Skip to main content
SYSTEM_NOMINALAGENTS_LIVE 6 OF 6SCANNED 8,427
ATL · --:-- EDT
$22K–$120K TYPICAL ANNUAL LEAKAGE·14-DAY INSTALL PER AGENT·NO SOFTWARE CHANGES REQUIRED TO START·SIX AGENTS · 12 TRADES·BILINGUAL EN/ES BUILT INTO RECEPTIONIST·INDUSTRY-BENCHMARKED METHODOLOGY·$22K–$120K TYPICAL ANNUAL LEAKAGE·14-DAY INSTALL PER AGENT·NO SOFTWARE CHANGES REQUIRED TO START·SIX AGENTS · 12 TRADES·BILINGUAL EN/ES BUILT INTO RECEPTIONIST·INDUSTRY-BENCHMARKED METHODOLOGY·
FieldStack.ai
Book a call
00Security & trust

Customer data is the most valuable asset an operator owns.
We treat it that way.

FieldStack agents reach into your customer database, your schedule, and your phone calls. The principle is simple. You own the data, we process it on your behalf, and we run enterprise-grade controls at every layer in between.

01Principles

Five controls we don't compromise on.

Encrypted at rest and in transit

All customer data is encrypted in transit (TLS 1.3) and at rest (AES-256). PostgreSQL on Supabase with row-level security enforced on every table. Audio recordings stored in encrypted object storage with access logged.

Your data, your numbers

We don't sell, share, or train models on your customer data. Our LLM provider processes inference requests under an enterprise-grade DPA. They don't retain your data and don't train on it. We hold conversation transcripts only for the duration of your subscription, with full export available on cancellation. Specific subprocessor identities are disclosed under DPA before you commit.

DPA + BAA available

Standard Data Processing Agreement available for any customer who requests one. Business Associate Agreement (HIPAA) available for healthcare-adjacent customers. Custom security questionnaires answered within 5 business days.

Access controls + audit logs

Engineer access to customer data is role-based, time-bounded, and logged. All production changes require pull request approval and pass automated security scanning before deploy. Quarterly access reviews. No long-lived credentials.

Hosted in the United States

Primary infrastructure on AWS us-east-1 and us-west-2 via Vercel and Supabase. No data egress to non-US regions without explicit customer consent. Sub-processors disclosed below.

02Subprocessors

Who we share data with, and why.

Every subprocessor that touches customer data is listed here. If we add a new one, you get a 30-day notice email before it goes live. Operators renewing their cyber-liability policy can hand this table to the carrier as-is.

Vendor
Purpose
Region
LLM provider
AI reasoning — vendor disclosed under DPA pre-purchase
United States
Vercel
Web hosting + edge functions
United States
Supabase
Database + auth + storage
United States
Twilio
Voice + SMS infrastructure
United States
Voice synthesis provider
TTS — vendor disclosed under DPA pre-purchase
United States
Speech-to-text provider
STT — vendor disclosed under DPA pre-purchase
United States
Stripe
Payment processing
United States
Resend
Transactional email
United States
Responsible disclosure

Found a vulnerability?

Email security@fieldstack.ai. We respond within one business day. We don't pursue legal action against good-faith security research that follows standard disclosure norms (no destruction of data, no degradation of service, reasonable disclosure window).

security@fieldstack.aiRequest DPA