1. Overview
We apply practical, industry-standard security measures across infrastructure, data storage, access control, application security, monitoring, and incident response.
Our goal is simple: keep your data secure, available, and under your control.
2. Infrastructure security
FieldCrew is hosted on secure, industry-standard cloud infrastructure.
We implement:
- Secure hosting environments with restricted access.
- Network-level protections and isolation.
- Regular system updates and patching.
- Environment separation (production vs development).
Access to infrastructure is limited to authorised personnel only.
3. Data protection
We protect customer data in transit and at rest:
- Encryption in transit using HTTPS/TLS.
- Secure data storage with controlled access.
- Logical separation of customer data between workspaces.
We do not sell or share customer data outside of what is required to operate the service.
4. Access control
FieldCrew uses role-based access controls to ensure users only see what they need.
- Workspace admins control user roles and permissions.
- Least-privilege principles are applied internally.
- Authentication controls protect account access.
You are responsible for managing access within your team.
5. Application security
We design the application to reduce risk at every level:
- Input validation and protection against common vulnerabilities.
- Controlled API access.
- Secure authentication flows.
- Ongoing improvements based on real-world usage.
6. Monitoring and logging
We continuously monitor platform activity to detect issues early.
- System and access logging.
- Error tracking and alerting.
- Performance monitoring.
This allows us to identify and respond to issues quickly.
7. Incident response
If a security issue occurs:
- We investigate and contain the issue quickly.
- We assess impact and take corrective action.
- We notify affected customers where required.
Our focus is rapid response and clear communication.
8. Data ownership
You retain full ownership of your data.
- FieldCrew acts as a processor of your operational data.
- You control how your data is used within your workspace.
- You can request data export or deletion at any time.
9. Employee and access practices
Access to systems is restricted and controlled:
- Limited personnel access to production systems.
- Access granted based on role and necessity.
- Internal practices designed to reduce risk of exposure.
10. Third-party providers
We rely on trusted third-party providers for infrastructure and core services (for example hosting, authentication, payments). These providers are selected based on their security standards and reliability.
11. Your responsibilities
Security is shared. You should:
- Use strong passwords.
- Restrict access to authorised users only.
- Remove access when team members leave.
- Ensure your use complies with applicable laws.
12. Reporting security issues
If you discover a potential security issue, please report it immediately:
We take all reports seriously and investigate promptly.