Knurl · CMMSSecurity

Security at Knurl.

How Knurl handles licensing, access, your data, offline integrity and payments — described plainly. This page covers what the product actually does; it makes no claims of certifications or audits we don't yet hold.

#01Licensing & access

Your license lives on the device.

Tamper-proof licenses

Every license is cryptographically signed and verified by the app itself — no way for anyone to forge access. Verification happens on the device, so the app keeps working without a constant internet connection.

Phone + one-time code

Technicians sign in once, online, with a phone number and a one-time code. After that the device holds a long-lived trust, so a technician is never locked out for lack of signal.

Device revocation

A manager can revoke a device from the dashboard. The next time that device checks in it receives the signal and wipes its local copy of your data.

#02Your data

You own it. We never delete it.

Full audit trail

Every work-order step is recorded — who did it, when, why. The history can be reviewed but never silently rewritten.

Never deleted

Records are kept, never destroyed. If a subscription lapses the app becomes read-only — all data stays fully viewable, and reactivation is instant.

Your data, only yours

Every record belongs to your facility and is checked on every request. We are the system of record; you are the owner.

#03Offline integrity

Sync that doesn't lose or duplicate work.

Nothing gets missed

Updates are pulled in order, every time. The app never silently skips a record or replays one twice.

Safe to retry

If a sync runs twice — the phone lost signal mid-upload, then came back — the second run does nothing. No duplicate work orders, no duplicate charges.

#04Payments

We don't touch card data.

Hosted checkout

Checkout runs on our payment processor's hosted page. Card details never reach Knurl's servers.

Verified billing events

Billing notifications are cryptographically signed and verified before they are acted on.

#05Responsible disclosure

Found a security issue? Tell us before publishing.

Email security@knurl.work

Send a vulnerability report — proof of concept, scope, your contact — to security@knurl.work. We coordinate disclosure with the reporter and aim to fix before any public write-up.

security.txt

Our /.well-known/security.txt follows RFC 9116, so security researchers and automated scanners find the right channel without guessing.