Security at HandoverPoint
Handover data is commercially sensitive. Specifications, approvals, defect records, and consultant sign-offs sit at the centre of a project. This page sets out, in plain terms, how we protect that data and control who can see it, so a procurement or IT reviewer can assess us without guessing.
We describe what the platform actually does today. Where a protection comes from the cloud platforms we build on, we say so. We do not claim security certifications, uptime guarantees, or data residency promises we cannot back.
How your data is protected
Several layers work together, from the database up to the browser.
Per-company isolation
Every record belongs to a company. Access is scoped by company membership, so one organisation's projects, registers, and documents are never visible to another. The database enforces this with row-level security policies on top of the application checks.
Row-level security in the database
Isolation is not only enforced in the application layer. The Postgres database runs row-level security policies so a query can only return rows the signed-in user is entitled to see, even if application code has a bug.
Encrypted in transit and at rest
Traffic to the platform runs over TLS. Data stored in the database and in file storage is encrypted at rest by the underlying cloud platform. These are platform capabilities we rely on, not certifications we claim.
Full audit trail
Every change to your data is recorded. Each mutation writes an audit entry with who did it, when, and the before-and-after of the fields that changed, so you can trace how a register got to its current state.
Hardened browser headers
The application ships a strict Content-Security-Policy along with HSTS, X-Frame-Options, X-Content-Type-Options, a referrer policy, and a permissions policy, to reduce the surface for common web attacks.
Payments handled by Stripe
Billing runs through Stripe. Card details are entered directly with Stripe and never touch our servers, so we do not store card numbers.
Access control
People sign in through session-based authentication. Once inside, what someone can do is set by their permission tier on each project, not by a single all-or-nothing account level.
Read access and comments. Good for clients and consultants who need visibility without editing the register.
Everything a viewer can do, plus creating and editing register data across the project.
Everything a project manager can do, plus project settings, managing members, and deletes.
Every server action and API route checks the signed-in user's tier before touching data, and each change is written to the audit trail described above.
AI and your documents
When you run an AI feature, extracting samples from a spec or reading a programme, the document is processed server-side through the Anthropic API. Nothing about the AI processing runs in your browser, and the model call happens from our servers, not the client.
AI outputs are stored so you can review, accept, or reject them. Keeping the output means an extraction is not a one-shot black box: you see what the model proposed, and a person decides what goes into the register.
For organisations with stricter requirements, we offer a private AI tier that routes your AI processing through a separate, dedicated configuration. Talk to us if your procurement team needs this for a project.
Your data stays yours
You are not locked in. Registers can be exported to Excel and PDF whenever you need them, whether for a formal handover pack, a client submission, or your own records. Your project data belongs to your organisation.
Questions from your security team?
If your IT or procurement reviewer needs detail beyond this page, we are happy to walk through it. Book a demo and we will bring the answers, or email us directly at hello@handoverpoint.com.au.