TRUST · SECURITY

Built for audit-defensible records.

Last updated May 27, 2026
Fire-safety inspections live and die by the integrity of their paper trail. Every part of RedTag-ITM is designed so the records you generate hold up to an AHJ review three years from now.

Encryption in transit + at rest

All traffic to and from the application is HTTPS-only — no plaintext fallback. Stored data lives on managed Postgres with disk-level encryption at rest. Uploaded evidence (photos, signed report PDFs) sits in private Vercel Blob with signed-URL access — your browser never receives a public file URL.

Immutable audit log

Every meaningful action — inspection submitted, deficiency created, report generated, photo uploaded, user invited, signature affixed — writes a row to a structured audit log with the actor, timestamp, IP, and a diff of what changed. Audit rows are never updated or deleted — they're append-only by construction.

Once a tech signs an inspection, the response set + photos + signature become immutable. Subsequent edits create a new revision rather than mutating the original, so AHJ review three years out sees exactly what was captured on inspection day.

Retention floors

Each organization sets a minimum retention floor (default: 7 years, configurable per organization to match OSHA + insurer norms). Inspection records inside the floor cannot be deleted, including by org admins — this is a hard constraint at the data layer, not a UI guard.

Deletion of records outside the retention floor is audit-logged like every other action.

Authentication + access control

Session-based auth with rate-limited login + password reset. Magic-link tokens for customer portal access expire after a configurable window. Role-based access control gates every loader and action: office roles (Admin / Office / Inspector / Technician) see organization-scoped data; portal roles (Customer Admin / Customer Viewer) see only the sites their org permits.

Sub-role escalation cannot happen through the API — it requires an explicit admin action that hits the audit log.

Infrastructure

  • HostingVercel Fluid Compute (US-East, iad1)
  • DatabaseNeon Postgres via Vercel Marketplace (US-East, point-in-time backups)
  • File storageVercel Blob (private, signed-URL access only)
  • Transactional emailResend
  • BillingStripe (we never store card data — Stripe holds it)
  • Error monitoringSentry (with 4xx errors filtered out to reduce noise)

Compliance posture

Formal certifications (SOC 2, ISO 27001) are in progress and we'll publish dated reports as they're issued. We don't claim certifications we don't hold.

For now: the controls above are factually in place and reviewable on request. Email support@redtagitm.com for our current architecture diagram and control matrix if you're doing a vendor security review.

Reporting a vulnerability

Found something? Email support@redtagitm.com with reproduction steps. We acknowledge within one business day and credit researchers in the changelog at their preference.