Security & Data Governance Standards

Keep your data secure and meet compliance requirements.

See how we help you keep your data safe and secure by continuing to invest in broad initiatives that don't sacrifice ease of use.

Get the ROI Report

Compliance Certifications


SOC 1 (Type 2)

Report on Fairness—internal control over financial reporting.


SOC 2 (Type 2)

Trust Service Principles—security, availability, processing integrity, confidentiality, and privacy.

NIST logo

NIST 800-171

Standards to safeguard and distribute information that is deemed sensitive.

ISO logo

ISO 27001:2013

Information Security Management System (ISMS) for any kind of digital information. 
Download certificate.


A secure, reliable cloud you can trust.

Our best-in-class security program focuses on safeguarding your data, risk management, and compliance—without compromising productivity. Encryption for data at rest and data in transit for all of our customers.

Illustration of mobile phone connecting to the cloud

Enterprise-grade security built in.

Procore includes a robust set of security and data protection product features that give you the control and flexibility you need to manage your security needs.

  • Configure role-based permissions that enable you to control access to project data
  • Secure authentication and password protection
  • SAML2 SSO, Security Assertion Markup Language (SAML) is a standard protocol used by web browsers to enable Single Sign-On (SSO) through secure tokens
Several construction workers gathered around a tablet

Meet privacy standards.

Procore is committed to helping our customers' meet their data privacy requirements and comply with global privacy standards.

See Privacy Policy
Procore security badge illustration

Layers of security.

All Procore applications are scanned and patched weekly for vulnerabilities, including but not limited to, vulnerabilities identified in the Open Web Application Security Project Top 10.

  • Procore employs countermeasures and technologies to prevent and dissuade attackers
  • Stay up and running with 99.9% uptime for Procore's services.
See System Status
Construction worker looking at iPad

Own your project data.

Own and control the contents of your Procore account(s) and extract data without custom code.

Illustrated lock with screens surrounding representing the security of Procore

Let’s talk about how we can help you build better.

Schedule a personal walkthrough with one of our product experts to see how the #1 construction management platform can keep your business safe.

Request a Demo

How does Procore store customer information?

For documents, photos, and attachments that users upload, Procore leverages Amazon Web Service's (AWS) highly secure data centers, S3 (Amazon Simple Storage Service). Amazon Web Services provides enterprise-class tools that have been proven to be both reliable and secure for today's web-based applications.

What encryption standard does Procore use to protect user data?

Procore employs many of the same data encryption standards, which are widely used by large online banking services. Data at rest is encrypted and stored behind Procore’s firewalls in a secure, private cloud infrastructure. 

How does the Transport Layer Security v1.2 requirement impact users?

Procore's network security architecture relies on the Transport Layer Security TLS v1.2 protocol for ensuring user interaction with Procore over the internet occurs securely without transmissions being vulnerable to outside entities. For data in transit, Procore encrypts data with 256-bit encryption. Data flowing between Procore and the user is encrypted with HTTPS protected by Transport Layer Security (TLS) 1.2. The primary benefit of TLS is the protection of web application data from unauthorized disclosure and modification when it is transmitted between clients (web browsers) and the web application server, and between the web application server and back end or other non-browser based enterprise components.

What is Procore's data backup strategy?

Procore maintains a robust “high-availability” strategy to protect our customers against software problems, hardware failure, and even large-scale natural disasters. Procore maintains several replicas of the application software on each server. All data are copied to off-site storage every 20 minutes. Replication distributes this offline snapshot across the United States. We maintain the software on dozens of servers and remote copies are maintained in different secure data centers. This diversity protects against hardware failure and local service issues.

How is security handled with third-party applications?

Procore employs what many consider the industry standard for API authentication - OAuth 2.0. The OAuth 2.0 authentication framework provides a secure means of authorizing and authenticating access to user data for third-party applications. OAuth 2.0 relies on SSL (Secure Sockets Layer) to ensure data transfer between the web server and browsers remains private and is kept safe. OAuth 2.0 protects Procore user data by providing access without revealing the identity of the user. Third-party applications make requests on behalf of the user without accessing passwords and other sensitive information.

Report a Security Vulnerability

If you believe Procore has a security vulnerability, please contact us right away. In your report, please include a description of the vulnerability and information to reproduce the vulnerability (including browser/OS versions, URLs, etc).

Contact Procore Security