isolation
Every project, drawing, and finding is scoped to your workspace. API requests are authorized against your workspace on each call, and storage access is verified to belong to your tenant before any file is served — so one customer's drawings are never reachable by another.
Encrypted storage
Drawings are stored in managed object storage with encryption at rest. Private files are never publicly mounted in production — they are reachable only through short-lived signed URLs issued to authorized users.
Signed-URL access
Access to a drawing or report is granted through a time-limited signed URL tied to the requesting user's workspace. Links expire, and paths outside your project are rejected before a URL is ever minted.
Validated uploads
Uploads are checked server-side: PDF-only by file signature (not just file name), per-file size limits, and a strict check that each committed file lands inside your own project folder. Spoofed or out-of-scope files are rejected on arrival.
Locked-down CORS
In production the API accepts requests only from our exact domains — no wildcard preview origins. Credentialed cross-origin requests from unknown sites are refused.
Security headers
Responses carry a hardened header set — HSTS, frame-denial, content-type protection, a strict referrer policy, and a Content-Security-Policy — reducing the surface for clickjacking, MIME sniffing, and injection.
Audit logging
Key actions — uploads, project creation, report exports, and administrative changes — are recorded with the acting user and timestamp, giving a traceable history of who did what.
Least-privilege access
Sensitive operations are permission-gated, administrative surfaces require elevated access, and we avoid shipping user PII to third-party monitoring.
Continuous monitoring
Application errors are captured and monitored in real time so issues are detected and resolved quickly, before they affect your coordination work.
Responsible disclosure
We take security seriously and welcome reports from researchers. If you believe you've found a vulnerability, please contact us so we can investigate and address it promptly. We're continually hardening the platform as we grow.
Contact our teamThis page describes controls currently in place and is provided for transparency; it is not a contractual commitment or a substitute for a formal security review.
