Security¶
FSM Navigator is built with security at its core. Your field service data — customer records, job details, financial information — is protected by multiple layers of defense, from encryption at rest to strict access controls.
Security principles¶
| Principle | What it means for you |
|---|---|
| Encryption everywhere | All sensitive data is encrypted at rest and in transit using industry-standard algorithms |
| Role-based access | Every user has a defined role that controls exactly what they can see and do |
| Multi-factor authentication | Add a second layer of protection to every account with TOTP-based MFA |
| Data isolation | Each company's data is strictly isolated — no cross-tenant access is possible |
| Audit logging | Every significant action is recorded in an immutable audit trail |
| Secure communications | All connections use TLS encryption — no unencrypted traffic |
Security features¶
-
Multi-factor authentication
Protect accounts with time-based one-time passwords. Enforce MFA across your entire company.
-
Roles and access control
Assign roles to control who can create jobs, manage inventory, view reports, and more.
Encryption¶
Data at rest¶
All sensitive fields — including customer contact information, financial data, and personal details — are protected with bank-grade encryption before being stored. Encryption keys are managed securely and rotated according to industry best practices.
Data in transit¶
Every connection to FSM Navigator uses TLS (HTTPS). API calls, dashboard access, customer portal sessions, and mobile app communications are all encrypted end-to-end.
Data isolation¶
FSM Navigator uses a multi-tenant architecture with strict data isolation:
- Every database query is scoped to your company — you can never see another company's data.
- API keys, sessions, and user accounts are all bound to a single company.
- Even if a vulnerability were discovered, tenant boundaries prevent cross-company data leakage.
Audit logging¶
Every significant action is automatically recorded in your company's audit log:
- Who performed the action
- What was changed (with before/after values)
- When it happened
- Where the request originated (IP address)
Owners can review the audit log at any time from Reports → Audit Logs. Logs are retained for a minimum of three (3) years and cannot be modified or deleted.
Infrastructure security¶
| Layer | Protection |
|---|---|
| Network | Firewall rules, intrusion detection, DDoS mitigation |
| Application | Input validation, parameterized queries, CSRF protection |
| File uploads | Automatic malware scanning on every uploaded file |
| Sessions | Secure session management with automatic timeout |
| Passwords | Bcrypt hashing with per-user salts — passwords are never stored in plain text |
Compliance¶
FSM Navigator's security practices align with industry standards:
- SOC 2 Type II practices for data handling and access control
- OWASP Top 10 mitigations applied across the application
- PCI-compliant payment processing through Stripe (FSM Navigator never touches card numbers)
Reporting a vulnerability¶
If you discover a security vulnerability, please report it responsibly:
- Report: Submit vulnerabilities through our contact page
- Response time: We acknowledge reports within 24 hours and provide a detailed response within 72 hours.
Responsible disclosure
We appreciate researchers who report vulnerabilities responsibly. Please do not publicly disclose a vulnerability until we have had an opportunity to address it.
Related guides¶
- Multi-factor authentication — protect your account with MFA
- Roles and access control — understand the permission model
- Audit logs — review your company's activity history
- Team management — manage users and roles