Field documentation is sensitive: it captures where your crews were, what they did, and the equipment and property they worked on. Checksum Works LLC builds security into the platform from the infrastructure up. This page describes the measures we use to protect your data. Security is a shared responsibility, and the practices here work best alongside good account hygiene on your side.
Hosting and Infrastructure
The Services run on Amazon Web Services (AWS), a provider with a mature security program and globally recognized compliance certifications. Our application runs in isolated, private virtual networks; databases and caches are not exposed to the public internet and are reachable only by our application within the private network.
Encryption
- In transit: all traffic between you and the Services is encrypted with TLS 1.2 or higher.
- At rest: photos, databases, backups, and other stored data are encrypted at rest using AES-256.
Tenant Isolation and Access Control
Mastlens is multi-tenant: every customer’s data is logically separated. Records are scoped to their owning company throughout the application, and we apply defense-in-depth at the database layer using PostgreSQL Row-Level Security so that one customer cannot access another’s data. Within an organization, role-based permissions limit what each user can see and do, and our systems follow the principle of least privilege.
Authentication
- User passwords are stored only as salted, hashed values — never in plain text.
- Application sessions use short-lived access tokens with revocable refresh tokens.
- Administrative access to our internal back-office tooling requires multi-factor authentication (MFA).
Network Security
Public traffic is fronted by a content delivery network with a Web Application Firewall (WAF) that helps filter common attacks and abusive traffic. Internal services run in private subnets with tightly scoped security groups, and our databases have no public network exposure.
Backups and Resilience
Databases are backed up automatically, and object storage is designed for high durability. These measures are intended to help us recover from failures and reduce the risk of data loss.
Logging and Monitoring
We maintain structured application and infrastructure logs and monitor key systems with automated alerting so we can detect and respond to anomalies and operational issues.
Secrets and Key Management
Application secrets and credentials are stored in a managed secrets service with encryption and access controls, rather than in source code or configuration files.
Secure Development
Changes to our software go through code review before release. Our continuous-integration pipeline runs automated checks, including static application-security analysis and dependency vulnerability scanning, to catch issues early.
Sub-processors
We use a small, vetted set of service providers (including AWS, Stripe, Google Maps Platform, and Amazon SES) under contractual confidentiality and security obligations. See our Privacy Policy for details on how data is shared.
Incident Response
We maintain procedures to investigate and respond to suspected security incidents. If an incident affects your data, we will notify affected customers and provide relevant information as required by applicable law and our agreements.
Your Responsibilities
- use a strong, unique password and keep your credentials confidential;
- enable available account-security features and manage your users’ access;
- promptly remove access for people who leave your organization; and
- report anything that looks suspicious.
Responsible Disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@mastlens.com with details and steps to reproduce. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and avoid accessing or modifying data that is not yours.
Compliance
We design our practices around widely recognized security principles. Today, that means:
- Payments are handled by Stripe (PCI DSS Level 1) — Mastlens never stores full card numbers.
- Our application is hosted on AWS, which independently maintains SOC 2, ISO 27001, and other certifications at the infrastructure layer.
- We operate in line with the GDPR and CCPA/CPRA; see our Privacy Policy for details on data rights.
- We have not yet completed our own SOC 2 or ISO 27001 audit. As we obtain formal certifications, we will list them here.
To request additional security documentation, contact security@mastlens.com.