Security & Compliance

Protecting your data at every layer

Our security architecture is designed to meet enterprise requirements — from encryption and access control to audit logging and incident response.

Platform Infrastructure

Our platform runs on enterprise-grade cloud infrastructure with automatic failover, geo-redundant backups, and 99.9% uptime SLA. All environments are isolated, and infrastructure is managed through code with continuous security scanning. Built on infrastructure that supports SOC2 Type II compliance.

Data Encryption

All data in transit is protected with TLS 1.2+ encryption. Data at rest is encrypted using AES-256 standards. Database connections are secured with SSL certificates, and API traffic is routed through HTTPS-only endpoints. Encryption keys are managed using a dedicated key management service with automatic key rotation.

Access Control & Authentication

The platform implements role-based access control (RBAC) with four primary roles — Admin, Operations, Finance, and Customer — ensuring that users only see data they are authorized to access. Authentication supports email/password, OAuth via Google, and optional SSO through SAML-based identity providers. Sessions are managed with secure, HttpOnly cookies and automatic token refresh.

Audit Logs

Every significant action is recorded in an immutable audit log capturing the User ID, action performed, timestamp, previous value, and new value. Audited events include shipment edits, P&L modifications, compliance data updates, AES filing changes, and user permission modifications. Audit data is retained for a minimum of 12 months and is accessible to administrators through the platform's Audit Trail panel.

Compliance & Privacy

User data is handled in accordance with GDPR data protection principles. Users can request account deletion, export their personal data, and update personal information at any time. Consent management and data minimization practices are applied across all data collection points. The platform does not sell or share user data with third parties.

Incident Response

We maintain an incident response plan that includes automated alerting, defined escalation paths, and post-incident review processes. Critical issues such as payment failures, EDI processing errors, and stuck shipments trigger real-time alerts to the operations team. Security incidents are investigated promptly, and affected users are notified within 72 hours in accordance with regulatory requirements.

Our platform is built on infrastructure that supports SOC2 Type II compliance. Formal certification status is subject to independent verification. For questions regarding our security practices, please contact [email protected].