Skip to main content
DWERK
How it worksPricingAsk VORQON →Start free →

Trust and Security

Operational truth
you can rely on.

DWERK is designed so physical work is not reduced to claims, memory, or backfilled reporting. Every record is structured to hold up — in operations, in billing, and in formal scrutiny.

See verified records →Talk to the team →

100%

Tenant isolation

0

Cross-client data sharing

∞

Append-only records

100%

Role-scoped access

Why Trust Breaks

Physical operations run on
unverifiable claims.

Unverifiable attendance

Staff presence confirmed by registers and calls — not system records.

Unverifiable task claims

Work completion reported verbally or through messages with no proof.

Delayed reporting

Operational data aggregated after the fact — not captured at source.

Message-based ambiguity

WhatsApp and calls create no auditable record of what was said or decided.

Unclear ownership

When something goes wrong — nobody has a record of who was responsible.

Weak evidence

Disputes resolved by memory and seniority — not facts.

The DWERK Trust Model

Six pillars of
operational truth.

Append-only records

Events are written once. Never overwritten. The truth layer is permanent.

Evidence capture

Every event carries geo, time, and media proof at the moment of capture.

Role-scoped visibility

Each role sees exactly what their authority permits — nothing more.

Authority control

Approvals, escalations, and assignments are logged and bounded by role.

Continuity trail

Relievers, handovers, and exceptions are tracked — gaps never disappear.

Exportability

Full operational history exportable for billing, audits, and dispute review.

The Evidence Chain

What a defensible
record contains.

Who

Identified actor — staff, supervisor, or system — with role and assignment.

Where

GPS coordinates captured at the moment of the event.

When

Server-side timestamp — not device clock.

What

Event type, task, shift, or action — structured and categorised.

Proof

Media, selfie, or structured data attached at point of capture.

Action

What was done in response — assignment, escalation, or resolution.

Approval

Who authorised or acknowledged — with timestamp and role.

Record Integrity

Append-only truth.
No exceptions.

Dashboards and reports are projections — derived views of the underlying event stream. The event stream itself is never modified. What was captured is captured permanently.

Events are write-once

No update, edit, or delete operation exists on source event records.

Projections are separate

Dashboard views are derived. The source truth is never the display layer.

Corrections are appended

If something must change, a correction event is added. The original remains.

Tenant isolation

Your operational data is isolated. No cross-client visibility is possible.

Role Boundaries

Every role sees
exactly their scope.

Staff

Their own check-ins, tasks, and shift history only.

Supervisor

Their assigned sites, staff, and open exceptions.

Facility Manager

All sites and vendors under their account.

Vendor Manager

Their own staff and delivery records only.

Finance / CFO

Verified billing summaries and exception reports.

Platform Admin

Configuration only — no operational records outside scope.

Shared Devices and Temporary Access

Practical access without
breaking accountability.

Field operations use shared devices. Supervisors need temporary access to sites outside their normal scope. DWERK handles both — without compromising the accountability of every action taken.

Shared devices

Device identity and user identity are separate. Every action is attributed to the logged-in actor, not the device.

Temporary access

Supervisors and admins can be granted time-bounded access. Access expires. The record of what they did remains.

Temp ID rules

Temporary IDs are admin or supervisor level only. Maximum 48 hours. No permanent elevation.

Full audit trail

Every temporary access grant, action taken, and expiry is logged. Nothing is invisible.

Reporting Defensibility

Every report traceable
to its source.

Attendance summary

Every present, absent, and late — backed by event records.

Verified work records

Proof-backed event logs — exportable for billing and audit.

Exception reports

Every gap, late arrival, missed task — timestamped and traceable.

Billing support

Line-item verified summaries ready for client invoice review.

Dispute exports

Full evidence chain exportable for formal dispute resolution.

Audit history

Complete operational record — downloadable on demand.

What We Don't Claim

Honest about
what we are not yet.

Not claimed: SOC 2 / ISO 27001 certified

We are not yet certified. These audits are planned. We will not claim them until they are complete.

Not claimed: Published uptime SLAs

We do not yet publish formal SLA commitments. We operate with high availability as a design goal, not a contractual guarantee.

Not claimed: Penetration tested

Independent pen testing is planned and not yet completed. Our architecture is designed for security — formal testing is in progress.

Frequently Asked

Questions about
trust and records.

No. Every vendor sees only their own workforce — their staff, their shifts, their records. No vendor can see another vendor’s data. This is enforced at the database level, not by UI filtering.

Your data is yours. You can export everything — attendance records, exception logs, audit trails — at any time, in CSV and PDF format. We do not delete your data without explicit instruction from you.

Only in technical support scenarios, with your explicit knowledge. Routine operations do not require access to your data. Your staff records and attendance history are not visible to DWERK in normal operation.

Every attendance record, exception, and operational event traces back to its source — timestamped, GPS-verified, device-attributed. The record is append-only and cannot be edited after the fact. That’s audit-ready by design.

On Supabase (PostgreSQL) running on AWS infrastructure — the same stack used by thousands of enterprise deployments globally. Your data is not stored on DWERK’s own servers. It lives on production-grade, auditable cloud infrastructure.

Never. Your operational data is used only to operate the DWERK platform for your organization. It is not shared, sold, or used for any other purpose.

Not yet. We are built on infrastructure that supports these certifications and are pursuing formal certification as the platform matures. We will not claim certifications we do not hold. Enterprise buyers with specific compliance requirements are welcome to contact us directly.

Built For Scrutiny

Operational truth,
on record.

Self-serve. No sales call. Full access free for three months.

Start free →See verified records →
Talk to the team →
DWERK

Physical work, verified. Infrastructure for operational proof across enterprise physical operations.

hello@dwerk.io
Product
How it worksMobileConsoleVORQONTraining
Company
AboutBlogGuidePricing
Legal
Privacy PolicyTermsSecurity
© 2026 Dwerk Systems Private Limited
Language: EN · HI · KN