Your data, your terms: Why I built Revizto around data sovereignty
Are you prepared for what’s next in AECO?
I started Revizto in 2012 because I believed the construction industry deserved better than fragmented collaboration. Teams were losing time, money, and trust because the right information wasn't reaching the right people at the right moment.
Fourteen years later, that problem hasn't gone away. But a new one has arrived alongside it, and it's one I feel just as strongly about.
As AI becomes embedded in construction software, your project data is at risk of being used in ways you may not have agreed to nor anticipated. Models are being trained on customer data. Proprietary AI layers are being built on top of your coordination history, your issue logs, your clash data. The vendor benefits. You don't always get a say.
At Revizto, we're going the other direction. Deliberately.
What data sovereignty actually means
It's not a buzzword. It's a principle we've been building toward for years, and it shapes every architecture decision we make.
Your data lives in your instance. We hold certifications that confirm we have robust data controls and protocols in place, so your project information stays yours unless you explicitly share it with us. That means your models, your issues, your coordination history, your client's operational intelligence — none of it is visible to us. None of it is used to train anything. You can read exactly how that works in our AI Manifesto.
That principle does not change with the arrival of AI.
What is changing is how we give you access to your own data. This year we are opening our API, starting with read-only access to object properties and moving toward full model access. The goal is not to build a closed AI system that works on your data behind the scenes. The goal is to give you the keys — so you can connect your data to whatever AI tools your organization has already chosen and approved.
You bring your own AI. You keep your IP. We don't touch it.
Why this matters more than it ever has
I've been watching how the AI wave is moving through the construction technology market. Several platforms are positioning AI as their next major product. Some by aggregating customer data to build proprietary models, some by restricting which tools you can connect to, some by quietly reducing your choices while calling it innovation.
That's not innovation. That's lock-in with better marketing.
The teams who will be most exposed are the ones who don't ask the right questions, either before they sign a new contract or when reaching out to their existing vendors for clarification. Whose AI is this trained on? What happens to my data when I use your AI features? Can I get my data out, and in what format, and how quickly?
Whose AI is this trained on?
What happens to my data when I use your AI features?
Can I get my data out, and in what format, and how quickly?
These are not technical questions. They're partnership questions. And the answers tell you everything about what kind of vendor you're actually dealing with.
The business case for trust
Data sovereignty is not just an ethical position. It's a competitive advantage.
If your coordination data, your clash history, your project intelligence is locked inside a vendor's system, you can't learn from it across projects. You can't build your own tools on top of it. You can't integrate it with your ERP, your procurement system, your facilities management platformYou are permanently dependent on that vendor's roadmap to get value from your own information.
Open APIs change that equation entirely. They turn your project data into an asset you control — one that compounds in value as you build workflows, integrations, and institutional knowledge on top of it.
That's the future we're building toward at Revizto. Not a closed system that does AI to you. An open ecosystem that gives you the foundation to do AI for yourself, on your terms, with your tools, without anyone else benefiting from your IP. That's what the Revizto Collaboration Hub is designed to support — a platform built around your data, your workflows, and your control.
FAQs
Data sovereignty in construction software means that project data, including models, issue logs, clash history, and coordination records, remains exclusively under the control of the organization that created it. It cannot be accessed, shared, or used to train AI models by the software vendor without explicit permission.
Some construction software vendors use customer project data to train proprietary AI models, often without clear disclosure. This means your coordination history, clash data, and operational intelligence may be used to build systems that benefit the vendor commercially, without any corresponding benefit or consent from you.
An open API in construction technology allows project teams to extract and connect their own data to external tools, including AI platforms, ERP systems, procurement software, and digital twins. Without open API access, project data remains locked inside a vendor's system, limiting how teams can learn from it, integrate it, or build on top of it.
Yes. When a construction software platform offers open API access, teams can connect their own approved AI models and agents directly to their project data. This "bring your own AI" approach means the AI comes to the data rather than the data being uploaded into a third-party system. Teams keep full control over which AI tools they use, how their data is processed, and where that processing happens. This is increasingly important for meeting regulatory frameworks like the EU AI Act.
Construction teams can protect their IP by choosing software platforms that hold independent data security certifications, offer open API access so they can connect their own AI tools, and explicitly commit to not using customer data for AI training. It's essential to ask vendors directly: whose AI is this trained on, and what happens to my data? These are questions worth raising before signing any new contract, and revisiting with the vendors already in your stack.
Construction software platforms handling sensitive project data should hold internationally recognized certifications including ISO 27001:2022, ISO 27017, SOC 2 Type 2, and CSA Star Level 1. These certifications provide independent verification that the vendor operates robust data controls, access protocols, and security procedures in line with global standards.
