Tenant isolation
Each bespoke Terrain Apps deployment runs on its own database, sign-in and storage. Terrain CAFM is multi-tenant, with every customer's data strictly separated and access-controlled.
Trust
Security is part of the foundation, not a feature.
The teams who use our software hold sensitive information about real buildings and assets. We treat protecting it as core work.
Our practices
How we protect your data
Encryption in transit
Every connection is encrypted with TLS (HTTPS and secure web sockets). Nothing travels in the clear.
Encryption at rest
Stored data is encrypted by our database and storage providers, and sensitive secrets are encrypted again at the application layer.
Private file storage
Uploaded reports, photos and signatures are kept private and served only through short-lived, signed links that expire within the hour.
Least-privilege access
A managed identity provider, role-based access control and multi-factor authentication keep access limited to those who need it.
Secrets management
Credentials and provider keys live in a dedicated secrets platform, injected at runtime and never committed to code or exposed to browsers.
Audit logging
Actions on audits and records are logged for accountability, so there is a clear trail of who did what.
Monitoring & uptime
Continuous error and performance monitoring, with personal data excluded by default, plus independent external uptime checks.
Data handling
Clear about what we do with data
We collect only the data needed to provide our products and run our business, and we process it in line with UK data protection law (UK GDPR and the Data Protection Act 2018) and our Privacy Policy. For the data customers hold in our products, we act as data processor under a Data Processing Agreement.
- Hosting & residency: data is hosted with established providers in UK and EU regions where possible. Some sub-processors are in the United States, with transfers covered by the UK International Data Transfer Agreement (IDTA) or UK Addendum.
- Access: staff access is on a need-to-know basis, authenticated, and logged.
- Retention: we keep data only as long as we need it. At the end of a contract we return or delete customer data on request, then delete it in the ordinary course.
- Breaches: if a personal data breach affects your data, we notify affected customers without undue delay and help with remediation.
- Portability: you can export your data in clean formats and leave at any time. No lock-in.
Compliance
For procurement and IT teams
We know our software handles sensitive information about real buildings and assets, and that it has to clear your procurement process. Here is what we can provide.
- Data Processing Agreement: a UK GDPR-compliant DPA is available for customers who need one. We act as data processor for customer data and support data-subject requests through you as controller.
- Sub-processors: we maintain a current list of the sub-processors we rely on, such as Clerk, Cloudflare, Neon and Fly.io, in our Privacy Policy, and give prior notice before it materially changes.
- International transfers: where a sub-processor is outside the UK, transfers are covered by the IDTA, the UK Addendum to the EU Standard Contractual Clauses, or UK adequacy.
- Certifications: ask us about our current certification status and security roadmap. We are happy to complete reasonable security questionnaires.
Need our DPA, sub-processor list, or a questionnaire completed? Email terraincafm@gmail.com.
Responsible disclosure
Found a vulnerability?
We welcome reports from security researchers. If you believe you have found a vulnerability in our website or products, please email us with enough detail to reproduce it. Please do not access, modify or delete data that is not your own, and give us reasonable time to investigate and fix issues before any public disclosure. We will acknowledge your report and keep you informed of our progress. If an incident affects customer data, we will contain and remediate it and notify affected customers without undue delay.