Mastt Logo
About
Products
Three black star shapes of varying sizes on a gradient blue and green background.
Agent
New
AI Agent built for project teams
Mastt Platform
Capital project & program management
Agentic AI
White four-pointed star-shaped sparkle icon on a dark blue-gray background.
Ask
Chat with your AI Agent in real-time
A simple white robot head icon with two eyes and an antenna on a dark background.
Agent
Delegate work by email, let your Agent handle the rest
Minimalist white icon of three vertical lines and a diagonal line resembling a stylized book.
Knowledge
Put your company's know-how behind every task
Three white rounded rectangles arranged in a grid on a dark blue background.
Templates
AI drafts in your templates and branded
Two interlinked chain links forming a diagonal connection on a dark gray background.
Workflows
Automate repeatable project tasks across the platform
Microsoft Windows logo with four blue squares arranged in a 2x2 grid on a black background.
Platform Overview
Three black star shapes of varying sizes on a gradient blue and green background.
Agent
New
AI Agents built for project teams
Mastt Platform
Capital project & program management
The Platform
Platform Overview
Unified platform for construction project management
Project
Core workspace to manage a single project
Documents
All your files in neat folders, with AI chat
Program
Automated roll-up of data from all projects
Dashboard
Live visual reporting across all project data
Cost
Manage budgets, contracts, payments & forecasting
Risk
Track risks, issues, and mitigation actions
Schedule
Set timelines, milestones, and track delivery
Microsoft Windows logo with four blue squares arranged in a 2x2 grid on a black background.
Platform Overview
Contact Sales
Product Tour
Who We Serve
Business Types
Project Owners
Control capital project outcomes with trusted oversight
Real Estate Developers
Manage your entire portfolio with confidence
Project Management Consultant
Run professional projects from a single platform
Owner's Representative
Streamline reporting and keep every project on track
Use Cases
Project ControlsContract Management
AI Use Cases
AI AssistantAI Document AnalysisAI Contract ReviewAI Payment Review
Industries
Aviation
Education
Energy
Healthcare
Industrial
Infrastructure
Public Works
Retail
Utilities
See All Industries
Contact Sales
Product Tour
Pricing
Customers
Resources
Learn
Free Templates
Download free tools, guides, checklists, plans and more
Dashboard Examples
Download free dashboards & reports
Articles
Learn about Construction Project Management best practices
Topics
Full guides on the important topics around construction management
Webinars
Watch ConTech in action
SUPPORT
FAQs
Get answers for common questions
Get Help
Expert coaching, technical support and guidance
Trust Center
Learn how we protect your data and privacy.
Latest Webinar
AI Disruptors Changing Project Cost Reporting Forever

March 26, 2026

AI Disruptors Changing Project Cost Reporting Forever
Contact Sales
Product Tour
Log In
Australia / APAC
North America Region
MENA
Rest of World
Log InSee Product Tour
02 9133 4355
Talk to Sales
|
Log In
Australia / APAC
North America Region
MENA
Rest of World
Start for Free
Mobile Menu Icon
Trust Center
Onboarding
Privacy
SecurityWebsite Privacy PolicySoftware Privacy PolicyCookie Policy
Legal
Subscription TermsEnterprise Terms & ConditionsMastt Acceptable Use PolicyService Level AgreementAI Product Terms
Agent
Data PrivacyCyber Security
Company
Trademark
Book a meeting

Mastt AI — Cyber Security Overview

Last updated: 29 June 2026 · For customer and security-review use

Mastt AI turns meeting transcripts and email into structured minutes, tasks and actions for construction owner's representatives. This one-pager summarises how we protect customer data.

Hosting & infrastructure

  • Hosted entirely on Microsoft Azure in a United States region. No customer data is stored or processed outside this region by us.
  • Compute runs on Azure Container Apps; structured data on Azure Database for PostgreSQL (Flexible Server); uploaded files on Azure Blob Storage.
  • We inherit Azure's physical, network and platform controls. Azure itself is independently certified (SOC 1/2/3, ISO 27001/27017/27018, and others); these underpin our infrastructure layer.
  • Infrastructure is defined in code and built from a hardened container image that contains no embedded secrets or credentials.

