Security & Trust
How FieldCherry protects your data, documents, and AI processing
Compliance logos indicate the standards and platforms our security posture is designed around.
How AI Processes Your Documents
Your files are processed securely from upload to final report.
Secure Upload
Documents are uploaded through encrypted HTTPS connections.
Protected Storage
Files are stored in protected Azure storage with strict access controls.
AI Extraction
AI extracts the required fields without using your data to train public models.
Privacy Controls
Processing is isolated by account and access is limited to authorized users.
Report Generation
Structured reports are generated from your templates and uploaded content.
Human Review
You remain in control and can review generated outputs before use.
Data Residency
All data stays in Canada- All Azure resources hosted in Canada Central region
- Database, file storage, and AI models — all in Canada
- Compliant with PIPEDA (Canada) data sovereignty requirements
- Only payment processing (Stripe/PayPal) and OAuth (Google/Microsoft) may transit through the US — disclosed in our Privacy Policy
Network Isolation
Private, air-gapped database- Database runs inside a private Azure Virtual Network (VNet) — no public internet access
- Private DNS Zone ensures database hostname resolves to internal IP only
- Only the application server can reach the database — zero external access
- SSL/TLS required on all database connections
Encryption Standards
Data is protected in transit, at rest, and across tenants.
In Transit
TLS 1.2+
All browser, API, and service connections require encrypted transport.
At Rest
AES-256
Databases and files are encrypted using cloud platform controls.
Secrets
Azure Key Vault
Production secrets are stored in Azure Key Vault.
Tenant Isolation
Account-scoped data
Application access checks keep customer data separated by account.
Built on Microsoft Azure
Cloud services selected for reliability, security, and private connectivity.
Azure App Service
Hosts the web application securely.Azure Key Vault
Protects production secrets.Azure OpenAI
Processes AI workloads privately.Azure Blob Storage
Stores uploaded files and generated documents.Azure AI Search
Powers secure knowledge search.Azure MySQL
Stores application data.Azure Virtual Network
Connects services through private networking.Application Insights
Monitors reliability and errors.Our AI Data Commitment
Privacy-first guarantees for your business data.
No Public Model Training
Your documents are not used to train public AI models.
Controlled Retention
Data retention follows account settings and operational requirements.
Account Isolation
Customer data is separated by account and protected by authorization checks.
Deletion Support
Account deletion workflows remove user-owned data according to policy.
Application Security Controls
Layered safeguards help protect sessions, requests, and infrastructure access.
Content Security Policy
Security headers reduce browser-side attack risk.Rate Protection
Request controls help limit abuse.Authentication
Identity controls protect account access.Clickjacking Protection
Frame protection helps prevent unwanted embedding.Server Hardening
Response headers and middleware reduce common risks.CSRF Protection
Forms and actions use anti-forgery protections.Managed Identity
Production Azure services use managed identity where applicable.Session Controls
Session behavior is configured to reduce unauthorized access.Security FAQ
Questions about security?
Contact our team for security, privacy, or compliance questions.
security@fieldcherry.com
