- The FieldEdge App has a direct connection to NationBuilder
- FieldEdge does not store your database on our server or any third-party servers
- All connections to the app are secured through an SSL connection
- Uses industry standard oAuth for authentication (password is never exposed)
- Respects the permission sets within a nation
- Some basic and generic information is sent to our server to ensure product is licensed
- Some basic and generic information is sent to third party software to enable us to deliver a better experience
- Device OS level features can be enabled for extra layers security
The Technical Stuff
Direct Connection to NationBuilder
The FieldEdge app makes direct calls from the user’s device to NationBuilder’s API over a HTTPS connection. NationBuilder has a valid SSL certificate that ensures the connection is fully encrypted. The app does not use a proxy or intermediary server to make these calls to NationBuilder, so the data is only ever stored on the user’s device and NationBuilder.
“Passwordless” Login with Ability to Revoke Access
The FieldEdge app uses NationBuilder’s official oAuth process to connect to your nation. This means when logging in to the FieldEdge app, you will be taken to NationBuilder.com to sign-in to your nation. The user then must give permission for the app to access the nation on their behalf. Once approved, the app is then provided a token from NB, enabling access to the nation without access to the user passwords.
The app’s access to your nation can be revoked at anytime via your nation’s control panel.
NationBuilder Permission Sets
NationBuilder’s API now reflects the “Assigned only” permission set within a nation. This means access to people within the nation can be controlled on FieldEdge just as it can be on NationBuilder.
Connections to FieldEdge’s Server
To enforce licensing and provide basic account level features, the FieldEdge app sends some information to FieldEdge’s server. This information includes: the user’s name, the user’s email addresses, the nation slug and the size of the nation’s database. Information about other people in your nation is never sent to FieldEdge’s server. This connection is made over HTTPS with a valid SSL certificate present on FieldEdge’s server.
Connections to Third Party Servers
To continue providing a great experience with our app, some basic information is sent to our third-party service providers. These services include analytics, CRM, customer support and troubleshooting functionality. We only use reputable service providers who have also shown a commitment to security. Information about other people in your nation is never sent to our third-party providers. These connections are made over HTTPS with valid SSL certificates present.
Device Level Security
We recommend that organizations’ enforce device level security on their user’s phones to provide extra layers of security. These might include device encryption, remote wipe and passcodes.
If you have any questions or concerns about data security and privacy, please don't hesitate to reach out.