Security Overview

Effective date: June 25, 2026 Last updated: June 25, 2026

Protecting the information entrusted to us is a core priority. This overview describes, at a high level, the security practices and architecture of the ServiceVisit platform (the "Platform"). It is intended to help prospective and current users understand our approach. It does not disclose implementation details that could undermine security, and it does not constitute a warranty or guarantee. Our handling of personal information is described in the Privacy Policy.

1. Our approach

We build security into the design of the Platform and treat it as an ongoing program rather than a one-time effort. We use established cloud infrastructure, industry-standard protocols, and a defense-in-depth approach across authentication, authorization, encryption, and isolation. We continue to invest in and improve our security posture as the Platform matures.

2. Authentication

Access to the Platform is protected using industry-standard authentication based on OAuth 2.0 and OpenID Connect. Sign-in is handled through a dedicated identity service, and access to our APIs is controlled using signed, time-limited tokens. We support modern authentication practices and are continuing to expand account-protection options.

3. Authorization

Access is governed by a role- and capability-based authorization model. Users receive only the permissions appropriate to their role, and feature access is derived from the capabilities included in an organization's subscription. Requests are checked against these permissions, and access to an organization's data is scoped to that organization.

4. Encryption

Data is encrypted in transit using TLS for connections to the Platform. Data stored in our managed databases and file storage is encrypted at rest using our cloud provider's encryption capabilities. Application secrets are managed through a dedicated secrets-management service rather than embedded in code or configuration.

5. Data isolation

The Platform is organized into separate domains with their own data stores, and access to data is scoped to the organization it belongs to. This separation is designed to keep one organization's data isolated from another's and to limit the blast radius of any single component.

6. Logging and monitoring

We maintain application and audit logging for key activities, along with health checks and telemetry that help us monitor the availability and behavior of the Platform. Administrative and support actions taken on behalf of an organization are recorded with the actor and context, supporting accountability and review.

7. Backup and recovery

The Platform runs on managed cloud infrastructure that provides data durability and recovery capabilities, including resilient managed databases and file storage with retention and recovery features. We continue to develop and test our backup and recovery practices as part of our operational maturity.

8. Infrastructure

The Platform is hosted on Microsoft Azure. We use managed identities for service-to-service access where possible, keep secrets in a managed secrets service, and provision infrastructure through code-based, repeatable processes. Third parties that process data on our behalf are described in our Subprocessor Policy.

9. Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please report it under our Responsible Disclosure Policy rather than disclosing it publicly, and we will work with you to investigate and address it.

10. Shared responsibility

Security is a shared responsibility. We secure the Platform; you help by protecting your credentials, using strong and unique passwords, managing who has access to your account, and reporting anything that looks suspicious to security@servicevisit.com.

11. No guarantee

We work hard to protect the Platform, but no method of transmission or storage is completely secure, and we cannot guarantee absolute security. This overview describes our practices and does not create a contractual warranty.

12. Contact us

Security questions? Contact us at security@servicevisit.com. Related commitments are summarized in our Trust Center.