Your Data. Our Responsibility.
ProCatalyst operates inside your environment, which means we take data security as seriously as you do. Every engagement is built on a security framework designed for firms that handle sensitive construction documents, proprietary design standards, and confidential project information.
How We Protect Your Data
Siloed Client Environments on Egnyte
ProCatalyst manages all internal file storage on Egnyte Business, an enterprise content platform built for industries that handle sensitive project data. Every client engagement operates in its own isolated folder structure with granular permission controls. Your project files, BIM models, and documents are never co-mingled with another client's data. Access is restricted to the specific team members assigned to your engagement, enforced by Egnyte's role-based permissions and two-factor authentication. All files are encrypted at rest (AES-256) and in transit (TLS 1.2+). When an engagement ends, your data environment is archived or deleted per your instructions.
Zero Local Storage
No client data is stored on local machines, personal drives, or removable media. All work is performed in cloud-hosted environments with centralized access controls. This eliminates the risk of data loss from hardware theft, device failure, or unauthorized physical access.
Two-Factor Authentication
Every team member with access to client data is required to use two-factor authentication. This applies to all cloud platforms, project management tools, and communication channels used in the engagement.
Encrypted File Transfer
All file transfers between ProCatalyst and client teams occur over encrypted connections. Internal file management runs through Egnyte's encrypted infrastructure. For client-facing collaboration, we work within your existing platforms (BIM360, ACC, Procore, SharePoint, or your preferred project management system) using the security protocols those platforms provide. We do not require you to adopt our tools. We adopt yours.
AI-Powered Email Threat Scanning
All ProCatalyst email accounts are protected by Trustifi, an AI-powered email security platform that provides real-time threat detection across inbound and outbound messages. Trustifi scans for phishing attempts, business email compromise, malware attachments, and social engineering attacks before they reach a team member's inbox. Outbound emails containing sensitive project data are automatically encrypted in transit. The platform runs continuously across all ProCatalyst accounts and is managed centrally by our operations team.
Access Controls and Team Management
Client data access is managed on a need-to-know basis. Only team members actively assigned to your engagement can access your environment. When a team member rotates off a project, their access is revoked immediately. Access logs are maintained and available for review upon request.
Microsoft 365 Security Foundation
ProCatalyst operates on Microsoft 365 Business Premium, which provides enterprise-grade security features including Advanced Threat Protection, data loss prevention policies, and mobile device management. All team communications, file sharing, and collaboration occur within this secured ecosystem.
Four guarantees on every engagement.
No data co-mingling
Your environment is yours alone. Separate from every other client engagement.
No local storage
All work happens in the cloud. Nothing on personal drives or removable media.
Immediate access revocation
When a team member leaves your project, access is removed the same day.
Audit-ready access logs
We maintain access records and can provide them on request.
Bring us your IT questionnaire.
If your firm has specific security requirements, compliance standards, or IT questionnaires that need to be completed before engaging, we are happy to work through them. Many of our clients have internal security review processes and we have completed them successfully across firms of all sizes.