Security

Last updated: 11 June 2026

Protecting the data agencies trust us with is fundamental to AgencyTrack. This page summarises the measures we apply to keep the Service and your data secure. It is an overview, not an exhaustive specification.

Encryption in transit

All traffic to and from the Service is encrypted using TLS (HTTPS). Data exchanged between your browser and our infrastructure is protected in transit.

Authentication and access control

Access requires authenticated sign-in. The platform enforces role-based access control that mirrors the agency hierarchy — agents, unit managers, branch managers, sales managers, back-office, and administrators each see only what their role permits. We apply the principle of least privilege to administrative access.

Infrastructure

The Service is built on Google Cloud Platform and Firebase, and benefits from Google's physical data-centre security, network protection, and platform safeguards.

Tenant isolation

The platform is multi-tenant by design, with controls that keep each organisation's data logically separated from others.

Backups and resilience

We maintain regular backups of platform data to support recovery and continuity.

Monitoring and access

We restrict and monitor administrative access to production systems and are continually expanding our logging and audit capabilities.

Shared responsibility

Security is a shared effort. Subscribing organisations are responsible for managing their own users, roles, and credentials, and for promptly removing access when staff change roles or leave.

Responsible disclosure

If you believe you have found a security vulnerability, please report it to hello@agencytrack.app so we can investigate. We appreciate responsible disclosure.

Ongoing improvement

Our security practices evolve with the platform. This page will be updated as those practices change.