Security & Data Protection Policy

This policy applies to Suiviro accounts, client records, job records, staff records, uploaded files, photos, communications, integrations and billing information.

• Confidentiality
• Integrity
• Availability
• Accountability
• Least privilege access

Data in transit

All communication between users and Suiviro is encrypted using HTTPS/TLS. This includes website traffic, mobile traffic, API requests and integrations.

Data at rest

Where supported by underlying infrastructure, stored data is encrypted at rest. This includes database records, uploaded files, photos and attachments.

Suiviro protects access through secure passwords, session management, access controls and user permissions. Future enhancements may include multi-factor authentication, single sign-on and enterprise identity providers.

Suiviro supports role-based permissions. Typical roles include Owner, Admin, Scheduler, Staff and Viewer. Permissions are limited according to business requirements. Users only access information required for their role.

Each business account operates within its own data boundary. Users may only access businesses where they hold an approved membership. Cross-business access is prohibited unless explicitly authorised.

Suiviro maintains activity records including login activity, job updates, client updates, permission changes, notification actions and integration activity. Audit records assist with accountability, troubleshooting and security investigations.

Suiviro maintains backups to support disaster recovery, service continuity and data restoration. Backup schedules and retention periods may vary. Backups are protected using industry-standard security practices.

Suiviro may integrate with Xero, Google Calendar, Microsoft Outlook, payment providers, email providers and SMS providers. Access is limited to information required to provide functionality. Integration credentials are stored securely.

Communications may include emails, SMS, customer portal messages and file uploads. Communication history may be stored within client and job records. Businesses are responsible for ensuring communications comply with applicable laws.

Users may upload photos, documents and attachments. Files are associated with the relevant client, job or communication thread. Users are responsible for ensuring uploaded content is lawful.

In the event of a security incident, Suiviro may investigate the issue, restrict access, suspend affected services, notify affected users where appropriate, and restore services from backups where necessary.

• Maintaining secure passwords
• Managing user permissions
• Protecting devices used to access Suiviro
• Reviewing staff access regularly
• Reporting suspected security issues promptly

Suiviro relies on third-party providers to deliver services. Examples include hosting providers, payment processors, email providers, SMS providers and integration providers. While Suiviro carefully selects providers, their services remain subject to their own security practices and policies.

Information may be retained while accounts remain active, for legal compliance, for operational purposes, and for backup and recovery. Retention periods may vary according to the type of information.

Suiviro may periodically review access controls, integrations, security settings and platform vulnerabilities to improve protection of customer data.

Security concerns should be reported immediately to admin@suiviro.com. Please include a description of the issue, date and time observed, steps to reproduce, and screenshots if available.

This policy may be updated periodically. Material updates may be communicated through the platform or website. Continued use of Suiviro constitutes acceptance of the updated policy.