We treat your business data with the same care you treat your customers. Industry-standard security at every layer.
All data stored in Google Cloud Firestore is encrypted at rest using AES-256 encryption, managed by Google's infrastructure. Encryption keys are rotated automatically. Your business data is never stored in plain text.
Every connection between your device and our servers uses TLS 1.2+ (HTTPS). All API calls, file uploads, and data syncs are encrypted end-to-end. No data is ever transmitted unencrypted.
User authentication is handled by Firebase Authentication with bcrypt password hashing, secure session tokens, and automatic token rotation. Support for email/password and Apple Sign-In.
All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. FieldForge never stores, processes, or has access to credit card numbers. Payment data goes directly to Stripe.
All API calls are made server-side through Firebase Cloud Functions. No API keys, secrets, or service credentials are stored on the device. Server-side validation on every request.
FieldForge operates in compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). We collect only what is necessary and give you full control over your data.
Every external service communicates through authenticated, server-side Cloud Functions. No API keys or third-party credentials are ever exposed to the client device. All inter-service communication uses TLS encryption.
Your data is retained for as long as your account is active. We do not sell, share, or monetise your business data. Inactive accounts are subject to our data retention policy outlined in our Privacy Policy.
You can delete your account and all associated data at any time from the app (Account > Danger Zone > Delete Account). Deletion is permanent and irreversible. All data is purged from our systems within 30 days.
You can export your data at any time. Quotes, invoices, customer records, and compliance documents can all be exported as PDF or CSV files from within the app.
We collect only the data necessary to provide the service: your business details, customer information you enter, and usage analytics. We do not track your location or access your contacts.
Your data is shared only with the services required to operate FieldForge: Stripe (payments), Resend (email), and Twilio (SMS). Each service processes only the minimum data required for their function.
In the unlikely event of a data breach, we will notify affected users within 72 hours as required by the Australian Privacy Act. We maintain incident response procedures and conduct regular security reviews.
SOC 1/2/3 certified, ISO 27001, ISO 27017, ISO 27018 compliant. Firebase infrastructure runs on Google's world-class data centres with 99.95% uptime SLA.
Stripe is a PCI Service Provider Level 1 certified processor, the most stringent level of certification available. All card data is handled exclusively by Stripe.
We comply with the Australian Privacy Act 1988 and all 13 Australian Privacy Principles (APPs). Your rights as an Australian business operator are fully protected.