Experience the Future of Field Service Management: Efficiency Meets Affordability! Request for a Free Demo
Try Fieldy - It's Free

Back

Enhance Customer Experience

Check Our Latest Added Features

Learn more about our pricing model and get started with your business

Learn More

Login Try for Free

Back

Industries

I Didn't Find My Type of Business

Mention your industry information will help you find best solution

Contact Us

Login Try for Free

Back

Resources

Check Our Latest Added Features

Learn more about our pricing model and get started with your business

Learn More

Login Try for Free

Back

Company

Contact Us

Mention your industry information will help you find best solution

Learn More

Login Try for Free

Fieldy Data Protection Policy

Data Protection Policy

We take the security of your data very seriously at Fieldy. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way that we handle security. If you have additional questions regarding security, we’d be happy to answer them. Please write to support@getfieldy.com and we will respond as quickly as we can. This security practices page describes the administrative, technical, and physical controls applicable to (a) Fieldy including but not limited to the Getfieldy platform, and apps running on Fieldy infrastructure.

Platform Controls

Architecture and data segregation

Fieldy services are operated on a multi-tenant architecture at both the platform and infrastructure layers that are designed to segregate and restrict access to the data that you and your users make available via the platform, as more specifically defined in our privacy policy covering the use of our customer data in Fieldy services based on business needs. The architecture provides a logical data separation for each different Customer via a unique ID.

Public cloud infrastructure

Fieldy services are hosted over the Internet on a ‘Public Cloud’, which are computing services offered by third-party providers to anyone who wants to use or purchase them. Like all cloud services, a public cloud service runs on remote servers that a provider manages.

Audits

To verify that our security practices are sound and to monitor the Fieldy services. The platform undergoes security assessments by internal personnel. In addition to periodic and targeted audits of the app features, we also employ the use of continuous automated scanning of our web platform for any new vulnerabilities.

Security

Fieldy shall ensure that personal data is stored securely using modern software that is kept up-to-date. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information. When personal data is deleted this should be done safely such that the data is irrecoverable. Appropriate backups and disaster recovery solutions shall be in place.

  • Access logging: Detailed access logs are available both to users and administrators and provided to customers upon request. We log in every time an account signs in, noting the type of device used and the IP address of the connection.
  • Access management: Administrators can remotely deactivate or delete any user accounts and sign out all devices authenticated to the Fieldy services at any time, on demand.
  • Data retention: Paid customers of Fieldy can have complete access to the data and the data retention of our past customers will be destroyed 90 days from the closure date and can request for immediate removal of data by writing to us at support@getfieldy.com
  • Host management: We perform automated vulnerability scans on our production hosts and remediate any findings that present a risk to our environment.
  • Network protection: In addition to sophisticated system monitoring and logging, we have implemented two-factor authentication for all server access across our production environment. Firewalls are configured according to industry best practices, using AWS security groups.
  • Product security practices: New features, significant functionality, and design changes go through a security review process facilitated by the security team. In addition, our code is audited with automated static analysis software, tested, and manually peer-reviewed before being deployed to production. The security team works closely with development teams to resolve any additional security concerns that may arise during development.

For some of the controls, the Customer cannot disable them; others provide customisation of the Fieldy services security by Customers for their use. As such, protecting Customer Data is a joint responsibility between the Customer and Fiedy.

Fieldy may conduct security scans and testing of the Fieldy platform and apps running on Fieldy infrastructure to detect abusive behavior or actions that violate the terms of the services.

Intrusion detection

Fieldy’s security team will monitor the Fieldy app services for unauthorized intrusions. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, FIeldy shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO.

Security Logs

Systems used in the provision of the Fieldy services log information to their respective system log facilities or a centralized logging service (for network systems) in order to enable security reviews and analysis. Fieldy maintains an extensive centralized logging environment in the production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about the Fieldy services. These logs are analyzed for security events via automated monitoring software, overseen by the security team.

Incident management

Fieldy maintains security incident management policies and procedures. Fieldy notifies impacted Customers without undue delay of any unauthorized disclosure of their respective Customer Data by Emails or its agents of which Fieldy becomes aware to the extent permitted by law. Fieldy typically notifies Customers of significant system incidents via email, and for incidents lasting for more than one hour, may invite affected Customers to join a conference call about the incident and Fieldy’s response.

Data Encryption

Fieldy services use industry-accepted encryption products to protect Customer Data (1) during transmissions between a Customer’s network and the Fieldy’s services and (2) when at rest. The Fieldy services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility with older clients.

Reliability, backup, and business continuity

We understand that you rely on the Fieldy services to work. We’re committed to making the services a highly available service that you can rely on. Our infrastructure runs on systems that are fault tolerant, for failures of individual servers or even entire data centers. Our operations team tests disaster-recovery measures regularly and has a 16-hour on-call team to quickly resolve unexpected incidents. Industry-standard best practices for reliability and backup helped to shape the design of the Fieldy services. Fieldy performs regular backups and facilitates rollbacks of software and system changes when necessary and replication of data as needed. Where possible, Fieldy will assist the Customer with data recovery for Major Catastrophic Events, as limited by data residency requirements of the locality and capabilities within the region. ‘Major Catastrophic Event’ means three broad types of occurrences: (1) natural events such as floods, hurricanes, tornadoes, earthquakes and epidemics; (2) technological events such as failures of systems and structures such as pipeline explosions, transportation accidents, utility disruptions, dam failures and accidental hazardous material releases; and (3) human-caused events such as active assailant attacks, chemical or biological attacks, cyberattacks against data or infrastructure, and sabotage. Major Catastrophic Events do not include bugs, operational issues, or other common software-related errors.

Customer Data is stored redundantly in multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures that allow recovery from a major disaster. Customer Data and our source code are automatically backed up every night. The operations team is alerted in the event of a failure in this system. Backups are fully tested at least every 60 days to confirm that our processes and tools work as expected.

Data at rest

Fieldy will store Customer Data at rest within certain major geographic areas except as otherwise provided in your order form.

Deletion of Customer Data

Fieldy services provide the option for workspace Primary Owners to delete Customer Data at any time during a subscription term. Within 24 hours of deletion initiated by a primary owner or Admin, Fieldy hard deletes all information from currently running production systems. Fieldy service backups are destroyed within 28 days (backups are destroyed within 28 days, except that during an ongoing investigation of an incident, this period may be temporarily extended).

When a Customer terminates a paid subscription, if the Customer does not otherwise elect to delete its account, Fieldy will, within 90 days following the subscription termination, delete, and ensure that all of its Affiliates and applicable third-party hosting providers delete, all copies of Customer Data within 14 days after Fieldy has initiated deletion of the Customer’s account.

Confidentiality

We place strict controls over our employees’ access to Customer Data. The operation of the Fieldy services requires that some employees have access to the systems that store and process Customer Data. For example, to diagnose a problem that you are having with the Fieldy services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so. We have technical controls and audit policies in place to ensure that any access to Customer Data is logged.

All our employees and contract personnel are bound to our policies regarding Customer Data, and we treat these issues as matters of the highest importance within our company.

Infrastructure

Fieldy uses infrastructure provided by Amazon Web Services, Inc. (‘AWS’) to host or process Customer Data submitted to the Fieldy services. Information about security provided by AWS is available from the AWS Security website. Information about security and privacy-related audits and certifications received by AWS, including information on ISO 27001 certification and SOC reports, is available from the AWS Compliance website.