Security & compliance

ServicePilot is job management software for Australian trade and field-service businesses. Your customers, quotes, invoices and payments all live in it, so keeping that data safe matters to us. This page explains how we protect it and where we stand on compliance.

SOC 2 infrastructure ISO 27001 infrastructure Stripe · PCI-DSS Level 1 Encrypted in transit & at rest Australian data residency

Certified infrastructure

ServicePilot runs on cloud infrastructure that is independently certified to SOC 2 and ISO 27001. Our providers undergo regular third-party audits covering security, availability and confidentiality. Production data is hosted in Australian data centres (Sydney region).

Encryption

All traffic is encrypted in transit with TLS, and data is encrypted at rest on the underlying storage. Passwords are stored only as salted hashes, never in plain text, and full payment card numbers never touch our servers.

Tenant isolation & access control

Every business's data is isolated at the database level using row-level security, so one company can never read or change another company's records. Internal access to production follows least-privilege principles and is restricted and logged.

Payments and PCI-DSS

All card payments are processed by Stripe, which holds PCI-DSS Level 1 certification (the highest level of payment-security certification). Card details are entered directly into Stripe's secure, hosted fields, and ServicePilot never stores, processes or transmits full card numbers.

Network protection

Traffic is served through Cloudflare, providing DDoS mitigation, a global content-delivery network and enforced TLS across the platform.

Application security & penetration testing

We conduct security reviews and penetration testing of the platform and remediate findings promptly. Changes are reviewed with security in mind, and we continuously monitor our infrastructure for misconfigurations and vulnerabilities.

Backups & protection against data loss

Your data is backed up automatically every day. On top of that, every change your team makes (a new quote, an updated job, a payment) is captured the moment it's saved and copied to a separate, secure location kept completely apart from our main database.

So if something ever went wrong with the main database, we wouldn't only fall back to last night's backup. We could bring your data back to the moment just before the problem, so the work your team did during the day is safe, not just what existed at the last backup. Our recovery process is documented and tested.

Reliability

ServicePilot is built on managed, redundant infrastructure designed for high availability, with health monitoring across the platform.

Your data, your control

Your data is yours. We never sell it. You can export or request deletion of your information at any time. See our Privacy Policy for how we handle personal information under the Australian Privacy Principles (Privacy Act 1988 (Cth)).

Responsible disclosure

If you believe you've found a security vulnerability, we want to hear from you. Email [email protected] with the details and we'll respond promptly. Please give us a reasonable opportunity to investigate and remediate before any public disclosure.

Security or compliance questions?

For procurement, vendor assessments or grant reviews, contact [email protected] and we'll be glad to help.