Secure infrastructure
FieldClock uses industry-standard encryption for all communications between your devices in the field and our servers in the cloud. We also encrypt backups and other content to avoid accidental data leakage.
We appreciate that you entrust us with your data and we take this responsibility very seriously.
How we secure your data
External Communications
All communication with FieldClock servers is performed over SSL-encrypted HTTPS connections to prevent snooping.
Internal Data
Communication between our servers and database is encrypted as are database backups and user-uploaded content.
Frequent Backups
When your data is minute-by-minute, daily backups aren't good enough. We perform rolling snapshots of our database to make sure your data is always safe.
PCI Compliance
We do not store any of your sensitive payment information on our servers. Payment methods and account numbers are securely vaulted with our processors to keep your accounts safe. FieldClock is compliant with PCI SAQ A 3.2.1.
Limit employee access according to need
In addition to our secure infrastructure, FieldClock provides role-based access controls that enable you to limit what your employees can see and interact with.
Very limited roles exist to allow employees in the field to clock each other in-and-out, or record piecework, without exposing them to sensitive information such as other individuals' pay rates.
Need clarification?
My device is old, can your server use older TLS or SSL versions?
No! Our policy is to follow best practices for our industry which requires that we do not use outdated cyphers or protocols that do not provide adequate security. We do not support TLS1, TLS1.1, or older SSL variants.
How are backups managed?
Our robust backup system is designed to keep your data safe at all times. Backup snapshots are encrypted and replicated across multiple data centers. During day-to-day business, our "hot standbys" are ready to leap into action if the primary database is taken offline for any reason. For in-depth security, we also replicate backup snapshots to other datacenters in distant geographic regions. Read more about FieldClock's commitment to reliability.
Can FieldClock employees access my data?
Yes, within limits. Our support team has access to basic information in your account to assist in setup and troubleshooting. Our developers do not have access to internal systems except when needed and with restrictions. By limiting who can access the systems, we reduce the number of attack surfaces for your data.
Is my payment information secure?
All payment information, including card or account numbers and cardholder information, is securely stored by our payment processors and is never seen by FieldClock. This is how we minimize the amount of data we handle in order to maintain a safe information security posture.
For more information about our processors' security, please visit Security at Stripe and Braintree Data Security.
How can I contact the FieldClock Security Team?
The FieldClock Security Team can be reached by email at security@fieldclock.com. If you need to send us an encrypted email, please use the information provided in our security.txt file.