Security

How we protect your business data

Encryption in Transit

All data transmitted between you and FieldChief is encrypted using TLS 1.3. No exceptions.

Isolated Databases

Every customer gets their own dedicated database. Your data is never mixed with anyone else's.

OAuth 2.1 Authentication

Access is controlled via Cloudflare Access with OAuth 2.1. No shared passwords, no API keys in URLs.

Complete Audit Trail

Every data change is logged with who, what, when, and before/after values. Full accountability.

Infrastructure

FieldChief runs on Cloudflare Workers — a globally distributed, serverless platform. Your data never sits on a single server that could be compromised. Key infrastructure details:

  • Compute: Cloudflare Workers (stateless, edge-deployed, no persistent server to attack)
  • Database: Cloudflare D1 (SQLite) with per-customer isolation
  • File storage: Cloudflare R2 (encrypted at rest, private by default)
  • DNS and CDN: Cloudflare (DDoS protection, WAF, bot management included)
  • Secrets: Stored in Cloudflare encrypted secret storage, never in code or environment variables

Data Protection

Encryption

  • In transit: TLS 1.3 for all connections, enforced at the edge
  • At rest: Cloudflare R2 encrypts all stored objects. D1 databases are encrypted at the infrastructure level

Tenant Isolation

Each FieldChief customer receives:

  • A dedicated D1 database (no shared tables, no row-level filtering)
  • A dedicated KV namespace for session data
  • A dedicated Worker deployment

There is no way for one customer's request to access another customer's database. The isolation is at the infrastructure level, not the application level.

Optimistic Concurrency

Every mutable record includes a version number. Updates require the current version, preventing data corruption from concurrent writes. If a conflict is detected, the operation fails safely rather than overwriting data.

Authentication and Access Control

  • OAuth 2.1 via Cloudflare Access for the MCP protocol connection
  • Telegram webhook validation using HMAC-SHA-256 signatures
  • SMS webhook validation for inbound message authenticity
  • Share tokens for customer-facing pages (quotes, invoices) are random 24-character strings, unguessable and single-use
  • Role-based access: admin, user, and read-only roles with permission checks on every write operation

AI and Data Privacy

  • Your business data is sent to AI providers (Anthropic) only to generate real-time agent responses
  • We do not use your data to train or fine-tune AI models
  • Conversation history is stored in your isolated database and automatically trimmed
  • AI providers process data under their enterprise terms, which prohibit training on customer data

Incident Response

In the event of a security incident:

  • We will notify affected customers within 72 hours of confirming a breach
  • We will provide details on what data was affected and what actions we are taking
  • We will cooperate with any investigation and provide support for remediation

Responsible Disclosure

If you discover a security vulnerability in FieldChief, please report it to security@fieldchief.ai. We ask that you:

  • Give us reasonable time to fix the issue before disclosing publicly
  • Do not access or modify other customers' data
  • Do not disrupt the service

We will acknowledge your report within 48 hours and keep you updated on our progress.

Questions

For security questions or concerns, contact us at security@fieldchief.ai.