Back to top
Security & Trust

Security and trust for field service AI

Security, privacy, and data handling for AI-guided field work

Review CoSkip security, privacy, data handling, enterprise controls, trust resources, DPA, subprocessors, accessibility, and status information for AI-guided field work and proof capture.

Field work can involve sensitive jobsite images, customer context, technician notes, asset details, signatures, and operational records. CoSkip is built to help teams capture the proof they need while giving IT, legal, security, and operations leaders a clear path to review how data is handled.

Request Security Docs View DPA View Subprocessors →
Built for pilot review today. Designed for enterprise readiness tomorrow.
On-device by default Zero-retention option SSO / SAML MDM-ready TLS in transit Encrypted at rest RBAC / audit logs DPA + subprocessors Status page SOC 2 / ISO roadmap
Security posture

Designed around the realities of field deployment.

CoSkip is built for teams that need to guide work in real conditions while protecting sensitive operational data. That means balancing technician usability, proof capture, device constraints, customer expectations, and enterprise review requirements.

Minimal data movement

CoSkip is designed to keep data movement limited and purposeful, especially for voice, image, and workflow inputs used during guided field work.

On-device or edge-aware guidance

Where supported, CoSkip favors on-device or edge-aware processing for voice guidance, recognition, and field workflow interactions.

Admin controls

Pilot and enterprise review paths can include role-based access, SSO/SAML, MDM readiness, retention settings, and audit logs.

Encrypted transport and storage

CoSkip uses TLS in transit and encrypted-at-rest patterns for protected data storage where applicable.

Vendor and subprocessors transparency

CoSkip maintains subprocessors and vendor review resources so teams can understand who supports the service and why.

Compliance roadmap

CoSkip is building toward SOC 2 Type I/II and ISO 27001 readiness, with current status and milestones available during review.

Architecture

Field proof architecture

A clear path from field guidance to captured proof, admin review, secure export, and scoped system planning.

  1. Field device

    Work starts on approved phones or tablets.

  2. Guided workflow

    Voice and visual prompts keep steps repeatable.

  3. Proof capture

    Photos, notes, exceptions, and signoff stay tied to the step.

  4. Proof packet

    Completed work becomes one structured close-out record.

  5. Admin review

    Supervisors review the packet before export.

  6. Export path

    Exports and integrations stay pilot-scoped.

SSO / SAMLMDM-readyRBACAudit logsRetention controlsSecurity review
CoSkip's review path connects technician guidance, proof capture, admin controls, exports, and systems planning without treating security as an afterthought.
Data lifecycle

From field input to proof packet, every data moment should be understandable.

  1. 01

    Technician starts a workflow

    A technician begins a guided workflow such as HVAC PM close-out, facilities inspection, warranty repair, safety check, or another repeatable field procedure.

  2. 02

    CoSkip provides guidance

    Voice and visual prompts help the technician move through steps, proof requirements, and exception paths.

  3. 03

    Proof is captured in context

    Photos, timestamps, notes, exceptions, signoff, and step verification attach to the exact workflow step where they belong.

  4. 04

    Data is processed according to scope

    Processing, retention, exports, and review paths are configured according to pilot or enterprise requirements.

  5. 05

    Proof packet is created

    Completed work becomes a structured close-out record for supervisor, customer, warranty, compliance, or audit review.

  6. 06

    Records follow policy

    Retention settings, zero-retention options, exports, and deletion requests should be transparent to admins and reviewers.

Private-first AI

AI support should not require unnecessary exposure of field data.

Technician device On-device / edge-aware guidance Configured workflow rules Proof capture layer Admin controls Export / system-of-record pathway Review resources
Diagram showing CoSkip field data flow across device capture, secure review, access control, retention, and office system export.

CoSkip's product direction is private-first: provide useful guidance while limiting unnecessary data movement and giving organizations review paths for retention, access, subprocessors, and exports.

Local where practical

CoSkip favors on-device or edge-aware interactions where supported, especially for guidance and recognition workflows.

Purpose-limited processing

Data should be used for the workflow and proof outcomes configured by the customer or pilot scope.

Configurable retention

Retention and zero-retention options should help organizations match data handling to risk, policy, and operational needs.

