Security

Security and reliability

An electrical record describes critical infrastructure, and often who can access it matters as much as what it says. CircuitMap is built accordingly.

Access control

Every user has their own account, and role-based permissions control who can view records and who can change them. Contractor access can be granted for the duration of a job and removed when it ends.

Encryption in transit

All traffic between browsers and CircuitMap is encrypted with TLS, with HTTP Strict Transport Security enforced in production.

Hardened application

The application ships with a strict Content Security Policy, clickjacking protection, and modern security headers throughout. Sessions are validated server-side on every request — the browser is never trusted on its own.

Audit trail

Changes to records are attributable: who changed what, and when. For infrastructure records, provenance is part of the value.

Deployment options

CircuitMap can be deployed on dedicated, single-tenant infrastructure — including options suited to organisations that require their building data isolated from any other customer's.

Backups and recovery

Records and documents are backed up routinely, and deployments are designed for straightforward restoration. Your record survives hardware failure the way it survives staff turnover.

Data ownership and export

Your building data is yours. Records and attached documentation can be exported in standard formats at any time — during the subscription and on the way out.

Responsible disclosure

We take security reports seriously. If you believe you have found a vulnerability, contact us and we will respond promptly.

Our approach

Boring on purpose

Security for a records platform isn't a feature list — it's the discipline of defaults: least privilege, server-side validation everywhere, no surprises in how data is stored or who can reach it. We'd rather this page were unexciting and true than impressive and vague. If your organisation has a security questionnaire or procurement requirements, we're happy to work through them — get in touch via the contact page.

Questions about security?

Request a demonstration and bring your IT or information-security colleagues — we'll answer the hard questions directly.