Security & Trust

Enterprise-grade protection for your confidential documents. Built on Microsoft Azure with zero-trust architecture.

Microsoft Azure
SOC 2 Type II
ISO 27001
GDPR
PIPEDA
PCI DSS (Stripe)
AI Document Processing

How We Securely Process Your Documents

Every step of AI processing happens within Microsoft Azure's secure infrastructure in Canada Central. Your data is encrypted, isolated, and never used for AI training.

1
Encrypted Upload

Your audio recordings, documents, and photos are transmitted over TLS 1.2+ encryption. Data is never sent in plain text.

2
Secure Storage

Files are stored in Azure Blob Storage with AES-256 encryption at rest and per-client encryption scopes for data isolation.

3
AI Processing in Canada

Azure OpenAI transcribes audio (Whisper) and generates reports (GPT-4o-mini) — all within Canada Central. Your data never crosses borders.

4
Zero Data Retention by AI

Azure OpenAI does NOT store or train on your data. Your prompts and outputs are processed and immediately discarded by Microsoft.

5
Report Generated

Your completed report is stored encrypted in Azure Blob Storage. Only you can access, download, or share it.

6
You Stay in Control

Delete any document, recording, or your entire account at any time. Deletion is permanent and verified across all systems.

Data Residency

All data stays in Canada
  • All Azure resources hosted in Canada Central region
  • Database, file storage, and AI models — all in Canada
  • Compliant with PIPEDA (Canada) data sovereignty requirements
  • Only payment processing (Stripe/PayPal) and OAuth (Google/Microsoft) may transit through the US — disclosed in our Privacy Policy

Network Isolation

Private, air-gapped database
  • Database runs inside a private Azure Virtual Network (VNet) — no public internet access
  • Private DNS Zone ensures database hostname resolves to internal IP only
  • Only the application server can reach the database — zero external access
  • SSL/TLS required on all database connections

Encryption at Every Layer

Your data is protected by industry-standard encryption whether it's moving, stored, or being processed.

In Transit

TLS 1.2+

All data encrypted between your device, our servers, and Azure services.

At Rest

AES-256

Files, database, and search index encrypted with Azure-managed AES-256 keys.

Secrets

Azure Key Vault

All API keys, passwords, and tokens stored in HSM-backed Key Vault — never in code.

Tenant Isolation

Per-User Scoping

Per-client encryption scopes in storage. Mandatory user filters on all data queries.

Powered by Microsoft Azure

Enterprise Cloud Infrastructure

FieldCherry runs entirely on Microsoft Azure — the same cloud platform trusted by 95% of Fortune 500 companies.

Azure App Service
Premium v3 compute with Managed Identity
Azure Key Vault
HSM-backed secret management
Azure OpenAI
GPT-4o-mini, Whisper, Embeddings
Azure Blob Storage
AES-256 encrypted file storage
Azure AI Search
Isolated vector knowledge base
Azure MySQL
VNet-isolated, SSL-required
Azure Virtual Network
Private network isolation
Application Insights
Real-time monitoring & alerting

Our AI Data Commitment

Clear, non-negotiable guarantees about how your data is handled.

We Never Train AI on Your Data

Microsoft's Azure OpenAI Service explicitly guarantees that your prompts, completions, and uploaded data are not used to train, retrain, or improve any AI models. This is a contractual obligation, not just a policy.

Zero Data Retention by AI

When Azure OpenAI processes your audio or documents, the data is used only for that request and immediately discarded. No copies are kept. No logs of your content are stored by the AI service.

Complete Tenant Isolation

Your data is strictly separated from other users at every layer: database queries, file storage encryption scopes, and AI knowledge base search filters are all user-scoped by design.

Right to Erasure — Guaranteed

Delete your account and every trace of your data is permanently removed across 10 verified steps: knowledge base, marketing, invoices, reports, templates, payments, business data, logs, and user records.

Application Security Controls

Defense-in-depth at the application level, following OWASP best practices.

Content Security Policy
Strict CSP headers block XSS and unauthorized resource loading
Rate Limiting
100 requests/min global, 5 auth attempts per 15 min
Strong Authentication
12-char passwords, JWT tokens, Google & Microsoft OAuth
Clickjacking Protection
X-Frame-Options + frame-ancestors prevent iframe embedding
Server Info Hidden
Server, X-Powered-By, and ASP.NET headers removed
Anti-CSRF Tokens
All state-changing forms protected against cross-site request forgery

Security FAQ

Absolutely not. Multi-tenant isolation is enforced at every layer. Database queries include mandatory user-ID filters. Azure Blob Storage uses per-client encryption scopes. The AI Knowledge Base search index requires a parent_user_id + client_id filter on every query — there is no code path that bypasses it.

No. We use Azure OpenAI Service, not the consumer OpenAI API. Microsoft contractually guarantees that your data is not used to train, retrain, or improve any AI models. Your documents are processed for report generation and immediately discarded by the AI service. See Microsoft's Data, Privacy & Security for Azure OpenAI.

All data — including your database, files, AI models, and search index — is hosted exclusively in Microsoft Azure's Canada Central data centers (Toronto region). Your data never leaves Canadian soil for processing or storage.

The Azure services we use (Azure OpenAI, Azure Blob Storage, Azure MySQL) are HIPAA-eligible. Microsoft offers Business Associate Agreements (BAAs) for these services. If you operate under HIPAA requirements, contact us to discuss your specific compliance needs.

Account deletion triggers a 10-step verified purge: AI knowledge base entries, marketing data, invoices, generated reports, report templates, payment records, business data, application logs, user account, and a final verification check. Each step reports its result so you can confirm complete removal. This process is permanent and irreversible.

FieldCherry never stores, processes, or transmits credit card numbers. All payment processing is delegated to Stripe (PCI DSS Level 1 certified) and PayPal. Card details are entered directly on Stripe's or PayPal's secure hosted forms — they never touch our servers.

Have Security Questions?

Our business is ready to discuss your security and compliance requirements.

Contact Security Business Privacy Policy

security@fieldcherry.com

Privacy Policy Terms of Service FAQ
FieldCherry FieldCherry Assistant
AI
Hi! I'm FieldCherry Assistant. How can I help you today?