CanTicket helps service teams manage jobs, time, and invoicing. We know that means trusting us with client names, financial data, and day-to-day operations. This page explains how we protect that information.
CanTicket is a cloud-based job and workflow platform for businesses that track work, time, and billing — often alongside Xero and other tools you already use.
We process data you and your team enter into the product: jobs and tasks, time entries, comments, client and contact details, invoices and quotes (including data synced from connected accounting systems), and account information for your users.
We do not sell customer data. We use it only to provide and improve the service described in our Terms of Service and Privacy Policy.
| Area | Detail |
|---|---|
| In transit | All connections to CanTicket use HTTPS (TLS 1.2+). |
| At rest | Customer data is stored in encrypted MySQL on AWS in Singapore (ap-southeast-1). |
| Passwords | Stored using industry-standard hashing — never in plain text. |
| Sessions | Encrypted session cookies in production; secure cookie flags when served over HTTPS. |
We maintain an active security improvement program, including:
| Item | Our approach |
|---|---|
| Hosting | Amazon Web Services (AWS) |
| Primary region | Singapore (ap-southeast-1) |
| Availability | Update coming soon |
| Backups | Regular automated backups, stored securely and not publicly accessible. |
| Monitoring | Application and infrastructure logging; alerts on errors and failed jobs. |
We use carefully selected third parties to run CanTicket. They process data only on our instructions and for the purposes below.
| Provider | Purpose | Typical data |
|---|---|---|
| Amazon Web Services (AWS) | Application and database hosting | All customer account and job data |
| Amazon Web Services (SES) | Transactional email | Email addresses, message content |
| Stripe | Subscription and payment processing | Billing contact, payment metadata (Stripe handles card data) |
| Xero | Accounting integration (optional per customer) | Invoices, contacts, payroll/timesheet sync as configured |
| Calendar, Drive, Maps (optional per customer) | OAuth tokens, calendar events, files as authorised | |
| OpenAI / Google Gemini | AI-assisted features (optional per company) | Prompts may include job and comment text when features are enabled |
| GoHighLevel | CRM sync (optional) | Contacts and opportunities as configured |
| Slack | Job commands (optional) | Workspace tokens, job metadata |
| Asana | Integration and browser plugin (optional) | Task and time data as authorised |
Some CanTicket features can send portions of your job or comment text to AI providers (such as OpenAI or Google Gemini) when your company has enabled those features.
Security is shared. We recommend customers:
We maintain an incident response plan covering detection, containment, assessment, customer notification, and post-incident review.
| Status | Detail |
|---|---|
| ISO 27001 | Underway |
| Privacy | Australian Privacy Act 1988; see our Privacy Policy for international transfers (including Singapore hosting) |
| Security audit | Internal application security audit completed June 2026; critical findings remediated |
| Data type | Typical retention |
|---|---|
| Active account data | Duration of subscription, plus a defined grace period after termination unless law requires longer Update coming soon |
| Backups | Retained on a rolling basis and rotated regularly; stored securely and not publicly accessible. |
| Logs | Security and access logs retained for monitoring, troubleshooting, and investigation purposes. |
Send a message and we'll open a triage ticket routed to the right team. For security reports we acknowledge within 2 business days.
Thanks — your request has been logged and routed to the right team. You'll receive an email confirmation shortly. Keep this reference for follow-up:
Our public website (canticketapp.com) may use cookies and third-party analytics to understand how visitors find our marketing pages. This section does not describe the in-app CanTicket product your team uses for jobs and time tracking.
| Service | Purpose |
|---|---|
| Google Analytics | Traffic and usage on marketing pages |
| Meta (Facebook) Pixel | Advertising measurement and remarketing |
| Google Search Console | Search performance and site indexing (site-owner tool) |