Human review stays central

CoSkip supports technicians, supervisors, and admins. It should not remove human judgment from field work, safety, or final decisions.

Data flow

On-device first, cloud where scoped

The pilot review separates field-device interactions from optional cloud services, retention controls, and export paths.

On-device zone

  1. Field device

    The technician starts from the work context.

  2. On-device guidance

    Guidance stays local or edge-aware where supported.

  3. Local proof capture

    Evidence attaches to the right workflow step.

Optional cloud / export

  1. Optional cloud

    Cloud services are scoped during review.

  2. Retention controls

    Retention options are reviewed before launch.

  3. Review / export

    Customer-controlled exports support review paths.

The data flow distinguishes on-device field guidance from optional cloud services, retention controls, review, export, and system paths scoped during pilot review.
Enterprise controls

Controls for IT, security, and operations teams.

Identity & Access

  • Available SSO / SAML
  • Available Role-based access control
  • Under review Least-privilege access
  • By pilot scope MFA for admin
  • Available User and admin audit logs

Device & Deployment

  • Available MDM-ready deployment planning
  • By pilot scope iOS / Android field device review
  • Roadmap Offline-aware planning where applicable
  • By pilot scope Pilot device constraints review
  • By pilot scope PPE / hands-free field constraints review

Data Protection

  • Available TLS in transit
  • Available Encrypted at rest
  • Under review Key management / rotation where supported
  • By pilot scope Retention configuration
  • Available Zero-retention option

Governance

  • Available DPA
  • Available Subprocessors list
  • Available Vendor due diligence
  • Available Security overview
  • Roadmap Compliance roadmap
  • Available Data subject request pathway

Operations

  • Available Status page
  • Available Incident response plan
  • Available Backup / DR procedures for critical metadata
  • Under review Change review
  • Available Dependency scanning / vulnerability management
Integration path

Start with proof, then connect systems

The integration path can begin with reviewed exports before API, webhook, or system-of-record work is scoped.

  1. Field workflow

    A technician completes the guided process.

  2. Proof packet

    Evidence becomes a review-ready record.

  3. Review / export

    Teams validate output before automation.

  4. API / webhook

    Technical scope follows pilot fit.

  5. System record

    Records move only where needed.

Scoped systems FSMCMMSEAMGISWork ordersPilot-scoped
Integration scope is defined during pilot, based on workflow, security review, system ownership, and export requirements.
Review resources

The documents security teams ask for, organized in one place.

Privacy Policy

What CoSkip collects, why it is collected, and how website visitors, pilot users, and enterprise deployments are addressed.

Data Processing Addendum

Standard data processing terms for GDPR/UK GDPR and US state privacy-law review, including SCCs annex, TOMs, and subprocessors reference where applicable.

Subprocessors

Current vendor list with purpose, data types, regions, and change-log options.

Security Overview

High-level architecture, encryption, access control, vendor management, incident response, and SDLC practices.

Compliance Roadmap

CoSkip is building toward SOC 2 Type I/II and ISO 27001. Current milestones and attestations can be requested during vendor review.

Status & Availability

Availability, incident history, and scheduled maintenance windows for CoSkip services.

Some documents may be shared under NDA or during pilot/vendor review depending on the request.

Technical & Organisational Measures

Security measures at a glance.

Access ControlSSO/SAML, least-privilege access, MFA for admin, RBAC, audit logs
EncryptionTLS 1.2+ in transit, encrypted at rest, cloud KMS, key rotation where supported
On-device / Edge-aware GuidanceVoice guidance and recognition on device or edge where supported
RetentionConfigurable retention and zero-retention option for transient audio/images where supported
ResilienceBackups for critical metadata, DR procedures, redundancy planning
SDLCCode review, dependency scanning, vulnerability management, secure release practices
VendorsDPA/SCCs, security due diligence, subprocessors transparency, least-data principle
Incident ResponseDefined incident response plan, vulnerability reporting, personal-data breach notification without undue delay where required
Pilot ReviewWorkflow scoping includes device, data, SSO/MDM, retention, integration, and proof export requirements

See the DPA Annex II for full TOMs.

Pilot security

Security review should happen before field testing, not after.

