Ex-employee pay-history
Former workers pull their own W-2s, pay stubs, and certified payroll through a secure one-click link. 7-year retention; your payroll inbox goes quiet.
Owner & sub portals
One-click access. No account required.
External portals for owners, subs, board members, alumni, and architects. Tokenized one-click links — no account creation, no password reset support tickets. Every action audit-stamped; every role scoped to exactly what that user needs to see.
Tokenized one-click links
Role-scoped visibility
Email + SMS notifications
Audit-stamped every action
0
Accounts your owners and subs need to create — every link is tokenized
30d
Token expiry that extends on every active use; revoke-on-demand from admin
SSO
Optional Google or Microsoft sign-in for owners and subs who prefer a login over a tokenized link
Audit
Every approve / reject / view / download stamped with timestamp, IP, and user-agent
Owner portal
The page your owner actually opens.
A portal page per project per owner contact: items awaiting their action up top, project health below, monthly reports archived in a clean list. No more "did you get my pay app?" emails — they get one digest a week and a critical-only ping when something needs their attention.
- Inbox-first layout — what needs their action is the first thing they see; everything else is filed away.
- One-click approval — pay app, change order, submittal approval all live in the portal. Approval timestamp + IP recorded.
- Drawing viewer — current set, prior revisions with superseded watermark, RFI threads inline.
- Q&A channel — controlled message thread per project so owner questions don't fragment into 12 emails.
- Monthly report archive — every monthly project report retained, PDF-exportable, downloadable from the archive any time.
Owner approval — Pay App #14
1Email: "Pay App #14 ready for review"→ portal
2G702 cover · G703 continuationPDF + viewer
3Lien waivers attached · 14 subsall current
4Owner clicks Approvetimestamp + IP
5Pay app posts to AR · invoice number issued$487,200
6PM notified · AR aging clock startsnet-30
Sub portal
The bid invite subs don't ignore.
Tokenized one-click links sent directly to a sub estimator's inbox. They land on a clean response page — scope sheet, line pricing, alternates, inclusions / exclusions — without creating an account or remembering a password. Submission is a 90-second flow, not a 30-minute email chain.
- One-click access — token-based; the email recipient can respond without ever logging in.
- Structured line pricing — no more PDFs you have to retype; the leveling sheet builds itself.
- Alternates + inclusions — first-class fields, not freeform text.
- COI & W-9 upload — compliance docs uploaded at response time; admin reviewer queue downstream.
- Re-invite + decline — explicit decline path with reason; you see which subs are full vs. unhappy.
Sub ITB response · Steel City Glass
| Status | When |
|---|---|
| Invited | Mon 9:02 AM |
| Email opened | Mon 9:14 AM |
| Portal opened | Mon 9:18 AM |
| Draft saved | Tue 4:42 PM |
| Submitted | Thu 11:08 AM |
| COI verified | Thu 11:09 AM |
Every action audit-stamped
Token expires 30d after award decision
Permissions & visibility
Different lenses on the same project.
An owner sees pay apps and approvals. An architect sees RFIs and submittals. A board member sees the quarterly packet. An ex-employee sees their own pay history. Same project record underneath; each role scoped to exactly what that user needs and nothing more.
- Read / approve / comment — each role can be one or all three; permissions saved per project per contact.
- Per-document gates — the owner sees the lien waivers; the sub on that job does not see other subs' waivers.
- Time-bound access — board portal links expire at fiscal year-end; alumni access persists for the 7-year retention window then closes automatically.
- IP allowlist (optional) — institutional owners can restrict board portal access to known IP ranges for orgs that require it.
- Export scoped to role — owner exports their items; sub exports only their submission; alumni exports only their own pay history.
Permissions matrix · Westside Tower
| Role | Pay apps | RFIs | Packet |
|---|---|---|---|
| Owner | Approve | Read | — |
| Architect | — | Comment | — |
| Sub (glazing) | Own only | Own only | — |
| Board member | — | — | Read |
| Alumni | — | — | — |
Saved per role, per project
Override individually when needed
Security model
Convenience that doesn't compromise the audit trail.
Tokenized access is convenient, but every action is treated as audit-grade. Tokens are SHA-256 hashed, rotate on a rolling window, can be revoked instantly, and never reveal user identity to a token holder who shouldn't have it.
SHA-256 hashed
We store a one-way hash of every token. The plaintext only exists in the email we sent and in the recipient's inbox.
Rolling 30d expiry
Each active use extends the token's life. A sub who's been silent for 30 days gets a re-invite; an active owner stays signed in.
Revoke from admin
Any token can be revoked from your admin panel with one click. Compromised inbox? Sub left their job? Done.
Full audit trail
Every view, download, approve, reject — timestamped, IP-stamped, user-agent stamped. Exportable for legal review.
Other portal surfaces
The work that used to live in email.
COI & W-9 self-serve
Subs upload renewals through a tokenized page when their COI or W-9 nears expiry. Compliance officer reviews and approves.
RON-ready waiver flow
Conditional / unconditional waivers issued through the portal; Blue Notary RON triggered automatically for states that require it.
Broker quote portal
Brokers upload renewal quotes through a tokenized page; AI parses them and the comparison is ranked before your renewal meeting.
Donation pickup portal
Nonprofits coordinate salvage pickups through a portal. Item list, pickup window, donation receipt — all in one place.
Director Q&A portal
Approved board packets in a controlled distribution portal; engagement tracked at the page level; single-thread Q&A per packet.
See the portal your owner would actually open.
30 minutes. We'll show you the owner approval flow, the sub ITB response, and the permissions matrix on a project of your choice.