Security at ServFixo

1. Data Protection

Encryption in Transit

All communications between your devices and our servers are encrypted using Transport Layer Security (TLS) 1.3, the latest and most secure version of the protocol. This ensures that your data cannot be intercepted or tampered with during transmission.

Encryption at Rest

All data stored in our databases is encrypted using AES-256 encryption, the same standard used by banks and government agencies. Encryption keys are managed using industry-standard key management services with automatic key rotation.

Data Isolation

As a multi-tenant platform, we implement strict data isolation between customers. Each customer's data is logically separated and accessible only to authorized users within that organization.

2. Infrastructure Security

Cloud Infrastructure

ServFixo is hosted on enterprise-grade cloud infrastructure that maintains SOC 2 Type II, ISO 27001, and other security certifications. Our infrastructure providers maintain physical security controls including:

• 24/7 security personnel and surveillance
• Biometric access controls
• Environmental controls (fire suppression, climate control)
• Redundant power and network connectivity

Network Security

Our network security measures include:

• Web Application Firewall (WAF) to protect against common attacks
• DDoS protection and mitigation
• Intrusion detection and prevention systems
• Network segmentation and access controls

3. Access Control

Authentication

We employ strong authentication mechanisms to verify user identity:

• Secure password requirements with complexity rules
• Optional multi-factor authentication (MFA)
• Session management with automatic timeout
• Brute-force protection with account lockout

Role-Based Access Control (RBAC)

ServFixo implements role-based access control to ensure users only have access to the features and data they need:

• Admin: Full access to all features and settings
• Manager: Access to team management and reports
• Dispatcher: Access to scheduling and job assignment
• Technician: Access to assigned jobs and mobile features

Employee Access

ServFixo employee access to production systems is strictly controlled. Access is granted on a need-to-know basis, requires multi-factor authentication, and all access is logged and audited.

4. Data Backup and Recovery

We maintain comprehensive backup and disaster recovery procedures:

• Automated daily backups of all data
• Point-in-time recovery capability
• Backups stored in geographically separate locations
• Regular backup restoration testing
• Recovery Time Objective (RTO) of less than 4 hours
• Recovery Point Objective (RPO) of less than 1 hour

5. Application Security

Secure Development Practices

Our development team follows secure coding practices including:

• Security-focused code reviews
• Automated security scanning in CI/CD pipeline
• Regular dependency updates and vulnerability patching
• OWASP Top 10 vulnerability prevention

Vulnerability Management

We actively manage security vulnerabilities through:

• Regular vulnerability scanning
• Annual third-party penetration testing
• Bug bounty program for responsible disclosure
• Prompt patching of identified vulnerabilities

6. Monitoring and Incident Response

Security Monitoring

Our security operations include:

• 24/7 automated security monitoring
• Real-time alerting for suspicious activities
• Comprehensive logging of security events
• Log retention for forensic analysis

Incident Response

In the event of a security incident, we follow a documented incident response plan that includes:

• Rapid detection and containment
• Investigation and root cause analysis
• Customer notification within 72 hours of confirmed breach
• Remediation and prevention of future incidents
• Post-incident review and improvement

7. Payment Security

We take payment security seriously and implement the following measures:

• PCI DSS Compliance: All payment processing is handled by PCI DSS Level 1 certified payment processors.
• No Card Storage: We never store credit card numbers on our servers. Payment credentials are tokenized by our payment processor.
• Fraud Prevention: Our payment system includes fraud detection and prevention measures.

8. Your Security Responsibilities

Security is a shared responsibility. We recommend that you:

• Use a strong, unique password for your ServFixo account
• Enable multi-factor authentication (MFA) for added security
• Keep your login credentials confidential
• Log out of your account when using shared devices
• Regularly review user access and remove inactive accounts
• Report any suspicious activity to our support team immediately
• Keep your devices and browsers up to date with security patches

9. Reporting Security Issues

If you discover a security vulnerability or suspect unauthorized access to your account, please contact us immediately:

• Security Issues: security@servfixo.com
• General Support: support@servfixo.com

We appreciate responsible disclosure of security vulnerabilities and will work with you to address any issues you discover.

10. Updates to This Policy

We may update this Security Policy from time to time to reflect changes in our security practices. Significant changes will be communicated to customers via email or through the Service.