CoSkip pilots start with one workflow, but security and data handling should be scoped early. The goal is to test a real field workflow while clarifying what data is used, where it goes, how long it is retained, who can access it, and how proof packets are exported or reviewed.

  1. 01

    Scope the workflow

    Identify the target workflow, data types, proof requirements, devices, users, and systems of record.

  2. 02

    Confirm data handling

    Review photos, notes, timestamps, voice inputs, customer/job context, retention, and export expectations.

  3. 03

    Review access and devices

    Confirm SSO/SAML, RBAC, MDM readiness, admin access, technician devices, connectivity, and field constraints.

  4. 04

    Review vendors and legal docs

    Use the DPA, subprocessors list, Security Overview, and TOMs for security/legal review.

  5. 05

    Field test with controls

    Run the pilot with agreed proof rules, data handling, review cadence, and results evaluation.

CoSkip trust review visual showing secure field operations context.
Security review stays connected to the real field workflow, the device environment, and the proof packet the team needs to trust.
Review path

Security review before field testing

A pilot can move quickly while still clarifying data, devices, retention, legal resources, and admin controls.

  1. 01
    Scope workflow

    Pick one field process.

  2. 02
    Identify data

    Map evidence and context.

  3. 03
    Review devices

    Confirm field constraints.

  4. 04
    Define retention

    Set export and retention paths.

  5. 05
    Security review

    Use DPA and vendor resources.

  6. 06
    Admin controls

    Configure access and logs.

  7. 07
    Production path

    Plan readiness after results.

Security review is part of the pilot path, not a separate afterthought or unsupported certification claim.
Apply for Pilot Access Request Security Review
Availability and reporting

Clear paths for status, vulnerabilities, and data requests.

Status & Availability

View current service availability, incident history, and scheduled maintenance windows.

View Status

Report a vulnerability

Security researchers, customers, and partners can report vulnerabilities or incidents to CoSkip's security contact.

Email Security

Data requests

For access, deletion, correction, or other data subject requests, contact CoSkip. If CoSkip processes data on behalf of an employer/customer, CoSkip will coordinate with the relevant admin.

Submit Data Request

Incident and data-request handling may depend on customer role, pilot scope, applicable law, and contractual terms.

FAQ

Security & Trust FAQ

Is CoSkip SOC 2 certified?

CoSkip is building toward SOC 2 Type I/II and ISO 27001 readiness. Security milestones and available documentation can be requested during vendor review.

What does private-first mean for CoSkip?

Private-first means CoSkip is designed to limit unnecessary data movement, favor on-device or edge-aware guidance where supported, provide admin controls, and make retention, access, subprocessors, and exports reviewable.

What data does CoSkip handle?

Depending on configuration and pilot scope, CoSkip may handle workflow steps, photos, visual evidence, timestamps, technician notes, exceptions, signoff, device metadata, and customer/job context supplied by the organization.

Can CoSkip support zero-retention requirements?

CoSkip provides or is building configurable retention and zero-retention options for certain transient audio/image processing flows. Confirm exact behavior during pilot scoping or vendor review.

Does CoSkip support SSO and MDM?

The current Trust content references SSO/SAML and MDM-ready deployment planning. Confirm exact availability, configuration, and pilot requirements during security review.

Are proof packets exportable?

CoSkip is designed to produce structured proof packets that can support supervisor, customer, warranty, compliance, or audit review. Export format and integration path depend on pilot scope.

How does CoSkip handle subprocessors?

CoSkip maintains a subprocessors resource with vendor purpose, data types, region, and update feeds where available.

How should a pilot partner start security review?

Start by selecting one target workflow, identifying the data involved, confirming devices and systems, and requesting CoSkip's security resources, DPA, subprocessors, and TOMs.

Ready for review

Ready to review CoSkip for your field workflow?

Start with one workflow, confirm the data and device environment, and review the security, privacy, and compliance resources your team needs before field testing.

Request Security Docs Apply for Pilot Access View DPA View Subprocessors → Questions? Contact CoSkip →

Apply to Become a Pilot Partner

Tell us a bit about your team. We'll follow up with next steps.

Not ready to apply yet? Calculate ROI or take the readiness score first.

Join the Waitlist

Get launch updates and early access invites.