Trust & Security
This page is maintained by the FMC SiteLogic team to answer common security and privacy questions. It describes current practices and is not an independent certification.
Access & Authentication
FMC SiteLogic requires every user to sign in before reaching application data. Sessions are managed by our authentication provider with email/password sign-in.
User roles (admin, manager, viewer) are stored server-side in a dedicated roles table and enforced by database row-level security — never by the browser alone.
Data Isolation
Customer data is segregated by company. Row-level security policies scope every read and write to the companies the signed-in user belongs to, with admin overrides where appropriate.
Sensitive files (purchase order invoices, company logos) live in private storage buckets accessed via short-lived signed URLs.
Encryption & Hosting
Application traffic is served over HTTPS. Data is stored on managed cloud infrastructure with encryption at rest and in transit provided by the underlying platform.
Server-side secrets and service credentials are kept out of client code and managed by the platform's secret store.
Audit & Logging
Changes to key business records are recorded in an audit log (action, user, timestamp, before/after snapshot). The audit log is visible to admins inside the app.
Shared Responsibility
FMC SiteLogic provides the application controls described above. Customers are responsible for managing their own users, choosing strong passwords, granting roles appropriately, and reviewing their audit log.
Reporting a Security Concern
If you believe you have found a security issue, please email security@fmcsitelogic.com or contact your administrator. Please do not publicly disclose the issue until we have had a chance to respond.
