CrewCommand

Security & Trust

CrewCommand protects the data that powers your field operations.

Enterprise-grade identity, encryption, and audit logging are built into every tenant. We operate with SOC 2-ready controls, documented incident response, and transparent reporting so you can confidently run mission-critical work.

99.9%

Platform uptime

100%

Data encrypted

SOC 2 Type II

Annual audits

Platform posture

Single-domain multi-tenancy enforced with company_id RLS, private VPC networking, and 99.9% uptime backed by automated health checks.

Data protection

AES-256 encryption at rest, TLS 1.3 in transit, and customer-managed secrets for integrations.

Continuous monitoring

24/7 infrastructure monitoring with anomaly alerts, log retention, and automated backups.

Data protection controls

Controls mapped to real-world requirements

CrewCommand aligns with SOC 2 Type II, GDPR, and customer-specific security questionnaires. Below are the highlights we commonly share with security and compliance teams.

Identity & access

  • SAML SSO + SCIM provisioning
  • Role-based policies + per-company RLS
  • Mandatory MFA for admins

Application security

  • Static + dynamic scans in CI
  • Quarterly penetration testing
  • Secure SDLC with change approvals

Data lifecycle

  • Daily encrypted backups retained 30 days
  • Right-to-be-forgotten workflows
  • Tenant-level export tooling
  • Company assets stored in private Supabase Storage with signed URLs + path RLS

Compliance & certifications

  • SOC 2 Type II audits conducted annually; reports available under NDA.
  • GDPR-compliant data handling with signed DPA for EU/UK customers.
  • Optional customer-managed encryption keys for regulated sectors.
  • Quarterly tabletop exercises covering incident response + DR.

Incident response lifecycle

01. Detection

Automated monitors and human review of security dashboards alert the on-call team within minutes.

02. Response

Incident commander is assigned, blast radius is contained, and customers are notified within SLA.

03. Learn & improve

Post-incident report shared with customers, including remediation actions and timeline.

Need a questionnaire?

Security team standing by

We routinely support enterprise diligence, vendor risk assessments, and custom questionnaires. Reach out anytime for documentation, architecture diagrams, or a live session with our security engineers.

Report an issue

security@crewcommand.app

Security hotline

+1 (888) 555‑0148 (24/7)

SLA: severity-1 incidents acknowledged in < 1 hour, updates provided every 4 hours.