Encryption

  • In transit: all connections are served over HTTPS/TLS (1.2+). Plain-HTTP traffic is redirected to HTTPS. Connections to the database and to Azure Blob Storage are TLS-encrypted.
  • At rest: all stored data — database and file storage — is encrypted using Azure-managed AES-256 encryption.
  • Application-layer: third-party integration credentials (OAuth tokens) are additionally sealed with AES-256-GCM before storage, with a unique initialisation vector per record and authentication-tag verification on read.

Identity & access control

  • Authentication is handled by a maintained auth framework. Passwords are salted and hashed one-way; a minimum length is enforced and plaintext passwords are never stored.
  • Sessions use HTTP-only, secure, SameSite cookies, expire after 30 days and refresh daily.
  • Role-based access control (owner / admin / member) is enforced server-side.
  • Every authenticated route and server action passes through a single authorisation gate, so access checks are applied uniformly rather than per-endpoint.

Tenant data isolation

  • Multi-tenant architecture with row-level isolation by organisation. Every record is scoped to an organisation ID, and queries are filtered by the authenticated user's organisation on the server — a user cannot read or write another organisation's data.

Application security

  • SQL injection: all database access uses parameterised queries via an ORM; no string-concatenated SQL.
  • Cross-site scripting: user-supplied content is escaped and rendered through a tag/URL allowlist (rejecting javascript:, data: and similar schemes).
  • OAuth integration flows use signed state with constant-time signature verification to prevent forgery and CSRF.
  • Secrets (API keys, signing keys) are supplied via environment configuration, never committed to source control or baked into images.
  • Code is linted and type-checked in CI on every change.

Resilience & backups

  • Azure Database for PostgreSQL provides automated backups with point-in-time restore, managed and geo-redundant within the US region per Azure's service configuration.
  • Uploaded files are stored with Azure Blob Storage's built-in durability and redundancy.

AI / LLM processing

  • Assistant and minutes/task generation call Anthropic's Claude API directly (current models: Claude Sonnet 4.6 and Claude Opus 4.7). Available models will update in line with Anthropic releases.
  • Document semantic search uses Google's Gemini API directly to embed uploaded PDF pages and images, and to read (OCR) scanned PDFs. This runs only when enabled; without it, search falls back to keyword matching.
  • Both are called over TLS with no third-party AI gateway or proxy. Neither Anthropic nor Google trains its models on the inputs or outputs of these API calls.
  • See the Data Privacy Overview for exactly what data is sent to each model.

Monitoring & change management

  • Application audit logging records key state changes (who did what, to which record). Platform diagnostics and logs are available through Azure.
  • Changes ship through version control with peer review and automated checks.
  • We run internal security reviews of the codebase and remediate findings on a risk-prioritised basis.

Security contact: security@mastt.com · Report a vulnerability to the same address.

Mastt Logo

Solutions

Project OwnersReal Estate DevelopersProject Management ConsultantsSmall BusinessesGovernmentOwners Representative

Product

ProjectProgramDashboardCostRiskScheduleDocumentsAskAgentWorkflowsKnowledgeTemplatesAll Features

Industries

Aviation
Education
Energy
Healthcare
Industrial
Infrastructure
Public Works
Retail
Utilities
All Industries

Customers

Featured CustomerSuccess Stories

Compare

Mastt vs ProcoreMastt vs KahuaMastt vs InEightMastt vs AconexMastt vs iTWOcx

Resources

ArticlesTopicsGlossaryResearchFAQContributorsEditorial ProcessFree TemplatesWebinarsProject Management FirmsRisksHelp Pages

Company

AboutAboutTeamContact UsCareersWebsite Privacy PolicyLegalSecurity
© Copyright 2026 Mastt.
Be part of our community
LinkedIn Icon