Data Protection

Your data is yours.

We build software that protects your data — we don't make money off the data itself. Below is an honest account of how DeBe Corporation handles, isolates, and secures your information across CHERP and SiteComm, and what compliance work is in place versus on the roadmap.

The promise that comes first

We never sell your data.

Not your jobsite records. Not your crew's hours. Not who reached out on a rough day. Our business is selling software that serves your operation — not brokering the information you put into it. We don't sell it, rent it, or hand it to advertisers.

In CHERP, each customer's data lives in its own isolated database — yours, walled off from everyone else's. In SiteComm, the network is worker-owned: there are no third-party ad or tracking SDKs on the screens that touch support, and a rough day is never turned into a data product. The only thing we're in the business of selling is the solution.

In Place Today

Data governance that's live now.

Per-Customer Isolation

Live

Each CHERP customer runs on its own isolated database with a branded app. Data does not commingle across tenants — the foundation for enterprise and federal data governance.

Worker-Owned Privacy (SiteComm)

Live

SiteComm's community is owned by the people in it. Support-related activity is consent-gated and owner-controlled — you choose what's collected and who sees it, and you can delete it. No ad or analytics SDKs run on those screens.

Ownership Tracing

Live · Patent Pending

Per-artifact ownership-residency with reverse-chain causal attribution. Every record — task, timecard, JSA, MRO — has an owner and a traceable history (USPTO Ref. 591158846).

Event-Sourced Audit Trail

Live

A server-authoritative event log records what happened, by whom, and when. Audit-ready logs and PDF/CSV exports are available across the platform.

Proprietary Authentication

Live

PIN resolves to a real authenticated session. No third-party login — credentials and sessions stay inside the customer's own environment.

Compliance

SOC 2 & NIST 800-171 — in progress.

We are actively working toward formal compliance for security-sensitive and CUI-handling deployments. These items are in progress, not yet certified — we will only describe a control as implemented once there is verified evidence on file.

SOC 2

In Progress

Aligning to the SOC 2 Trust Services Criteria — security, availability, and confidentiality — with the policies, controls, and evidence collection a Type II examination requires.

NIST SP 800-171

In Progress

Hardening toward NIST SP 800-171 alignment for CUI-handling deployments — hardened row-level security, formal RBAC mapped to the 7-rank hierarchy, administrator MFA, and documented SSP & POA&M.

Administrator MFA

In Progress

Multi-factor authentication for administrative access to customer environments.

SSP & POA&M Documentation

In Progress

A documented System Security Plan and Plan of Action & Milestones, maintained as the program matures.

Vendor Status

Registered and aligned.

SAM.gov Registered Vendor
UEI: DXZKPS2YAVV3
Mandate Alignment
BINP-Aligned
Our standard: DeBe Corporation does not overstate compliance. A capability is described as implemented only when there is verified evidence on file; everything else is labeled In Progress or Planned. For deployment-specific documentation, reach out and we'll share what applies to your environment.

Talk to us about your requirements.

Enterprise governance, CUI handling, SOC 2, or a specific framework — let's scope what your deployment needs.

Request a Conversation →