fieldGRID Security

Security & Trust

fieldGRID is built on Google Cloud (Firebase) with security enforced at the database layer. Our goal is simple: keep your company’s data isolated, encrypted, and auditable.

Encryption

TLS 1.2+ in transit. Data at rest encrypted by Firebase/Google Cloud managed keys.

RBAC & Company Isolation

Role-based access (admin/manager/payroll manager/member) with strict per-company Firestore rules.

Audit Trails

Immutable events for approvals and key changes. Read-only Audit Log UI.

Backups & DR

Automated backups and documented RPO/RTO with restoration tests.

Data Retention

Company export & deletion on request; admin-configurable retention for selected modules.

Device Security

Offline queue with auth required for sensitive ops; tokens revocable server-side.

Vulnerability Management

Dependency monitoring, regular updates, and third-party pen-tests on the roadmap.

Availability

Health checks, error tracking, background retries for uploads/sync.

Request DPA

Compliance Roadmap

We’re formalizing controls and collecting evidence toward third-party certifications. If your organization needs specific attestations, we can align timelines.

SOC 2 Type I

Initial attestation after controls + evidence.

SOC 2 Type II

Annual audits after 6–12 months of operating controls.

ISO 27001

ISMS formalization, risk register, internal + surveillance audits.

SSO (SAML/OIDC)

Okta & Microsoft Entra ID; SCIM provisioning.

Data Residency

EU-hosted by default; regional options as Firebase/GCP allow.

DPA & Subprocessors

Standard DPA and published subprocessors list.

FAQs

Where is our data stored?

Google Cloud (Firestore/Storage). EU hosting prioritized where possible.

Can we export or delete our data?

Yes. Admins can request export and deletion; legal hold available on request.

Do you support SSO?

Okta/Microsoft Entra SSO on the near-term roadmap. Request pilot access.

How do you handle incidents?

Documented incident response with triage SLAs, customer notification, and postmortems.

Security questions or procurement review?

We’re happy to share our security one-pager, DPA, and architecture notes, or to set up a technical review with your IT team.

Contact Security