Security & Compliance

We apply commercially reasonable technical and organizational measures designed to protect PestRouting and customer data against unauthorized access, loss, misuse, alteration or disclosure.

Our security approach focuses on:

• restricted access to production systems;
• encrypted communication;
• secure handling of integration credentials;
• application monitoring and error detection;
• service reliability and debugging;
• subprocessor management;
• data minimization;
• controlled access to customer data;
• clear privacy and data processing documentation.

No system can be guaranteed to be completely secure. Customers remain responsible for securing their own accounts, users, devices, FieldRoutes access, API credentials and connected third-party systems.

PestRouting’s core application and database infrastructure are hosted on Hetzner servers in Finland, within the European Union.

We use server infrastructure to operate the application, store customer-authorized data, provide routing and optimization functionality, process requests, maintain system performance and support troubleshooting.

Access to infrastructure is restricted to authorized personnel with operational need.

PestRouting is built for B2B use and may process personal data in different roles.

We generally act as controller when we process personal data for our own business purposes, such as website operation, demo requests, customer communication, support, security administration, billing-related communication and legal compliance.

We generally act as processor when we process customer-authorized data on behalf of a business customer, for example data imported from FieldRoutes or another connected system.

Where we act as processor, the processing is governed by our Data Processing Agreement unless another valid data processing agreement has been concluded.

Relevant legal documents:

• Privacy Policy;
• Data Processing Agreement;
• Subprocessors & Third-Party Services;
• Terms of Service;
• Refund & Cancellation Policy;
• Legal Notice.

PestRouting may connect to FieldRoutes or other customer-authorized third-party systems.

Depending on the customer’s configuration and enabled features, PestRouting may import, process, analyze, display, synchronize and, where enabled, write data back to FieldRoutes.

Customer-authorized data may include:

• customer and service-location data;
• appointment data;
• subscription and service agreement data;
• technician and employee data;
• office and branch data;
• route data;
• appointment-slot or spot data;
• service-type data;
• skill and qualification data;
• integration credentials and technical metadata.

Customers are responsible for ensuring that they are authorized to connect FieldRoutes or another third-party system to PestRouting and that they have a valid legal basis for providing the relevant data.

FieldRoutes remains a customer-authorized third-party integration and is generally not a subprocessor controlled by Dayem Solutions.

Where required to provide the service, PestRouting may store API keys, access tokens, refresh tokens or similar credentials for FieldRoutes or other integrations.

Such credentials are used to provide the relevant integration, including data import, synchronization, processing and, where enabled, write-back functionality.

Customers can revoke or disable integration access through the relevant third-party system where available or by contacting support.

PestRouting uses encrypted communication via TLS/SSL where technically available.

This helps protect data transmitted between users, browsers, the application and connected services.

Customers should ensure that their own devices, browsers, networks and third-party accounts are also secured appropriately.

Access to production systems and customer data is restricted to authorized personnel who need access for service provision, support, maintenance, security or legal purposes.

We aim to limit access based on operational need.

Customers are responsible for managing their own users, permissions, connected FieldRoutes accounts and internal access controls.

We may use monitoring and error tracking tools to detect issues, investigate bugs, improve performance and maintain service reliability.

Current tools may include:

• Sentry for error monitoring and debugging;
• Laravel Nightwatch for application monitoring, performance monitoring and debugging;
• PostHog EU Cloud for product analytics, usage insights and debugging.

We configure these tools to reduce unnecessary personal data collection where possible.

We may use PostHog EU Cloud to understand product usage, improve usability, detect issues and support product development.

Where analytics technologies are non-essential, they are used only with consent where required. You can review and change your choices on our Cookie Policy page.

We do not use analytics tools to sell customer data.

Payments for PestRouting are processed through Paddle.

Paddle acts as Merchant of Record or reseller for our orders and may process payment, billing, tax, invoice, subscription, refund and chargeback data under its own terms and privacy documentation.

Dayem Solutions does not directly process full payment card details.

We use selected third-party service providers to provide, operate, secure, monitor, support and improve PestRouting.

Current providers may include:

• Hetzner;
• Hostinger;
• Resend;
• PostHog EU Cloud;
• HubSpot;
• Cal.com;
• Paddle;
• Sentry;
• Laravel Nightwatch;
• Google Maps / Google Places APIs.

More details are available in our Subprocessors & Third-Party Services page.

Where required, subprocessors processing Customer Personal Data are subject to appropriate contractual safeguards.

Some service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the European Economic Area, we rely on appropriate transfer mechanisms where required, such as:

• an adequacy decision by the European Commission;
• the EU-U.S. Data Privacy Framework where applicable;
• Standard Contractual Clauses;
• additional safeguards where required;
• another lawful transfer mechanism under applicable data protection laws.

Customer data is generally retained for the duration of the subscription and as necessary to provide PestRouting.

After termination or expiry of a paid subscription, customer data will generally be deleted or anonymized within 90 days after the end of the paid subscription term, unless longer retention is required by law or necessary for legitimate legal, billing, tax, security, compliance or dispute-resolution purposes.

Customers may contact support@pestrouting.com to request data export or deletion assistance.

As of the Last Updated date, PestRouting does not process identifiable Customer Data through artificial intelligence APIs and does not use identifiable Customer Data in AI prompts.

We do not use identifiable Customer Data to train artificial intelligence models.

If we introduce AI-powered features that process Customer Data, we will update the applicable Privacy Policy, Data Processing Agreement, product documentation or other legal documentation as required.

If we become aware of a personal data breach affecting Customer Personal Data processed on behalf of a customer, we will notify the affected customer without undue delay in accordance with our Data Processing Agreement and applicable law.

We may provide information in phases as it becomes available.

Customers should promptly notify us if they suspect unauthorized access, compromised credentials, misuse of PestRouting or security issues involving connected integrations.

Security is a shared responsibility.

Customers are responsible for:

• securing their own user accounts;
• managing authorized users and permissions;
• protecting login credentials;
• protecting FieldRoutes and other third-party accounts;
• ensuring API credentials are properly authorized and scoped;
• reviewing and validating routing and scheduling outputs before operational use;
• maintaining their own operational system of record;
• complying with applicable data protection, employment, customer communication and industry laws;
• ensuring that their own devices, networks and browsers are secure.

PestRouting does not currently claim SOC 2, ISO 27001, HIPAA or similar security certifications unless explicitly stated in writing.

We are continuously improving our security, privacy and operational processes as the product and customer base grow.

If you believe you have discovered a security issue, vulnerability or unauthorized access affecting PestRouting, please contact us immediately.

Security contact: support@pestrouting.com

Please include:

• a clear description of the issue;
• steps to reproduce, if applicable;
• affected URLs, accounts or systems;
• screenshots or logs, if relevant;
• your contact information.

Please do not access, modify, delete, download or disclose data that does not belong to you.

For security, privacy or compliance questions, please contact:

Email: hello@pestrouting.com
Support: support@pestrouting.com