Ordinavo Trust

Security and control for operational teams

Ordinavo helps companies process mobile workflows, external requests and operational data in a controlled way, with roles, permissions, tenant context and clear integration boundaries.

Security starts with clear boundaries

Ordinavo is designed for operational processes with multiple roles, locations, teams and external intakes. Access is limited along responsibilities, tenants, roles and integrations.

Role-based access

Users see and edit only the areas intended for their role or task.

Tenant context

Operational data can be separated by organization, team or customer context.

Controlled interfaces

External systems use defined Ordinavo Connect interfaces instead of broad internal access.

Traceability

Important status changes and processing steps can remain documented.

Access model

Every role needs a different view

A mobile employee needs different information than a dispatcher. A manager needs oversight, but not necessarily every operational input. An external system should submit requests, but not read internal weekly plans.

Ordinavo Connect is not intended as general full access to Ordinavo. External integrations receive only defined capabilities, for example creating requests or reading status information.
Administrator Manager Dispatcher Employee External integration Support / technical access, if intended

Organizational context

Separated data for separated organizations

Ordinavo can support tenant- and organization-related operating models. Tasks, requests, routes, employees and status information are assigned to the relevant context.

Business value

  • clear separation between organizations
  • less risk from incorrect visibility
  • better structure across multiple teams or locations
  • prepared for larger operational units

Interfaces with a clearly defined purpose

Ordinavo Connect enables external requests through APIs, portals, terminals or partner systems. External systems should receive only the data and actions required for the integration.

Authentication

API access uses project- or tenant-specific credentials.

Permissions and scopes

Integrations can be limited to defined actions, for example creating requests or reading status.

Idempotency

Write API calls can use idempotency keys so retries do not create duplicate cases.

Webhook signatures

Status callbacks can be signed so receiving systems can verify origin and integrity.

Rate limits

Limits help protect APIs and tenants from overload or abusive use.

Customer operations security boundaries

CRM Light data, visit reports, customer timeline entries and webhook payloads need concrete security boundaries, not broad promises.

Tenant isolation for operational data

Ordinavo is designed to keep customers, locations, contacts, targets, appointments, route plans, visit reports, timelines, imports and webhooks separated by tenant.

Role-based access

Role-based visibility controls separate tenant administration, dispatch planning and mobile execution context.

API and webhook security

Ordinavo Connect uses API keys, scopes, idempotency and signed webhook deliveries to support controlled system-to-system integration.

Schema and deployment safety

Ordinavo includes schema verification, migration checks and readiness health checks to reduce deployment risks in self-hosted or managed environments.

Deployment checks

For managed or self-hosted environments, migration and readiness checks help reduce deployment risk before customer operations, visit reports and Connect events depend on the release.

--migrate --check-migrations --verify-schema /health/ready

Traceability

Make operational decisions traceable

For mobile teams, it is often important to understand when a request arrived, who reviewed it, when it was planned, which employee handled it and which feedback was captured on site.

Status history of requests Processing history of tasks Comments and field feedback Planning and assignment information API or Connect intake as source

Data minimization

Only the data needed for the process

Ordinavo Connect should be used so external systems submit only the information needed to process a request. Location, contact, time window and description are sufficient in many cases. Sensitive additional data should be processed only when required and agreed for the specific process.

Security FAQ

Do external systems get access to internal Ordinavo data?

No. External systems should use only defined integration functions, for example submitting requests or receiving status information.

Can Ordinavo support role-based access?

Yes. Ordinavo is designed for different roles and responsibilities.

Can Ordinavo run on-premise?

Depending on project requirements, on-premise or dedicated operating models can be evaluated.

Are API accesses logged?

API and Connect access should be technically logged to support troubleshooting, security and traceability.

Is security documentation available for enterprise customers?

For larger rollouts, technical and organizational requirements can be aligned during a demo or project discussion.

Review Ordinavo against your security requirements

We can discuss roles, integrations, hosting and privacy requirements for your specific Ordinavo rollout.