Trust & data security
Your site data, kept safe — and always yours.
The questions a serious builder asks before rolling software across every site: where data lives, how it's protected, who can see it, and what happens when you leave. Here are the straight answers.
How your data is protected
SiteLive runs on managed, enterprise-grade cloud infrastructure. Your data is encrypted in transit and at rest, with automated backups so nothing is lost.
- Encryption in transit (TLS) and at rest
- Managed cloud hosting with automated, regular backups
- Each site and organisation is isolated at the database level
Access & accountability
People only see the sites they're on. Roles control what each person can do, and every meaningful change is written to an immutable activity trail.
- Role-based access — admin, editor and view permissions
- Per-site staff scoping; invited subbies see only what they're given
- Full audit trail of who changed what, and when
Sign-in & identity
Use email and password or Google out of the box. Enterprises can connect their own identity provider with SAML single sign-on.
- Email/password and Google sign-in included
- SAML SSO available for enterprise rollouts (Okta, Entra ID, OneLogin)
- Leaked-password protection on sign-up and password changes
Data ownership & exit
You own your data — we never sell it and never use it to train third-party AI. You can export it for free at any time while your account is active.
- Free self-serve export, any time, while active
- Downgrade never deletes files — over-quota sites go read-only, not erased
- Construction records are kept; we never auto-delete for being over a limit
Single sign-on
Sign in with the identity you already trust.
Everyone starts with email/password or Google out of the box. For larger rollouts, connect your own identity provider with SAML single sign-on — so access follows your existing joiner/leaver process, not a separate password list.
- SAML 2.0 SSO for enterprise rollouts (Okta, Microsoft Entra ID, OneLogin)
- Email/password and Google sign-in included on every plan
- Central control — provisioning and de-provisioning through your IdP
- Leaked-password protection on sign-up and password changes
If you ever leave
A fair, predictable exit — never a hostage situation.
Construction records have to outlast a subscription. Here's exactly what happens to your data after you cancel — and you stay in control the whole way.
Your full archive is kept ready. One click reactivates everything — nothing lost.
Data moves to lower-cost cold storage. Still recoverable on request, free.
Your choice: keep it on a small archive plan, or it's deleted on a published schedule — always with warning first.
Want a clean break? Our optional Clean Exit service packages your full archive, hands it over, then permanently erases your data from our systems and backups — in writing.
Where we stand today
- Encryption in transit and at rest
- Per-site / per-organisation data isolation
- Full, immutable audit trail
- Role-based access control & SSO
- You own your data — never sold, never used to train third-party AI
- Governed by Australian law; Australian Consumer Law applies
On the roadmap
- Formal SOC 2 Type II attestation
- ISO 27001 certification
- Published security whitepaper & sub-processor list
Running a formal procurement or security review? We'll work through your questionnaire with you. Get in touch.
Roll it out with confidence.
Talk to us about an enterprise rollout, SSO, or a security review — we'll give you straight answers and the detail your team needs.