Security

Updated July 5, 2026

Trust Center

A practical overview of how Pricemark protects construction quoting data, customer workspaces, and AI-assisted quote workflows.

Security posture

Pricemark is designed for business quote data: project descriptions, measurements, line items, uploaded PDFs, price lists, assumptions, and exported quotes. Our security work focuses on keeping that data private, traceable, and available to the right users.

This page describes Pricemark’s current public posture. It is not a certification claim. If you need a security questionnaire or vendor review, contact us through the contact page.

Core controls

  • Encryption in transit for supported web traffic.
  • Workspace-based access controls and least-privilege production access.
  • Logical separation of customer data.
  • Operational logging for security, reliability, and abuse investigation.
  • Backups and recovery processes appropriate to the service tier.
  • Vendor review for providers that process customer data.

AI data handling

Pricemark uses customer content to generate the requested quote workflow. Customer content is not used to train general-purpose AI models unless a customer gives explicit written permission or an agreement says otherwise.

Generated quotes should always be reviewed by a qualified person before they are sent to a customer or used as a commercial commitment.

Secure product operation

  • Changes are reviewed and tested before release.
  • Production access is limited to authorized personnel.
  • Security-relevant events are investigated and remediated based on severity.
  • Dependencies and infrastructure are maintained with security updates as part of normal engineering work.

Incident response

If we identify a security incident affecting customer data, we will investigate, take steps to contain and remediate it, and notify affected customers where required by law or agreement.

Responsible disclosure

If you believe you found a vulnerability in Pricemark, contact us through the contact page with enough detail to reproduce and validate the issue. Do not access, modify, or exfiltrate customer data.