Trust & Security
How we keep your maintenance data safe.
This page is maintained by the EccMaintain team to answer common security and privacy questions about the app. It describes the controls currently in place and is editable content — it is not an independent certification or audit.
Authentication
Access to EccMaintain requires a signed-in account. We support email & password sign-in and Google sign-in. Every page of the app is protected behind authentication.
Access control
EccMaintain is a shared team workspace. Roles (admin, manager, and technician) are managed in a dedicated, server-side roles store — they cannot be changed from the browser. Role checks are enforced on the server.
Work orders are collaborative: signed-in team members can view, create, and update work orders together, while deletion is limited to the work order's creator or an admin.
Audit trail
Sensitive access-control changes — role changes, permission grants, new member accounts, and plan changes — are recorded in a tamper-proof activity log written automatically at the database level. Entries cannot be edited or deleted through the app, and admins and managers can review and export their company's log for audit purposes.
Compliance posture
EccMaintain is designed to support the technical controls commonly reviewed in frameworks like SOC 2 — role-based access control, per-company data isolation, row-level security, authentication controls, and an immutable audit trail.
To be clear: SOC 2 is an independent audit of an organization's controls performed by a licensed CPA firm. This page is not a certification or an assertion of SOC 2 compliance; it describes the security controls currently built into the app.
Data protection & privacy
Database access is governed by row-level security policies, so data is only reachable through the app's defined rules rather than open to anyone.
Team members can see each other's display names for assigning work, but personal email addresses are not exposed to other users through the app.
Hosting & platform
EccMaintain is built and hosted on the Lovable Cloud platform, which provides the managed database, authentication, and application hosting. These are platform capabilities we rely on and are described here factually — they are not a certification of EccMaintain.
Shared responsibility
Security is a shared effort. The underlying platform provides managed infrastructure and security features; the EccMaintain team configures access rules and application controls; and customers are responsible for safeguarding their own login credentials and managing who they invite to their workspace.
Security contact
Found a security concern or have a privacy question? Please reach out to the EccMaintain team.
Contact: security@maintainpro.app
Last reviewed by the EccMaintain team. Update this page as your security and privacy practices evolve.