Company Data Isolation
Every IRONGRID account is a fully isolated tenant. Your work orders, clients, team members, invoices, and files are scoped exclusively to your company. No other company on the platform can access, query, or interact with your data — this is enforced at the database layer, not just in the application.
Role-Based Access Control
IRONGRID gives you control over exactly what each person on your team can see and do. Assign employees, managers, or admins to your account. Employees see the jobs they're assigned to. Managers access client and scheduling tools. Admins manage the full account. Roles are enforced on every route and every data request.
Secure Authentication
User sessions are validated server-side on every request — we don't rely solely on the browser's stored token. When you deactivate a team member, their access is revoked instantly via a live connection to our platform. They are signed out in real time, even if they're actively logged in.
Payment Security
IRONGRID's payment infrastructure is PCI-compliant. We never store your full credit card number or raw payment credentials on our servers. When you send or collect payments through the platform, your financial data is handled through IRONGRID's secure payment system — built on the same certified infrastructure used by enterprise financial applications.
Encryption in Transit & At Rest
All data transmitted between your browser and IRONGRID is encrypted using TLS. Your stored data — work orders, client records, team information, financial data — is encrypted at rest on our infrastructure. We use enterprise-grade cloud infrastructure with encryption enabled by default.
Private File Storage
Photos and documents you upload to work orders are stored in a private, access-controlled storage bucket. Files are not publicly accessible by URL. Only authenticated users within your company account can view or download attachments associated with your jobs.
Infrastructure
Built on enterprise-grade cloud infrastructure.
IRONGRID is built on Supabase, which runs on AWS. Your data is stored in a managed PostgreSQL database with row-level security policies that enforce tenant isolation directly in the database engine — not just in our application code. This means even a misconfigured request cannot cross company boundaries.
IRONGRID's payment system is built on PCI Service Provider Level 1 certified infrastructure — the highest level of certification available in the payments industry. Invoicing and payment collection flow through IRONGRID's secure payment layer. We never handle or store raw card data on our servers.
Questions
Have a security question?
If you have questions about how IRONGRID handles your data, or if you'd like to report a security concern, reach out to us directly. We take every report seriously and respond promptly.