Access Control & Security in Velora AI
Velora AI implements enterprise-grade security measures to protect your construction project data and ensure proper access control across your workspace. This guide explains our multi-layered security approach, from workspace-level permissions to project-specific access controls and data encryption.
Why Access Control Matters in Construction
Construction projects involve sensitive information including:
- Financial Data: Budgets, vendor rates, cashflow information
- Project Details: Schedules, delays, safety incidents, RFIs
- Media Assets: Site photos, videos, and documentation
- Contact Information: Vendor details, subcontractor information
- Communication: Call recordings, transcripts, and analysis
Critical Security Requirements:
- Data Isolation: Projects must be properly isolated from unauthorized access
- Role-Based Access: Different team members need different levels of access
- Audit Trail: Track who accessed what data and when
- Compliance: Meet industry standards for data protection and privacy
Security Architecture Overview
Velora AI employs a multi-layered security approach:
┌─────────────────────────────────────────────────────────────┐
│ User Interface Layer │
├─────────────────────────────────────────────────────────────┤
│ Application Security Layer │
│ • Role-based access control │
│ • Project-specific permissions │
│ • UI restrictions and validation │
├─────────────────────────────────────────────────────────────┤
│ Database Security Layer │
│ • Row Level Security (RLS) policies │
│ • Encrypted data storage │
│ • Secure API endpoints │
├─────────────────────────────────────────────────────────────┤
│ Infrastructure Security │
│ • AES-256 encryption │
│ • Secure data transmission │
│ • Regular security audits │
└─────────────────────────────────────────────────────────────┘
Workspace Access Levels
Owner Role
Who: The workspace creator
Access Level: Full administrative control
Capabilities:
- ✅ Complete Workspace Control: Full access to all workspace settings
- ✅ Team Management: Add, remove, and manage all workspace members
- ✅ Project Management: Create, edit, delete, and manage all projects
- ✅ Phone Number Management: Purchase and allocate phone numbers
- ✅ Contacts Management: Add, edit, and manage all contacts
- ✅ Financial Access: View and manage budgets, vendor rates, and cashflow
- ✅ Security Settings: Configure workspace security and access policies
- ✅ Billing & Usage: Access billing information and usage analytics
Admin Role
Who: Users granted administrative privileges by the owner
Access Level: Equivalent to owner (full administrative control)
Capabilities:
- ✅ Complete Workspace Control: Full access to all workspace settings
- ✅ Team Management: Add, remove, and manage all workspace members
- ✅ Project Management: Create, edit, delete, and manage all projects
- ✅ Phone Number Management: Purchase and allocate phone numbers
- ✅ Contacts Management: Add, edit, and manage all contacts
- ✅ Financial Access: View and manage budgets, vendor rates, and cashflow
- ✅ Security Settings: Configure workspace security and access policies
- ✅ Billing & Usage: Access billing information and usage analytics
Note: Admin role has identical capabilities to Owner role, providing full administrative control over the workspace.
Member Role
Who: Regular workspace members with project-specific access
Access Level: Project-specific permissions (view/edit/none)
Capabilities (Based on Project Permissions):
- ✅ Project-Specific Access: Access only to assigned projects
- ✅ Call Alex: Make calls to Alex (if they have edit access to at least one project)
- ✅ Upload Media: Add photos/videos (for projects with edit access)
- ✅ View Updates: Access site updates and project information
- ✅ Team Collaboration: Work with other members on shared projects
Restrictions:
- ❌ No Workspace Administration: Cannot add/remove members or manage workspace settings
- ❌ No Phone Number Management: Cannot purchase or allocate phone numbers
- ❌ No Contacts Management: Cannot add/edit workspace contacts
- ❌ No Financial Management: Cannot access budgets or vendor rates (except cashflow with edit access)
- ❌ No Project Creation: Cannot create new projects
Project-Level Access Control
Permission Levels
View Access
What Members Can Do:
- ✅ View project data and information
- ✅ Access site updates and media
- ✅ View project schedules and tasks
- ✅ See project contacts and team members
- ✅ Access project files and documentation
What Members Cannot Do:
- ❌ Modify project data
- ❌ Add or edit site updates
- ❌ Upload new media
- ❌ Call Alex (requires edit access)
- ❌ Manage project contacts
Edit Access
What Members Can Do:
- ✅ All View Access capabilities
- ✅ Modify project data and information
- ✅ Add and edit site updates
- ✅ Upload photos and videos
- ✅ Call Alex from the apps
- ✅ Manage project contacts
- ✅ Add/edit project schedules and tasks
- ✅ Manage project files
What Members Cannot Do:
- ❌ Delete projects
- ❌ Access financial data (budgets, vendor rates)
- ❌ Manage workspace settings
No Access
What Members Cannot Do:
- ❌ See the project in their project list
- ❌ Access any project data or information
- ❌ View project updates or media
- ❌ Access project contacts or schedules
Database-Level Security
Velora AI implements Row Level Security (RLS) at the database level to ensure data isolation and prevent unauthorized access.
How RLS Works:
- Policy-Based Access: Each database table and storage bucket has security policies that control row access
- User Context: Policies check the authenticated user's workspace membership and project permissions
- Automatic Enforcement: Security is enforced at the database level, regardless of application logic
- Zero Trust: No data is accessible without explicit permission
Privacy Protection
Velora AI uses AES-256 encryption to protect contact sensitive data - phone numbers and email addresses.
Security Best Practices
For Workspace Owners/Admins
1. Role Assignment
- Start Conservative: Begin with Member roles and minimal project access
- Principle of Least Privilege: Only grant access to projects and data that team members need
- Regular Reviews: Periodically review and update member permissions
2. Project Access Management
- Project-Specific Access: Use granular project permissions instead of blanket access
- Permission Updates: Regularly update permissions as team members' roles change
- Access Auditing: Monitor who has access to sensitive projects
3. Security Monitoring
- Member Activity: Regularly review team member activity and access patterns
- Permission Changes: Keep track of permission modifications and their reasons
- Data Access: Monitor access to sensitive financial and contact data
For Team Members
1. Account Security
- Strong Passwords: Use complex passwords with mixed characters
- Secure Access: Only access the system from trusted devices and networks
- Logout: Always log out when finished, especially on shared devices
2. Data Handling
- Authorized Access Only: Only access projects and data you're authorized to view
- No Sharing: Don't share login credentials or access with unauthorized users
- Report Issues: Immediately report any security concerns or unauthorized access
Getting Help with Security
Security Support
- Security Questions: Contact our team at support@velora.ai
- Incident Reporting: Report security incidents immediately
- Best Practices: Consult this guide for security recommendations
Regular Updates
- Security Patches: We regularly update our security measures
- Feature Updates: New security features are announced in our updates
- Documentation: This guide is updated as our security measures evolve
Velora AI is committed to providing enterprise-grade security for your construction project management needs. Our multi-layered approach ensures your data is protected while maintaining the flexibility and collaboration features essential for construction teams.