Data Security
Last updated on 25/07/2025We take the security of your data very seriously at Fieldy. Since transparency is one of our principles, we strive to be clear and open about how we handle security. If you have any questions regarding our practices, we’ll be happy to help. Just write to support@getfieldy.com, and we’ll respond as quickly as we can.
This Security Practices page outlines the administrative, technical, and physical controls applied to Fieldy, including (but not limited to) the Getfieldy platform and apps running on Fieldy’s infrastructure.
Platform Controls
Architecture and Data Segregation
Fieldy services operate on a multi-tenant architecture at both the platform and infrastructure layers. This design ensures segregation and restricted access to the data that you and your users provide via the platform, as outlined in our Privacy Policy. Each customer’s data is logically separated through a unique ID, ensuring security and isolation based on business needs.
Public Cloud Infrastructure
Fieldy services are hosted on a Public Cloud, computing services provided by trusted third-party providers and delivered over the internet. Like all cloud services, a public cloud runs on secure remote servers managed by the provider.
Audits
To verify the strength of our security practices and ensure ongoing protection of Fieldy services, the platform undergoes regular security assessments by internal teams. In addition to periodic and targeted audits of app features, we also employ continuous automated scanning of our web platform to detect and address new vulnerabilities.
Security Controls
Fieldy implements appropriate technical and organizational measures to safeguard your Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These protections apply to all personal data processed or transmitted through the Fieldy app and platform.
Our services include a range of security controls, including but not limited to:
a. Access Logging: Detailed access logs are maintained for both users and administrators, and can be shared with customers upon request. Each login is recorded with the device type and IP address used.
b. Access Management: Administrators can remotely deactivate or delete user accounts and sign out all devices authenticated to Fieldy services at any time.
c. Data Retention: Paid customers have full access to their data. Data belonging to past customers is securely destroyed 90 days after account closure. Customers may also request immediate data removal by contacting us at support@getfieldy.com.
d. Host Management: Automated vulnerability scans are performed on production hosts, with prompt remediation of any identified risks.
e. Network Protection: Our production environment is protected with advanced monitoring and logging, two-factor authentication for all server access, and firewalls configured according to industry best practices using AWS security groups.
f. Product Security Practices: All new features, major functionality updates, and design changes undergo a security review process. Our code is audited with automated static analysis tools, tested, and manually peer-reviewed before deployment. The security team works closely with development teams to address any additional security issues during development.
Some security controls in Fieldy are mandatory and cannot be disabled, while others allow customers to customize the security settings of the platform for their own use. Protecting Customer Data is therefore a shared responsibility between the Customer and Fieldy.
To further ensure security, Fieldy may conduct security scans and tests on the platform and apps running on Fieldy infrastructure to detect abusive behavior or activities that violate our Terms of Service.
Intrusion Detection
Fieldy’s security team continuously monitors the Fieldy app services to detect and respond to any unauthorized intrusions.
Security Logs
All systems supporting Fieldy services log information either to their respective system log facilities or to a centralized logging service (for network systems). This enables thorough security reviews and analysis. Fieldy maintains a centralized logging environment in production, capturing details related to security, monitoring, availability, access, and other key service metrics. These logs are analyzed for potential security events using automated monitoring tools, under the supervision of our security team.
Incident Management
Fieldy has well-defined security incident management policies and procedures in place. In the event of an unauthorized disclosure of Customer Data, Fieldy will notify impacted customers without undue delay, in compliance with applicable laws such as GDPR where relevant. Customers are typically notified of significant system incidents via email. For incidents lasting longer than one hour, affected customers may also be invited to join a conference call to discuss the incident and Fieldy’s response.
Data Encryption
Fieldy services use industry-standard encryption technologies to protect Customer Data:
a.In Transit: Data transmitted between a customer’s network and Fieldy services is encrypted using TLS 1.2+ protocols and recommended secure cipher suites.
b.At Rest: Data stored on Fieldy infrastructure is encrypted using AES-256 encryption, in line with industry best practices.
We closely monitor developments in cryptography and promptly update our systems to address emerging vulnerabilities and adopt evolving best practices. For encryption in transit, we also ensure a balance between strong security and compatibility with older client systems.
Reliability, Backup, and Business Continuity
We understand that you depend on Fieldy services to perform reliably. That’s why we are committed to ensuring high availability and fault tolerance across our infrastructure. Our systems are designed to withstand failures of individual servers or even entire data centers.
Our operations team regularly tests disaster-recovery measures and maintains a 16-hour on-call rotation to quickly resolve unexpected incidents. Industry-standard best practices for reliability and backup shape the foundation of Fieldy services. We perform regular backups, enable rollbacks of software and system changes when necessary, and replicate data as needed.
In the case of a Major Catastrophic Event, Fieldy will assist customers with data recovery, as permitted by local data residency and compliance requirements (such as GDPR), and based on regional capabilities.
Major Catastrophic Events include:
a.Natural Events: Data transmitted between a customer’s network and Fieldy services is encrypted using TLS 1.2+ protocols and recommended secure cipher suites.
b.Technological Events: Failures of systems or structures such as pipeline explosions, utility disruptions, transportation accidents, or hazardous material releases.
c.Human-caused Events: Cyberattacks, sabotage, terrorism, chemical/biological attacks, or other large-scale security incidents.
Events such as software bugs, operational issues, or routine system errors are not considered Major Catastrophic Events.
Customer Data is stored redundantly in multiple locations within our hosting provider’s data centers to ensure availability. Backups are performed nightly, and both Customer Data and source code are included. Restoration procedures are well tested, backups are verified at least every 60 days to confirm reliability. The operations team is alerted immediately if backup failures occur.
Data at Rest
Fieldy stores Customer Data at rest within specific major geographic regions, supporting data residency and compliance requirements (e.g., GDPR), except where otherwise stated in the customer’s order form.
Deletion of Customer Data
Fieldy services allow workspace Primary Owners to delete Customer Data at any time during a subscription term. Within 24 hours of deletion initiated by a Primary Owner or Admin, all related data is permanently removed from active production systems. Backup copies are securely destroyed within 28 days, except where an ongoing incident investigation requires temporary retention.
When a Customer terminates a paid subscription, Fieldy will, within 90 days, initiate deletion of all Customer Data. All Fieldy affiliates and applicable third-party hosting providers will then permanently delete all remaining copies of Customer Data within 14 days of that initiation.
These timelines are aligned with GDPR standards for data deletion and retention, ensuring compliance and peace of mind for our customers.
Confidentiality
We enforce strict controls over employee access to Customer Data. While the operation of Fieldy services may require certain employees to access systems that store and process Customer Data (for example, to diagnose and resolve a service issue), such access is strictly limited and governed by our policies. Employees are prohibited from viewing Customer Data unless it is absolutely necessary, and all access is logged through technical controls and audit policies.
All Fieldy employees and contractors are bound by confidentiality agreements and our internal data protection policies. Customer Data protection is treated as a matter of the highest priority within our company.
Infrastructure
Fieldy services are hosted on infrastructure provided by Amazon Web Services, Inc. (AWS). Customer Data submitted to Fieldy is stored and processed within AWS’s secure cloud environment.
AWS maintains some of the industry’s most rigorous security measures and compliance programs. Detailed information about AWS security practices is available on the AWS Security website.
Information about security and privacy-related audits and certifications received by AWS, including ISO 27001 certification, SOC 1, SOC 2, and SOC 3 reports, is available on the AWS Compliance website.