Built openly, secured deliberately.
OnsiteMate.au is being developed from a free Australia-only map tool into a secure business workflow platform for locations, jobs, routes and field operations.
Security
Security by Design, not as a last-minute add-on.
Privacy
Personal customer data should be minimized and protected.
Field
The platform is planned for web and native mobile workflows.
Current foundation
The platform already includes a public reference workflow, business portal foundation and a first security hardening layer.
Public Australia-only map and reference tool
Business workspace foundation
Email/password authentication
Workspace and role-aware business portal
Public location references and public route references
Server-side Supabase access layer
Security headers, CSP and HSTS
Rate limiting for sensitive API routes
Origin/CSRF protection for mutating API requests
Supabase RLS hardening for public route references
Next.js security release upgrade
The rules for every new module
Every future feature is planned around data access, role boundaries, auditability and operational risk before it becomes part of the user interface.
Security by Design
New features are planned around risk, roles, data access and auditability before UI work starts.
Privacy by Design
OnsiteMate aims to store only what is required, keep business data separated from public tools, and protect personal customer details.
Least Privilege
Users should only access the workspaces, jobs and actions they need for their role.
Defense in Depth
Security is layered across headers, API checks, sessions, rate limits, RLS, logging and infrastructure controls.
From creation to release
Foundation
The first version established the public map tool, business portal foundation, authentication and reference creation workflow.
Security Hardening V1
Security headers, CSP, HSTS, rate limits, origin protection, route RLS hardening and dependency security updates were added.
Customer-Ready Security
The next focus is audit logs, revocable sessions, stronger access testing, encrypted customer fields, monitoring and operational controls.
Field Operations
The platform will expand into route sessions, stop status tracking, notes, timing and assigned field work.
Native App
A native iOS app is planned for logged-in field staff to open assigned jobs, follow routes and update work status from site.
Security Core
Audit logs for important actions
Server-side sessions with revocation
Login and access event logging
Role and workspace access tests
Permission matrix for the business portal
Business Data Protection
Clear separation between public map data and business data
Encrypted storage for sensitive customer fields
Customer names, contact details and notes protected at field level
Coordinates kept usable for routing and maps
Privacy-safe error handling and exports
Operational Readiness
Monitoring and alerting
Backup and restore checks
Security test checklist
Admin MFA planning
Customer-ready privacy and processing documentation
A secure foundation for a modular field-work platform.
OnsiteMate is planned as the location and workflow foundation for future business modules, including native app workflows and structured field operations.
Native iOS Field App
Assigned jobs and route sessions on mobile
Stop-by-stop route completion with timers
Apple Maps and Google Maps handoff
Optional external cloud document linking instead of storing photos directly
Modular RooStack-style business tools built on the same security foundation
Important note
This roadmap is intentionally transparent. Security is an ongoing process, not a one-time claim. New customer-facing features are planned to go through access-control, logging, privacy and operational-readiness checks before release.
