Security & Trust
FieldTempo is built with the controls enterprise buyers expect — strong authentication, strict tenant isolation, encryption, and a full audit trail — with two-factor auth included on every plan, not locked behind an upsell.
Identity & access
The right people in — and nobody else.
Two-factor authentication is available to every FieldTempo account, not reserved for a premium tier. Owners can require it org-wide, and it's verified on the server on every request — including the admin path.
Tenant isolation
Isolation the database enforces — not just the app.
Every organization's data is separated at two layers. Beyond application-level scoping on every query, Postgres row-level security is enforced on the API path: requests run as a role that cannot bypass it, so a forgotten filter returns zero rows instead of leaking another tenant's data.
Data protection
Sensitive data is protected at rest and in transit.
Integration secrets are encrypted before they ever touch the database, access keys are stored only as hashes, and your data sits on managed cloud infrastructure with encryption at rest and automated daily backups.
Payments
Payments are handled by Stripe, so you inherit their compliance.
FieldTempo never stores raw card numbers. Card payments — deposits, pay links, hosted invoices, and card-on-file auto-charges — are processed and vaulted by Stripe, a PCI-DSS compliant payment processor, and reconciled through signature-verified webhooks.
Monitoring & audit
See who did what — and keep the surface hardened.
Sensitive actions are recorded to a tamper-resistant audit trail, outbound webhooks are signed and replay-protected, and the whole surface is rate-limited and locked down with strict security headers.
Defense in depth
Security isn't one feature — it's dozens of small decisions across the stack. Here are more of the controls protecting your account.
Field techs get server-side field redaction — pricing, client contact details, and addresses are hidden unless the owner grants them.
Public-API keys carry explicit read/write scopes, are shown once, and are revocable at any time.
Every inbound webhook — Stripe, Stripe Connect, QuickBooks, RevenueCat, Twilio — is signature or token verified before it's trusted.
Queries use a parameterized ORM throughout, and every CSV export is guarded against spreadsheet formula injection.
Consent timestamps, STOP/START handling, carrier opt-out mirroring, and sender identification on every message.
Third-party connections (QuickBooks, Stripe) use database-backed state tokens to prevent CSRF on the OAuth handshake.
Non-root application containers, modern dependency pins, and debug surfaces disabled in production.
Sentry error and performance monitoring across the web app and background jobs, with a live database health check.
Have a security question, need documentation for procurement, or want to walk through our controls for your compliance review? Talk to our team. You can also read our Privacy Policy and SMS Messaging Terms.
Enterprise
SSO and SCIM rollout, tenant-isolation questions, a security review for procurement, or a walkthrough for your IT team — we're happy to help. Book a demo and we'll tailor it to your requirements.