Trades Operator

Security is built into the operating system.

Security is built into the Trades Operator platform — not added on. Tenant-scoped data, MFA-gated actions, audit logs, encrypted transit, and approval-first AI.

Book a Demo
tradesoperator.com
Connected workflow
01
Lead captured

Call, form, or campaign source enters the operating record.

02
Work tracked

Customer, estimate, job, evidence, invoice, and payment stay connected.

03
Next action

The next approval, follow-up, or review task is visible without rebuilding context.

Architecture

What we actually built — not what we say we have.

Security controls are documented here plainly. No compliance theater, no inflated claims.

Tenant-scoped data

Every customer account is isolated at the data layer. No shared tables across tenants. Queries are scoped to your account by design, not by application logic alone.

MFA-gated sensitive actions

Actions involving payments, accounting entries, user management, and access changes require multi-factor authentication. Sensitive workflows require explicit confirmation steps.

Audit logs

Every data write, sensitive action, and access event is logged with timestamp, user, and context. Logs are append-only and used for incident investigation and compliance support.

Encrypted transit

All data transmitted between clients, servers, and providers is encrypted in transit. Credentials and tokens are never transmitted in plaintext.

Role-based permissions

Granular permissions by role — admin, dispatcher, technician, accounting. Technicians cannot access billing records. Admins control what each role sees and can do.

Approval-first AI

Operator AI never sends messages, posts accounting entries, changes schedules, or takes payment actions without explicit human approval. AI drafts — humans confirm.

Tokenized public links

Payment links, estimate approvals, and customer-facing documents use time-limited, tokenized URLs. No guessable IDs, no permanent public exposure.

Service-side payment handling

Payment card data is processed by certified payment providers. TO stores only display-safe metadata — last four digits, payment status, and provider references.

No casual data exposure

Call recordings, transcripts, financial records, and customer contacts are not accessible via public URLs or shared across tenants. Access is always gated by session and role.

On SOC 2 — plainly stated

Trades Operator is running a security readiness program aligned with SOC 2 Type II criteria. We have not completed a formal SOC 2 audit. When the audit is complete, we will say so here with the auditor and report date. We do not claim compliance we have not achieved.

Operator Demo

Security you can actually verify.

We qualify before we demo. The platform is purpose-built for a specific type of shop.

  • 3–10 trucks or equivalent home service volume
  • Wants one connected operating system — not another integration
  • Cares about calls, jobs, money, attribution, and accounting in the same place
  • Willing to connect real provider workflows during onboarding