Trust & Security
Your data security is our top priority. We are actively pursuing industry-leading certifications to give you confidence that ServiceFlow Pro meets the highest standards for protecting your business and customer information.
Compliance Roadmap
Phase 1: CASAIn Progress — Target: May 31, 2026
We are currently undergoing the Cloud Application Security Assessment through the App Defense Alliance, validating that ServiceFlow Pro meets rigorous security requirements. Expected completion: May 31, 2026.
Application security code review
Automated vulnerability scanning
Secure data handling validation
Authentication & access control review
Infrastructure security assessment
Third-party dependency analysis
Phase 2: SOC 2 Type IITarget: End of 2026
Building on our CASA foundation, we are pursuing SOC 2 Type II certification to meet the compliance requirements of enterprise customers. Target completion: end of 2026.
SOC 2 Type II audit & certification
Penetration testing by third-party firm
Vendor risk management program
Formal incident response plan
Business continuity & disaster recovery
Enterprise SSO & advanced access controls
Security Built Into Every Layer
Data Encryption
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256 encryption. Database connections use SSL certificates and encrypted connection strings.
Stripe PCI Compliance
Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider. Card numbers and sensitive payment data never touch our servers.
Role-Based Access Control
Granular permission system with Admin, Manager, and Technician roles. Each user only sees the data and actions their role allows.
Audit Logging
Every significant action is logged with timestamps, user identity, and IP addresses for complete accountability.
GPS-Verified Operations
Time clock punches and field operations are GPS-verified with configurable distance validation.
Secure Authentication
JWT-based authentication with secure refresh token rotation. Passwords hashed with bcrypt.
What CASA Means for Your Business
The Cloud Application Security Assessment is a rigorous, independent evaluation of our application security posture. Passing CASA signals to customers, partners, and regulators that ServiceFlow Pro takes data protection seriously.
Tier 2
CASA assessment level -- includes automated scanning and manual security review
ADA
App Defense Alliance -- backed by Google, the industry standard for cloud app security
100%
of payment data handled by PCI Level 1 certified Stripe -- zero card data on our servers
Enterprise Security — Coming End of 2026
Our SOC 2 Type II program will deliver the compliance documentation and security controls that enterprise customers require before onboarding new software vendors.
SOC 2 Type II Report
Independent auditor examination of our security, availability, and confidentiality controls over a sustained observation period.
Penetration Testing
Annual third-party penetration testing covering web application, API, mobile, and infrastructure attack surfaces.
Vendor Risk Management
Formal program for evaluating and monitoring the security posture of all third-party vendors and subprocessors.
Incident Response Plan
Documented incident response procedures with defined roles, communication protocols, and escalation paths.
Our Security Commitments
- All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Zero payment card data stored on our servers -- Stripe handles it all
- Role-based access controls with multi-business tenant isolation
- Complete audit logging of all user actions and system events
- CASA security assessment in progress — expected by May 31, 2026
- SOC 2 Type II certification targeted for end of 2026
- Security questionnaire completion within 5 business days
- Regular vulnerability scanning and dependency updates
Frequently Asked Questions
What is CASA (Cloud Application Security Assessment)?
CASA is a security assessment framework developed by the App Defense Alliance that validates cloud applications meet rigorous security standards. It covers application security review, vulnerability scanning, secure data handling, authentication controls, and infrastructure hardening. Passing CASA demonstrates that an application follows industry best practices for protecting customer data.
What is SOC 2 Type II certification?
SOC 2 Type II is an auditing standard developed by the American Institute of CPAs (AICPA). It evaluates an organization's information systems for security, availability, processing integrity, confidentiality, and privacy. Unlike Type I (point-in-time), Type II examines controls over a sustained period (typically 6-12 months), providing stronger assurance that security practices are consistently followed.
When will SOC 2 Type II certification be completed?
Our target for SOC 2 Type II readiness is end of 2026. This includes completing the audit observation period, remediating any findings, and obtaining the formal audit report. Enterprise customers can request progress updates at any time by contacting our security team.
How is customer data protected today?
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. We use role-based access controls, secure JWT authentication with bcrypt password hashing, comprehensive audit logging, and GPS-verified operations. Payment data is handled exclusively by Stripe, which is PCI DSS Level 1 certified -- we never store card numbers on our servers.
Do you store payment card data?
No. All payment processing is handled through Stripe, a PCI DSS Level 1 certified payment processor. Card numbers, CVVs, and sensitive payment details never touch our servers. Stripe handles tokenization, storage, and processing of all payment data.
Can I get a security questionnaire completed?
Yes. We are happy to complete security questionnaires, vendor risk assessments, and due diligence documentation for enterprise prospects and existing customers. Contact our team at hello@serviceflow-pro.com with your questionnaire and we will respond within 5 business days.
Ready to Work with a Platform You Can Trust?
Start your free trial today. Enterprise-grade security included from day one -- no credit card required.
ServiceFlow Pro
The future of field service management powered by artificial intelligence.