Data Security Overview

Enterprise-grade protection for your field operations, routing data, and customer information.

At Grid Magic, Inc., we understand that the systems we build manage the lifeblood of your operations—from live technician geolocation to customer billing data. Security is not an afterthought; it is built into the foundation of every custom architecture we deploy.

1. Encryption Architecture

Data in Transit: All communications between mobile applications, web dashboards, and our API gateways are encrypted using TLS 1.3. We enforce strict HSTS policies across all endpoints.

Data at Rest: All databases, object storage buckets (for photos and signatures), and automated backups are encrypted at rest using AES-256 encryption. Encryption keys are managed securely via AWS KMS or equivalent enterprise key management services.

2. Authentication & Access Control

We implement rigid Role-Based Access Control (RBAC) in all custom applications.

  • Multi-Factor Authentication (MFA): Enforced by default for all dispatcher and administrative accounts.
  • Least Privilege: Technicians can only access data relevant to their assigned jobs for that specific day. Historic customer data remains inaccessible to field staff unless explicitly permitted.
  • Session Management: Aggressive session timeouts for mobile devices and remote wipe capabilities are built into the core mobile architecture.

3. Infrastructure & Network Security

Our deployments utilize private subnet architectures. Databases and internal microservices are never exposed directly to the public internet. All inbound traffic is routed through secure API gateways and Web Application Firewalls (WAF) configured to drop malicious traffic, DDoS attempts, and SQL injection payloads before they reach application logic.

4. Compliance & Payment Data

Grid Magic, Inc. does not store raw credit card information. All custom applications that process on-site payments rely on PCI-DSS Level 1 compliant processors (such as Stripe). We utilize tokenization to process transactions securely, ensuring your business remains out of scope for complex PCI compliance audits.

5. Incident Response & Auditing

Every action within the system—from a dispatcher reassigning a route to a technician viewing a customer's gate code—is logged in an immutable, append-only audit trail. In the event of an anomalous event, our automated monitoring systems trigger immediate alerts to our engineering team.

For questions regarding our security protocols, SOC2 reports (if applicable to your dedicated environment), or to request a penetration testing authorization form, please contact your account manager.