Security built into how the platform works, not bolted on later
Construway manages project data that affects contracts, budgets, and field operations. The right security practices are in place across every workflow — by design.
Multi-factor authentication required for every account
Passwords alone are not sufficient for accounts with access to project finances, schedule data, and team permissions. MFA is required across the board.
Required for all user accounts
Multi-factor authentication is enforced for every user. Access to project data, team settings, and financial information requires a verified identity at each login.
Authenticator-based verification
A short-lived TOTP code from a mobile authenticator app is required in addition to the password. Time-based codes expire in 30 seconds and cannot be reused or intercepted in transit.
Recovery codes at setup
Backup codes are generated during MFA enrollment so account access is never permanently lost if a device is unavailable.
Verified access at every login
Each session is independently verified. This ensures that the people making key decisions on your projects are authenticated before they act.
Your data stays yours — fully separated from every other account
Even on a shared platform, your company's projects, teams, and workflows are only visible to the people you've invited. Nothing crosses between accounts.
Strictly separated by account
Every query is scoped to your organization. No other account on the platform can access your projects, your team, or your data — separation is enforced at the application level on every request.
Project-level roles
Team members are assigned to specific projects with permissions that match their responsibilities. No global access to all company projects.
Module-level access
Within a project, access to cost data, schedules, submittals, and logistics can be granted or restricted independently per user role.
Invite-only access
New users can only join through a direct invitation from an existing administrator. There's no open sign-up or self-registration — you control who gets in.
Key actions are always recorded — automatically, without extra setup
Approvals, status changes, and handoffs are captured as part of the normal workflow. You don't need a dedicated process to know who did what and when.
Submittal review cycles
Each submittal moves through a defined approval workflow. Every review, revision, and approval is recorded with the reviewer identity and timestamp.
Material request lifecycle
Requests carry their full status history — from creation through approval, fulfillment, and delivery — along with who handled each step.
Schedule status snapshots
Task progress and status updates are timestamped, so you can see how the schedule evolved over the course of the project — not just the final state.
