Rivet collects, verifies, and continuously re-verifies every insurance certificate, license, and safety document your subcontractors need — and tells you exactly what's wrong and who's about to lapse, weeks before it becomes a site problem.
No credit card required to try it out.
Not a document dump — a system that actively checks what it's holding against what your projects require.
Every insurance certificate, license, bond, safety record, and permit a subcontractor needs — tracked against a taxonomy of 50+ document types across 8 categories, not a generic checklist.
Every document is checked against entity match, date validity, coverage limits, and required endorsements — named individually, so you know exactly why something failed, never just "flagged."
A cadence of alerts starting 45+ days out, escalating from the subcontractor's office to their principal to your team — so a lapse is a Tuesday-morning email, not a Friday-afternoon site shutdown.
One compliance profile, uploaded once, that follows a subcontractor to every connected general contractor — instead of re-submitting the same COI to five different inboxes.
Structurally append-only — every upload, verification, override, and alert is logged with who and when, with no edit or delete path anywhere near it. Exportable for an insurer, auditor, or attorney.
A subcontractor can share their verified profile with a general contractor they haven't started a project with yet — useful the moment a bid goes out, not after it's won.
Import your roster from a CSV or add them one at a time — Rivet finds and reuses existing profiles automatically.
Subcontractors get their own portal login and upload once — no more emailing PDFs back and forth.
Every document runs through the same 5-step check your compliance team would do by hand, instantly.
A 45-day head start on anything expiring, escalating automatically if nobody acts — never a surprise at the gate.
Start free, upgrade when your roster grows.
Compliance data is sensitive by nature — here's what's structurally guaranteed, not just promised.
Every page and every mutation checks the signed-in role on the server — a hidden button is never the only thing standing between a role and an action it shouldn't have.
Compliance events have no update or delete path in the codebase, structurally — not just a policy, an architectural guarantee.
Every fail or needs-review verdict comes with the specific rule it tripped — an entity mismatch, an expired date, a missing endorsement — never a generic "non-compliant."
Keyboard-operable tables and modals, visible focus states, and status that's never conveyed by color alone.
Questions before you sign up? Send us a note.
Designed By NXT INNOVATIONS