Built by someone who used to break apps for a living.
Nine years in cybersecurity before a single line of HVAC code. The platform inherits those instincts: defense in depth, least privilege, no secrets in the browser, every dependency audited, every error tracked.
Encrypted in transit
TLS 1.3 between every browser, mobile device, and the API. No plaintext anywhere on the wire.
Isolated per shop
Every diagnostic record is scoped to the organization that owns it. The API enforces ownership server-side on every read and write.
Modern auth
Sign-in is handled by Clerk — passwords are hashed and stored by them, never by us. Multi-factor and password reset built in.
Rate-limited everywhere
Per-IP and per-user rate limits on every endpoint stop credential stuffing, scraping, and abuse before it reaches the database.
The diagnostic math runs on your device
The core fault-diagnosis engine is fully deterministic and runs on the device — PT lookups, superheat/subcooling, and fault scoring never leave your browser. There is no AI in that loop. SCSH additionally offers an optional AI mentor report; when you choose to generate one, only the diagnostic readings needed are sent to the AI provider, governed by their terms. The deterministic diagnosis itself is always local, always the same inputs, always the same answer.
Your data, your control
Job records, diagnostic sessions, and service reports are stored in an encrypted PostgreSQL database. Access is scoped to your organization, enforced server-side on every request — not just hidden in the UI. You can export your data at any time, and account deletion removes it from the live database within 30 days.
Monitoring & uptime
The API exposes liveness and readiness probes on dedicated health endpoints. External uptime monitoring polls them every three minutes and pages the on-call if they fail. Every deploy runs an automated self-verification step that rolls back the release if the new version doesn't pass — the previous release keeps serving traffic without operator action. A weekly reliability digest summarizes uptime, error volume, slow endpoints, and webhook failures so creeping problems get caught before they become outages.
Dependency & vulnerability hygiene
Every dependency is audited on every build. Known CVEs are patched with version pins so a transitive package can't sneak in a vulnerable version through a sub-dependency. Source code is scanned for common injection, authentication, and authorization mistakes before each release.
Payments handled by Stripe
Card numbers never touch our servers. Checkout and the billing portal are hosted by Stripe (PCI DSS Level 1). We store only the subscription identifiers and status we need to grant access. If Stripe is briefly unreachable, your diagnostic features keep working off a cached subscription status — the field never goes down because of a billing-system blip.
Reporting a vulnerability
If you find a security issue, please email [email protected]. We will acknowledge within two business days, keep you updated on the fix, and credit you (with your permission) once the issue is resolved. We don't pay bug bounties yet — but we do say thank you, and we mean it.