Built to hold up under scrutiny
When an OSHA inspector or fire marshal asks for documentation, DutyProof records need to be unimpeachable. Here is exactly how they are protected.
How records are protected
The audit log is the product. Every architectural decision reinforces its integrity.
Records are write-once
Every check-in, missed check-in, and escalation event is written once and permanently locked. There is no edit function. There is no delete function. No one — including DutyProof staff — can alter a record after it is created.
Timestamps come from the server, not the device
Check-in times are set by our servers at the moment the event is recorded — not by the worker's phone. This prevents backdating. The time on the record is the time it actually happened.
Delivery receipts are logged
When optional SMS delivery is used, every outbound message includes a carrier delivery receipt stored alongside the check-in record. If an inspector asks whether a message was actually sent and delivered, the receipt is there.
Job site data is fully isolated
Each job site's watch data, personnel, and reports are completely separated at the database level. Administrators at one job site cannot see or access data from another job site, even within the same organization.
Role-based access control
Admin accounts control job site setup, worker assignment, and report access. Supervisor accounts can monitor active watches and receive escalations. Fire watch workers interact only via their check-in link — they never log into the platform.
Encrypted in transit and at rest
All data is transmitted over HTTPS/TLS. Data at rest is encrypted using AES-256. Backups are encrypted. No unencrypted copies of watch data exist anywhere in the system.
What we store
We collect only what is necessary to operate the service and support compliance documentation.
Per fire watch
- ✓Job site name and timezone
- ✓Watch start and end timestamps (server-side)
- ✓Assigned worker name and phone number (if SMS enabled)
- ✓Check-in interval (15 or 30 minutes)
- ✓Every check-in timestamp and GPS coordinates
- ✓SMS delivery receipt for each check-in (when SMS enabled)
- ✓Missed check-in events and escalation timestamps
- ✓Watch end reason and supervisor name
We do not store social security numbers, government-issued ID numbers, or any sensitive personal information beyond what is needed to deliver check-in links. Worker phone numbers, when provided for optional SMS delivery, are used only for check-in link delivery.
Record retention
Records are retained for the life of your account plus 12 months after cancellation — long enough for any open inspection cycle.
| Record type | Retention |
|---|---|
| Watch logs & check-in records | Life of account + 12 months after cancellation |
| PDF compliance reports | Generated on demand, available for life of account + 12 months |
| SMS delivery receipts (when SMS enabled) | Retained with each check-in record |
| Missed check-in & escalation events | Life of account + 12 months after cancellation |
| Account & billing data | Retained per Stripe and legal requirements |
Infrastructure
DutyProof is built on infrastructure providers with their own independent security certifications.
| Component | Provider |
|---|---|
| Database & auth | Supabase (PostgreSQL on AWS) |
| Application hosting | Vercel (edge network, global CDN) |
| SMS delivery (optional) | Twilio |
| Payment processing | Stripe |
| Uptime monitoring | Continuous |
Questions before you commit?
If your compliance team, IT department, or legal counsel has specific questions about data handling, retention, or architecture — we will answer them directly.