The mobile app is technician-only, and Pistonlog enforces the PII rule at the API layer for any caller in the Technician role — the strip is role-based, not platform-specific. The same data the mobile app sees is what a technician would see on the web jobcard view. The data isn't there to display, on either platform.
What's stripped
Before the API responds to any technician's request, these fields are removed from the response payload (see src/lib/auth/pii.ts in foundry):
- Customer first name, last name and full-name composite
- Customer email and phone
- Customer address
- Customer notes (internal)
- Business account name and address (for business jobcards)
- Business account internal notes
These fields are stripped server-side. Even if a future version of the mobile app tried to display them, the data isn't in the payload. Owner roles bypass the strip.
What's visible
- Vehicle: registration, make/model, mileage, spec fields
- Jobs: descriptions, labour, parts, statuses, your assignments
- Inspections: full template, full fill, photos, signatures
- Messages: jobcard threads. These are internal team chats — they don't have a customer name to substitute. Mentions and posts from other team members show as normal
Dates that relate to the work itself (jobcard creation date, inspection completion date, work-completed date) are visible — only customer-side dates aren't relevant in the technician model since technicians work from assignments, not the calendar.
Why so strict
A workshop is a busy environment. Photos get taken of cars with screens visible behind them. Phones get left on benches. Customer PII on a mobile screen used in that environment is a leak risk. Stripping the data at the API means there's no copy to leak.
What this means for techs talking to customers
Technicians don't typically call customers in the Pistonlog model — that's reception's job. If a technician needs to ask the customer a question, they post on the jobcard message thread (which is internal — reception then relays to the customer through the appropriate channel).