Roadmap & Security

Built openly, secured deliberately.

OnsiteMate.au is being developed from a free Australia-only map tool into a secure business workflow platform for locations, jobs, routes and field operations.

Security

Security by Design, not as a last-minute add-on.

Privacy

Personal customer data should be minimized and protected.

Field

The platform is planned for web and native mobile workflows.

Already implemented

Current foundation

The platform already includes a public reference workflow, business portal foundation and a first security hardening layer.

Public Australia-only map and reference tool

Business workspace foundation

Email/password authentication

Workspace and role-aware business portal

Public location references and public route references

Server-side Supabase access layer

Security headers, CSP and HSTS

Rate limiting for sensitive API routes

Origin/CSRF protection for mutating API requests

Supabase RLS hardening for public route references

Next.js security release upgrade

Security approach

The rules for every new module

Every future feature is planned around data access, role boundaries, auditability and operational risk before it becomes part of the user interface.

Security by Design

New features are planned around risk, roles, data access and auditability before UI work starts.

Privacy by Design

OnsiteMate aims to store only what is required, keep business data separated from public tools, and protect personal customer details.

Least Privilege

Users should only access the workspaces, jobs and actions they need for their role.

Defense in Depth

Security is layered across headers, API checks, sessions, rate limits, RLS, logging and infrastructure controls.

Development timeline

From creation to release

01

Foundation

The first version established the public map tool, business portal foundation, authentication and reference creation workflow.

Completed
02

Security Hardening V1

Security headers, CSP, HSTS, rate limits, origin protection, route RLS hardening and dependency security updates were added.

Completed
03

Customer-Ready Security

The next focus is audit logs, revocable sessions, stronger access testing, encrypted customer fields, monitoring and operational controls.

In progress
04

Field Operations

The platform will expand into route sessions, stop status tracking, notes, timing and assigned field work.

Planned
05

Native App

A native iOS app is planned for logged-in field staff to open assigned jobs, follow routes and update work status from site.

Planned

Security Core

Audit logs for important actions

Server-side sessions with revocation

Login and access event logging

Role and workspace access tests

Permission matrix for the business portal

Business Data Protection

Clear separation between public map data and business data

Encrypted storage for sensitive customer fields

Customer names, contact details and notes protected at field level

Coordinates kept usable for routing and maps

Privacy-safe error handling and exports

Operational Readiness

Monitoring and alerting

Backup and restore checks

Security test checklist

Admin MFA planning

Customer-ready privacy and processing documentation

Where this is going

A secure foundation for a modular field-work platform.

OnsiteMate is planned as the location and workflow foundation for future business modules, including native app workflows and structured field operations.

Native iOS Field App

Assigned jobs and route sessions on mobile

Stop-by-stop route completion with timers

Apple Maps and Google Maps handoff

Optional external cloud document linking instead of storing photos directly

Modular RooStack-style business tools built on the same security foundation

Important note

This roadmap is intentionally transparent. Security is an ongoing process, not a one-time claim. New customer-facing features are planned to go through access-control, logging, privacy and operational-readiness checks before release.