Encryption
- - TLS 1.2+ for in-transit traffic between clients and JobsiteOn services
- - Encryption at rest for managed database and storage layers
- - Secure cookie and session handling for auth-protected workflows
Security architecture built for field operations
JobsiteOn secures business-critical workflow data across owner web, owner API, and connected services with layered controls designed for real production usage.
Identity and access
- - Role-based authorization for owner-web and owner-api operations
- - Short-lived token patterns and secure session transport
- - Access restrictions and environment isolation across production services
Platform architecture
- - APIs hosted on Railway with service-level health checks
- - Web applications deployed on Vercel with edge distribution
- - Data services on Neon PostgreSQL and Upstash Redis
Monitoring and response
- - Health endpoint monitoring for critical API services
- - Operational alerts and incident triage procedures
- - Customer communication path for security and reliability incidents
Security contact
To report a security concern, contactsecurity@jobsiteon.com. Include affected environment, timeline, and observed impact so our team can triage quickly.
Last updated: February 2026