User authentication is performed over HTTPS. Passwords are salted and hashed and never stored in plain text format. Users may also enable multi-factor authentication and use SAML 2 based single sign-on through a linked Autodesk, Procore, or Oracle Aconex account.
Encryption
Data is encrypted in flight via SSL/TLS with 2048-bit keys, and at rest with AES 256 encryption.
Vulnerability Detection
Server traffic and logs are monitored for suspicious anomalies. Additionally, an independent third party runs automated vulnerability detection continuously to detect new risks.
Antivirus & OS Security Patching
All servers are equipped with antivirus software, and operating systems are updated weekly.
Change Control Management
All code changes are audited and approved before being merged. New releases are approved before deployment, and full changesets are logged.
Penetration Testing
Reconstruct conducts annual penetration testing of our network and applications, both on web and mobile.
Access and Activity Logging
User login events and other actions are tracked in our database. Server and network logs are also monitored and retained for 30 days before long-term archive.
