Is my project data secure with Bildstak?

Security on sensitive construction programmes is not just a policy question — it is an architecture question. Bildstak's answer is to give you deployment models where project data never has to leave your control:

• Customer VPC — Bildstak runs inside your own cloud account; your data stays within your network boundary.
• On-premise — deployed on your own infrastructure, with no third-party cloud involved.
• Air-gapped — the same product with no outbound connectivity, for programmes where even managed cloud is ruled out.
• Desktop app — local IFC queries on a workstation, offline.
• Embedded SDK — chat and reports embedded in your own application, data stays in your environment.

AI and data use: Bildstak does not train any model on your project data. The AI analyst queries your federated sources to answer your question; it does not use your data to improve models or share information between projects.

Audit trail: Query logs and action logs are available, giving you a record of what was asked and what data was accessed — useful for procurement audits, contract disputes and internal governance.

We do not advertise SOC 2 or ISO 27001 certification at this time. Our position is that verifiable architecture — data stays local, no AI training, audit logs — is more useful than a badge when your project data is commercially sensitive. If you have specific compliance requirements, bring them to the scoping call and we will walk through the deployment model that satisfies them.