Security You Can Count On
We take the security of your business data seriously. Here's exactly what we do today — and where we're headed.
Our Security Commitment
ServBuilder is built for service businesses that handle sensitive customer data, financial records, and employee information. We've designed our infrastructure, authentication, and data handling with security as a first principle — not an afterthought. This page gives you a transparent look at what protections are in place today, and our roadmap for the certifications and compliance frameworks we're working toward.
What We Have Today
These protections are active right now for every ServBuilder account.
Data Encryption in Transit
All data transmitted between your browser or mobile app and our servers is encrypted using TLS 1.3. Your information is never sent over unencrypted connections.
Data Encryption at Rest
Business data stored in our database is encrypted at rest using AES-256 encryption, powered by Neon PostgreSQL's enterprise-grade infrastructure.
Enterprise Authentication
User authentication is powered by Clerk, an enterprise-grade auth platform. Supports multi-factor authentication (MFA), session management, and automatic suspicious activity detection.
SOC2-Certified Hosting
ServBuilder is hosted on Vercel, which holds SOC2 Type II certification. Your data lives on infrastructure that has been independently audited for security and availability.
PCI DSS Payment Processing
Payment processing is handled exclusively by Stripe, a PCI DSS Level 1 certified provider. ServBuilder never stores raw card numbers — Stripe handles all payment data.
Automated Database Backups
Your data is backed up automatically through Neon PostgreSQL's managed infrastructure. We maintain point-in-time recovery capabilities.
Role-Based Access Control
Access to your business data is controlled by role-based permissions. Technicians see what they need; owners control who has access to billing, reporting, and sensitive records.
Error Monitoring
We use Sentry for real-time error tracking and monitoring. This helps us detect and respond to unexpected behavior before it affects your workflow.
Our Compliance Roadmap
We're actively working toward the industry-standard certifications that service businesses and their enterprise customers expect. Here's where we stand:
| Framework | Status | Target |
|---|---|---|
| SOC2 Type II | In Progress | Q3 2026 |
| GDPR | In Progress | Q4 2026 |
| CCPA | In Progress | Q4 2026 |
| HIPAA | Planned | 2027 |
Need a data processing agreement or have specific compliance requirements? Contact us at security@servbuilder.com
Responsible Disclosure
If you believe you've discovered a security vulnerability in ServBuilder, we want to hear from you. We take all reports seriously and will work to address legitimate issues promptly.
- Email: security@servbuilder.com
- Please include: a description of the vulnerability, steps to reproduce, and the potential impact
- We ask that you give us reasonable time to investigate and address the issue before public disclosure
- We do not currently offer a formal bug bounty program, but we sincerely appreciate responsible disclosure
Security FAQ
- Who owns my business data?
- You do. Your customer records, job history, invoices, and all business data you put into ServBuilder belongs to you. We are a data processor — you are the data controller. We never sell your data to third parties, use it for advertising, or share it beyond what's needed to operate the service.
- Can I export my data?
- Yes. You can export your customer list, job history, and invoices at any time from your account settings. We believe in data portability — you should never feel locked in.
- What happens to my data if I cancel?
- If you cancel your ServBuilder account, we retain your data for 30 days during which you can request a full export. After 30 days, your data is permanently deleted from our servers. We can provide written confirmation of deletion upon request.
- Do you use my data to train AI models?
- No. We do not use your business data to train machine learning or AI models, and we do not share your data with AI providers for training purposes.
- Is ServBuilder HIPAA compliant?
- ServBuilder is not currently HIPAA compliant. If you operate in a field that involves protected health information (PHI) — such as medical equipment maintenance or healthcare facility services — we recommend reviewing your requirements carefully. HIPAA compliance is on our roadmap for 2027. Contact us at security@servbuilder.com if this is a priority for your business.
Questions about security?
Our team is happy to answer specific questions about how we handle your data.