Eight pillars
Each links to the source.
Security posture
Identity + access, data isolation, encryption, audit logs, backups, ops practices, privacy + compliance. Seven pillars, plain English.
Read security posture →Service-level agreements
Three tiers (Trial+Essentials, Professional, Enterprise) with uptime, response-time, and recovery commitments. Service credits when we miss.
See SLAs →Privacy posture
What we collect, what we don't (no data sale, no continuous GPS, no third-party trackers), and your concrete GDPR/CCPA rights with endpoints.
Privacy in plain English →Legal terms + policies
Subscription terms, privacy policy, acceptable use. The lawyer-readable version of the above.
Privacy policy →Status + incidents
Live probes for web, database, webhooks, email, and photo storage. Public 90-day incident timeline.
Live status →Public roadmap
Now / Next / Later — what we're committed to building. Buyers can plan around what ships when.
See the roadmap →Data portability
Six export endpoints (org archive, assets, hours, certified payroll, OSHA 300, service rollup) so you can leave whenever — by design.
Read about data portability →Vulnerability disclosure
RFC 9116 security.txt + dedicated security@ inbox. Coordinated-disclosure policy.
security.txt →
For procurement
Documents we'll send on request.
SOC 2 readiness questionnaire / CAIQ-Lite
Email security@ — we turn around a populated questionnaire in 5 business days.
Data Processing Agreement (DPA)
Standard GDPR/CCPA-compliant DPA available; email privacy@ to receive the template.
Sub-processor list (current)
Maintained at /security — updated before we activate any new sub-processor in production.
Custom SLA negotiation
Professional and Enterprise tiers negotiate uptime + response commitments commercially. Email hello@ with your contract requirements.
Penetration test summary
Available under NDA. Roadmap target: annual third-party pentest aligned with SOC 2 Type II observation window.
Need something we haven't listed? Email security@dirtfleet.app for security docs, privacy@dirtfleet.app for privacy / DPA, or hello@dirtfleet.app for anything else.