Cloud datacentre security
12Build's production infrastructure is hosted on Amazon Web Services, located in Frankfurt, as our primary Infrastructure as a Service (IaaS) provider. In addition to AWS's extensive list of security and privacy certifications, 12Build also implements and confirms its own policies and practices to secure your data.
12Build services run primarily as controlled containers. 12Build's policies and standards also govern the management of our container infrastructure.
Temporary log in.
When logging in, from now on there will be a checkbox "Stay logged in". When checked, you will be logged out only after 7 days of inactivity. If not, you automatically log out immediately after closing the browser. (Previously, users who did not actively log out were automatically logged out only after 7 days).
Data is encrypted, both at rest and in transit, using industry-leading encryption standards. 12Build uses a top-level disaster recovery environment to control protected information.
You will receive an email notification when changes are made to your login details, email address or two-step verification. You will also receive an email when you log in from a device or location you have not previously logged in to before.
An additional organisation unit has been created for 12Build employees who manage critical data. The organisation unit '12B High Security' will be applied to these users. Several additional mobile device management rules, such as longer account password, mandatory MFA, and strong password option on mobile will apply to this organisation unit.
Business continuity and disaster recovery
12Build has a Business Continuity Policy, which requires that the Business Continuity Plan (BCP). Tests and procedures are updated and implemented at least annually. In addition to backups, we also use an air-gapped disaster recovery environment.
A message is displayed for construction specialist contacts, if this user has not yet been approved by the relevant construction specialist.
Users have the option of downloading an overview of all historical sessions. This shows, when you are logged in and by which method (username + password or SSO).
Bug bounty programme
12Build operates a bug bounty programme that enables a large pool of security researchers to test our platform on an ongoing basis.
12Build contracts with leading penetration testing vendors to subject our production architecture to more detailed and formal testing at least once a year.
Single sign-on (SSO)
When a user connects to 12Build, they use a web browser over an enhanced Transport Layer Security (TLS) 1.2 or higher connection. The 12Build platform supports federated access via SSO by enabling any number of Identity Providers (IdP).
Security starts with the people 12Build employs. We conduct security briefings with all new employees and also have an active awareness programme throughout the year.
Privacy is essential to our customers and we take this very seriously. 12Build does not sell, share or export your data to third parties that we collect by using our platform for our own purposes. We only provide data to our sub-processors to support the processing of your data as set out in your customer agreement.
We make regular backups of your data. Relational databases in AWS RDS are used to store this data. A replica contains exactly the same data as a master and should be able to be used to replace the master in case of failure. A master and replica instance should always be spread across different availability zones.
Transparent system status
12Build continuously monitors uptime and makes system status public. View system status.
ISO/IEC 27001 outlines and provides the requirements for an information security management system (ISMS), specifies a set of best practices and describes the security controls that can help manage information risks.
12Build is ISO 27001 certified.
Connecting construction partners based on their expertise and more efficient online collaboration.
Our solutionsProcurement process Premium Profile
Our partners12Build Ecosystem Become a partner
SecurityOverview Data protection Policy