Enterprise-Grade Security
Your workers' safety data is sensitive and mission-critical. PeopleSafe is built from the ground up with security, privacy, and compliance at every layer.
Data Protection
Multiple layers of encryption and security controls protect your sensitive safety data at every stage.
Encryption at Rest
All data is encrypted at rest using AES-256 encryption. Your safety records, worker information, and incident reports are never stored in plaintext.
Encryption in Transit
Every connection uses TLS 1.3 encryption. Data moving between your browser, our servers, and third-party services is protected end-to-end.
SOC 2 Compliance Goals
We are actively working toward SOC 2 Type II certification, aligning our security practices with industry-leading standards for data protection.
Audit Logging
Every action is logged with immutable audit trails. Know who accessed what, when, and from where with comprehensive activity tracking.
Secure Infrastructure
Built on world-class cloud infrastructure with automatic scaling, redundancy, and continuous monitoring.
Hosted on Vercel + Convex
Our frontend runs on Vercel's edge network for blazing-fast global performance. Our real-time backend is powered by Convex with automatic scaling and redundancy.
Automatic Backups
Your data is automatically backed up with point-in-time recovery. Convex provides continuous data protection so nothing is ever lost.
99.9% Uptime
Built on infrastructure designed for high availability. Automatic failover, load balancing, and redundant systems keep PeopleSafe running when you need it most.
DDoS Protection
Enterprise-grade DDoS mitigation through Vercel's edge network. Automatic threat detection and traffic filtering protect against malicious attacks.
Granular Access Controls
Every user gets exactly the access they need, nothing more. Our role-based system ensures complete data isolation and least-privilege access across your organization.
Role-Based Access Control
69 granular permissions across 16 domains. From employees to super-admins, every user sees only what they need.
Multi-Tenant Isolation
Complete data isolation between organizations. Every query is scoped to your company, ensuring no cross-tenant data leakage.
Clerk Authentication
Enterprise-grade authentication powered by Clerk. Multi-factor authentication, SSO support, and secure session management built in.
Compliance & Privacy
Purpose-built for safety compliance with OSHA requirements and privacy regulations baked into every feature.
OSHA Data Handling
Purpose-built for OSHA compliance. Forms 300, 300A, and 301 are generated with proper data handling, 7-day recording rules, and year-boundary separation.
Privacy-Protected Records
Sensitive incident types (sexual assault, HIV, mental illness, needle sticks) are automatically labeled as 'Privacy Case' per OSHA guidelines.
Data Retention Policies
Configurable retention with soft-delete patterns. Deleted records are recoverable for 30 days, then permanently purged per your compliance requirements.
GDPR & Privacy Rights
Built-in account deletion request handling with automatic fulfillment. Workers and users can request full data deletion with tracked compliance timelines.
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a potential security issue, we encourage you to report it responsibly.
How to Report a Vulnerability
- Email us at security@peoplesafe.co with details of the vulnerability
- Include steps to reproduce the issue if possible
- Allow reasonable time for us to investigate and respond
- Do not publicly disclose the issue before we have addressed it
- Do not access or modify other users' data during testing
We commit to acknowledging reports within 48 hours and providing regular updates on our investigation.