Security

How we protect your business data

Encryption in Transit

All data transmitted between you and FieldChief is encrypted using TLS 1.3. No exceptions.

Isolated Databases

Every customer gets their own dedicated database. Your data is never mixed with anyone else's.

OAuth 2.1 Authentication

Access is controlled via Cloudflare Access with OAuth 2.1. No shared passwords, no API keys in URLs.

Complete Audit Trail

Every data change is logged with who, what, when, and before/after values. Full accountability.

Infrastructure

FieldChief runs on Cloudflare Workers — a globally distributed, serverless platform. Your data never sits on a single server that could be compromised. Key infrastructure details:

  • Compute: Cloudflare Workers (stateless, edge-deployed, no persistent server to attack)
  • Database: Cloudflare D1 (SQLite) with per-customer isolation
  • File storage: Cloudflare R2 (encrypted at rest, private by default)
  • DNS and CDN: Cloudflare (DDoS protection, WAF, bot management included)
  • Secrets: Stored in Cloudflare encrypted secret storage, never in code or environment variables

Data Protection

Encryption

  • In transit: TLS 1.3 for all connections, enforced at the edge
  • At rest: Cloudflare R2 encrypts all stored objects. D1 databases are encrypted at the infrastructure level

Tenant Isolation

Each FieldChief customer receives:

  • A dedicated D1 database (no shared tables, no row-level filtering)
  • A dedicated KV namespace for session data
  • A dedicated Worker deployment

There is no way for one customer's request to access another customer's database. The isolation is at the infrastructure level, not the application level.

Optimistic Concurrency

Every mutable record includes a version number. Updates require the current version, preventing data corruption from concurrent writes. If a conflict is detected, the operation fails safely rather than overwriting data.

Authentication and Access Control

  • OAuth 2.1 via Cloudflare Access for the MCP protocol connection
  • Telegram webhook validation using HMAC-SHA-256 signatures
  • SMS webhook validation for inbound message authenticity
  • Share tokens for customer-facing pages (quotes, invoices) are random 24-character strings, unguessable and single-use
  • Role-based access: admin, user, and read-only roles with permission checks on every write operation

Telegram as an Interface

FieldChief uses Telegram as the primary interface for managing your business. It's important to understand what flows through Telegram and what doesn't.

What goes through Telegram

Telegram is used for commands, notifications, and AI conversations — things like "create a quote for John Smith" or "what's on the schedule today." Telegram encrypts all messages in transit using TLS (server-client encryption) and at rest on their servers.

What never goes through Telegram

  • Payment information: All payments are processed through Stripe, a PCI DSS Level 1 certified payment processor. Credit card details are entered on Stripe's hosted payment pages, never in a Telegram message.
  • Stored business data: Your clients, quotes, invoices, jobs, and financial records live in your private Cloudflare D1 database — not in Telegram. Telegram is the interface to that data, not the storage.

About end-to-end encryption

Telegram's standard chats (including bot conversations) use server-client encryption, not end-to-end encryption. This means Telegram could theoretically access message content on their servers. For FieldChief's use case — business commands and notifications — this is comparable to using any cloud-based business tool (email, Slack, etc.). Your sensitive financial data and payment information are stored and processed outside of Telegram entirely.

Payments

All payment processing is handled by Stripe, used by millions of businesses worldwide.

  • FieldChief never sees, stores, or processes credit card numbers
  • Stripe is PCI DSS Level 1 certified — the highest level of payment security
  • Payment pages are hosted by Stripe with their own HTTPS encryption
  • This applies to both contractor subscription payments and customer invoice payments

AI and Data Privacy

  • Your business data is sent to AI providers (Anthropic) only to generate real-time agent responses
  • We do not use your data to train or fine-tune AI models
  • Conversation history is stored in your isolated database and automatically trimmed
  • AI providers process data under their enterprise terms, which prohibit training on customer data

Incident Response

In the event of a security incident:

  • We will notify affected customers within 72 hours of confirming a breach
  • We will provide details on what data was affected and what actions we are taking
  • We will cooperate with any investigation and provide support for remediation

Responsible Disclosure

If you discover a security vulnerability in FieldChief, please report it to [email protected]. We ask that you:

  • Give us reasonable time to fix the issue before disclosing publicly
  • Do not access or modify other customers' data
  • Do not disrupt the service

We will acknowledge your report within 48 hours and keep you updated on our progress.

Questions

For security questions or concerns, contact us at [email protected].