At Detail Companion, the security of your business data and your customers' information is our top priority. We understand that as an auto detailing professional, you rely on our platform to run your daily operations, process payments, and manage sensitive client details.
This Security Policy outlines the organizational, technical, and physical measures we implement to protect the confidentiality, integrity, and availability of your data.
1. Cloud Infrastructure & Hosting
Detail Companion does not host its own physical servers. Instead, we leverage world-class cloud infrastructure providers to ensure maximum security and reliability.
Hosting Provider: Our platform is hosted on Google Cloud Platform, which maintains industry-leading security certifications, including ISO 27001, SOC 1, SOC 2, and PCI Level 1 compliance.
Data Centers: Your data is stored in highly secure data centers with physical security measures including biometric access controls, 24/7 surveillance, and redundant power systems.
Network Security: We utilize Virtual Private Clouds (VPC) to isolate our production environment. We employ firewalls, network access control lists (ACLs), and intrusion detection systems to block unauthorized traffic.
2. Data Encryption
We protect your data whether it is moving across the internet or sitting in our databases.
Encryption in Transit: All data transmitted between your device (browser or mobile app) and our servers is encrypted using strong Transport Layer Security (TLS 1.2 or higher) protocols. This prevents eavesdropping and tampering during data transfer.
Encryption at Rest: Data stored in our databases, backups, and file storage systems is encrypted using AES-256 (Advanced Encryption Standard) encryption. Key management is handled through a secure Key Management Service (KMS).
3. Payment Security (PCI Compliance)
Detail Companion takes the security of financial transactions extremely seriously.
No Raw Credit Card Storage: We do not store, process, or transmit full credit card numbers on our own servers. All payment processing is offloaded to our PCI-DSS Level 1 compliant partners, such as Stripe and QuickBooks.
Tokenization: When you save a customer’s card on file, we use a secure tokenization system. We only store a reference token provided by the payment processor, ensuring that even in the unlikely event of a breach, your customers' card numbers cannot be accessed from our systems.
PCI Compliance: We regularly validate our compliance with the Payment Card Industry Data Security Standard (PCI-DSS) through self-assessment questionnaires (SAQ-A) and regular security scans.
4. Application Security & Access Control
We design our software with security in mind from the ground up.
Authentication: We use industry-standard authentication protocols (such as OAuth 2.0) to secure your account. We strongly recommend using strong, unique passwords.
Role-Based Access Control (RBAC): Within your Detail Companion account, you have the ability to assign roles (e.g., Administrator, Technician, Viewer). This ensures that your employees only have access to the data necessary to perform their jobs.
Session Management: User sessions automatically time out after a period of inactivity to prevent unauthorized access from unattended devices.
Secure Development: Our engineering team follows a Secure Software Development Life Cycle (SDLC). All code undergoes peer review and automated security scanning (SAST/DAST) before being deployed to production.
5. Availability, Backups & Disaster Recovery
We ensure that Detail Companion is available when you need it to run your business.
Redundancy: Our infrastructure is designed with redundancy at every layer. If one server fails, traffic is automatically routed to a healthy server to prevent downtime.
Automated Backups: We perform automated backups of your data. Point-in-time recovery capabilities allow us to restore data to a specific moment in time in the event of a critical failure.
Disaster Recovery: We maintain a Disaster Recovery (DR) plan that includes procedures for restoring operations in a different geographic region in the event of a catastrophic data center failure.
Uptime Monitoring: We monitor our systems 24/7/365. You can view our system status and historical uptime at status.detailcompanion.com.
6. Internal Security & Employee Access
We maintain strict internal controls over who can access your data.
Least Privilege Principle: Our employees are granted access to customer data only when necessary to provide support or maintain the Service. Access is granted on a "need-to-know" basis.
Multi-Factor Authentication (MFA): All Detail Companion employees are required to use MFA to access internal systems and administrative tools.
Background Checks: We conduct background checks on all employees prior to employment.
Security Training: All employees undergo mandatory security and privacy awareness training during onboarding and on an annual basis.
Audit Logging: Internal access to customer data is logged and audited to ensure accountability.
7. Vulnerability Management & Testing
We proactively look for security weaknesses before malicious actors can exploit them.
Vulnerability Scanning: We run automated vulnerability scans on our infrastructure and application code regularly.
Penetration Testing: We engage independent third-party security firms to conduct periodic penetration testing (ethical hacking) of our platform to identify potential risks.
Patch Management: We automatically apply security patches to our operating systems and libraries as they become available to protect against known vulnerabilities.
8. Incident Response
In the event of a security incident, we have a comprehensive plan in place.
Incident Response Team: We maintain a dedicated security team responsible for analyzing and responding to security events.
Notification: If we determine that a security breach has compromised your Personal Information or your End Users' data, we will notify you promptly via email and/or in-app notification, in compliance with applicable laws (such as GDPR and CCPA/CPRA). We will provide details on what happened, what data was involved, and the steps we are taking to resolve the issue.
9. Responsible Disclosure
We welcome the contribution of the security research community. If you believe you have found a vulnerability in Detail Companion, please let us know.
Reporting: Please send a detailed description of the vulnerability to security@detailcompanion.com.
Safe Harbor: We will not take legal action against researchers who discover and report security vulnerabilities in good faith and in accordance with this policy.
Review: We will acknowledge receipt of your report, investigate the issue, and work to resolve it quickly. We ask that you give us reasonable time to patch the issue before making it public.
10. Contact Us
If you have questions regarding this Security Policy or concerns about the security of your account, please contact our security team:
Detail Companion Security Team
Email: security@detailcompanion.com
Website: www.detailcompanion.com