We build software that protects your data — we don't make money off the data itself. Below is an honest account of how DeBe Corporation handles, isolates, and secures your information across CHERP and SiteComm, and what compliance work is in place versus on the roadmap.
Not your jobsite records. Not your crew's hours. Not who reached out on a rough day. Our business is selling software that serves your operation — not brokering the information you put into it. We don't sell it, rent it, or hand it to advertisers.
In CHERP, each customer's data lives in its own isolated database — yours, walled off from everyone else's. In SiteComm, the network is worker-owned: there are no third-party ad or tracking SDKs on the screens that touch support, and a rough day is never turned into a data product. The only thing we're in the business of selling is the solution.
Each CHERP customer runs on its own isolated database with a branded app. Data does not commingle across tenants — the foundation for enterprise and federal data governance.
SiteComm's community is owned by the people in it. Support-related activity is consent-gated and owner-controlled — you choose what's collected and who sees it, and you can delete it. No ad or analytics SDKs run on those screens.
Per-artifact ownership-residency with reverse-chain causal attribution. Every record — task, timecard, JSA, MRO — has an owner and a traceable history (USPTO Ref. 591158846).
A server-authoritative event log records what happened, by whom, and when. Audit-ready logs and PDF/CSV exports are available across the platform.
PIN resolves to a real authenticated session. No third-party login — credentials and sessions stay inside the customer's own environment.
We are actively working toward formal compliance for security-sensitive and CUI-handling deployments. These items are in progress, not yet certified — we will only describe a control as implemented once there is verified evidence on file.
Aligning to the SOC 2 Trust Services Criteria — security, availability, and confidentiality — with the policies, controls, and evidence collection a Type II examination requires.
Hardening toward NIST SP 800-171 alignment for CUI-handling deployments — hardened row-level security, formal RBAC mapped to the 7-rank hierarchy, administrator MFA, and documented SSP & POA&M.
Multi-factor authentication for administrative access to customer environments.
A documented System Security Plan and Plan of Action & Milestones, maintained as the program matures.
Enterprise governance, CUI handling, SOC 2, or a specific framework — let's scope what your deployment needs.
Request a Conversation →