Protecting customer data is fundamental to HazardCo. We’ve built HazardCo around strong, practical security controls that safeguard information every day, backed by continuous monitoring, regular maintenance, and external review. Just as importantly, HazardCo has never been compromised in the 19 years we’ve been operating, reflecting the strength and reliability of our current security practices.
A Security-First Platform, Built for Real-World Use
Security only works when people can actually use it. HazardCo supports teams working onsite where speed and simplicity matter, so our approach balances strong cybersecurity with an experience that promotes adoption and ongoing compliance.
Encryption: Protecting Data in Transit and at Rest
HazardCo uses industry-standard encryption to protect data throughout its lifecycle:
In transit: All data is encrypted using TLS 1.2 or higher between clients and our servers.
At rest: Customer data is securely stored on our backend infrastructure with encryption applied.
Mobile devices: During the upload process, images may be temporarily cached, and this cache is automatically cleared after a successful transfer.
Strong Authentication and Access Management
HazardCo uses modern authentication standards and access controls designed to limit risk and prevent unauthorised access:
Modern authentication protocols: HazardCo uses OAuth 2.0 and OpenID Connect, with support for federated identity providers where required.
Strong passwords: We require strong passwords and encourage regular updates.
Monitoring for suspicious access: We monitor for unusual login activity, including logins from unfamiliar devices or locations.
Role-based access control (RBAC): Users only see what they need, based on their role and permission tier.
Least privilege by design: We enforce the principle of least privilege through scoped access tokens, reducing exposure even when access is granted.
Data Protection and Governance
HazardCo applies clear controls around how customer data is stored, handled, and retained:
No unauthorised backups: Customer data is not backed up or stored in personal cloud accounts.
Controlled export: Data export is managed through our integrations system to maintain oversight and security.
Retention aligned to customer relationships: Data is retained during the active relationship, and secure deletion processes are available on request.
Regulatory compliance: Some aggregated or non-personal data may be retained to meet legal or regulatory obligations.
Lawful handling: Data is managed in line with applicable laws and regulations, with transparent communication about retention requirements.
Continuous Maintenance, Monitoring, and Rapid Response
HazardCo follows a continuous improvement model to keep the platform secure and resilient:
Regular releases and upgrades: We maintain frequent updates with proactive security patching and enhancements.
Ongoing vulnerability monitoring: We actively monitor for vulnerabilities and respond rapidly when issues are identified.
Real-time performance and reliability monitoring: Our systems detect errors quickly and help prevent widespread impact.
Automated crash reporting and error detection: Issues are identified and resolved fast, often before customers notice them.
Carefully Selected Third-Party Tools
We use trusted third-party services to improve product security, stability, and usability:
Sentry.io – Security & performance monitoring: Provides real-time error and crash detection, and monitors application health across platforms, supporting rapid response to potential issues.
Amplitude – Product analytics: Tracks anonymised usage patterns and feature adoption to help identify user experience issues and reliability improvements.
These tools help us proactively identify and resolve problems, often before customers are affected, while continuously improving the platform based on real-world usage patterns.
A Clear Commitment to Security and Privacy
Your trust matters. HazardCo is actively maintained and reviewed for cybersecurity compliance, with strong encryption, modern authentication, access controls, continuous monitoring, and regular security updates.
We want to clearly reaffirm: HazardCo is a secure platform, and we’re confident that continued use of HazardCo does not present an undue cybersecurity risk to you or your sub-contractors.
What You Can Do to Further Improve Security
Security is strongest when the platform and users work together. We recommend:
Use strong, unique passwords for each service
Keep devices and apps updated with the latest security patches
Enable device-level protection such as PINs or biometrics
Use trusted antivirus software
Avoid accessing HazardCo via public Wi-Fi without a VPN