Floor plans
Encrypted at rest. Short-lived signed URLs. Rendered client-side.
BIM models
IFC / Revit / glTF parsed in a sandboxed worker with no network egress.
Racks & cables
Workspace-scoped database rows with RLS enforcement.
Cameras
Device metadata only. Video frames proxied with short-lived per-user tokens.
Telemetry
Per-workspace partitions. Configurable retention. No cross-tenant aggregation.
AI access
Twin Analyst inherits the user's RLS scope. Cannot read across workspaces.
What the Digital Twin holds
The TrackProject Digital Twin stores 2D floor plans, 3D and BIM models, rack and infrastructure layouts, equipment placements, camera positions, environmental sensors and time-series telemetry samples linked to the parent project and workspace.
Tenant isolation
Every Twin record carries a workspace_id and is protected by RLS. Storage paths embed the workspace identifier; signed URLs are short-lived and scoped to a single asset. There is no shared cache, shared mesh index or shared BIM cache between workspaces.
Floor plans & drawings
PDF and image floor plans are stored encrypted at rest, served via short-lived signed URLs and rendered client-side. Annotation layers and pin placements are scoped per project; signed URLs expire within minutes.
BIM & 3D models
IFC, Revit exports, glTF and proprietary mesh files are encrypted at rest, fetched on demand and decoded in the browser. Model parsing runs in a sandboxed worker with no network egress.
Rack layouts & infrastructure
Rack frames, U-positions, PDU loadings, cable trays and patch records are stored as workspace-scoped database rows with RLS enforcement. Generated SVG diagrams are rendered client-side from these rows.
Cameras
Camera metadata is stored as device records — TrackProject does not host video footage by default. Optional live-view bridges proxy frames using short-lived, per-user tokens and do not persist frames server-side. Recording integrations operate Customer-side.
Telemetry
Telemetry samples (temperature, humidity, power, status, vibration, leak) are written into a per-workspace partition. Retention is configurable per Customer. Aggregations never cross workspace boundaries.
Asset locations
Asset coordinates within a building, site or rack are workspace-scoped operational data. Geolocation outside controlled facilities is processed only when the Customer explicitly enables location tracking, with consent obtained by the Customer.
Access permissions
Twin views inherit project and workspace RBAC. Sensitive layers (security cameras, M&E rooms, restricted areas) can be hidden from specific roles. Client-portal users see a reduced Twin scoped to their delivery scope.
AI processing of Twin data
The Twin Analyst inherits the calling User's RLS scope. AI cannot query Twin data from another workspace, cannot exfiltrate raw model files and cannot stream video footage. AI prompts referencing Twin assets are logged with the asset identifiers consulted.
IoT data handling
IoT and BMS connectors authenticate with rotating mTLS certificates. Telemetry is written to per-workspace partitions and exposed through RLS-scoped queries. Edge gateways do not have direct database access.
Deletion & export
Workspace administrators can export the full Twin dataset (drawings, placements, telemetry) in machine-readable formats and request deletion via the standard data-rights workflow.