Trust Center
Ask a questionRequest access
Trust Center

Security & compliance at Cenntrax

How we protect the logistics, cold-chain, and chain-of-custody data that moves through the Cenntrax platform.

Cenntrax is built for regulated delivery — pharmaceuticals, controlled substances, and temperature-sensitive freight. Security and verifiable compliance are designed into the platform, not added on. This page describes the controls that are live in the product today.

SHA-256
Hash-chained audit
Tamper-evident, verifiable event chain
TLS 1.3
Encrypted in transit
All app & API traffic
2–8°C
Cold-chain monitored
Excursion detection on every leg
Per-tenant
Data isolation
Separate database per customer

Security controls

View all

Tamper-evident audit trail

Every compliance-relevant action is recorded as an immutable, hash-chained event so records can be proven unaltered.

  • Each audit event is hashed with SHA-256 over its contents plus the previous event's hash, forming a continuous chain.
  • Any edit, deletion, or re-ordering breaks the chain and is detectable.
  • Chain integrity can be re-verified on demand across the full history or a single module.
  • Events capture who, what, and when for pickup, delivery, and cold-chain actions.

Cold-chain & quality compliance

Temperature-sensitive freight is monitored against per-product thresholds with automatic excursion handling.

  • Configurable temperature profiles (e.g. 2–8°C) per customer / product.
  • Automatic excursion detection and alerting when readings fall out of range.
  • Temperature auto-captured from telematics sensors at pickup and delivery, stamped to the proof record.
  • Quality workflows: deviations, CAPA (corrective & preventive action), checklists, and a document vault.

Chain of custody

Controlled and narcotic shipments carry an unbroken, evidenced custody record from pickup to delivery.

  • Controlled / narcotic loads are flagged and require signature and custody capture at handover.
  • Barcode scan verification ties each piece to the correct stop before pickup or delivery.
  • Proof of Pickup / Delivery captures signature, photo, recipient, GPS, device, and temperature.
  • All custody evidence is written to the tamper-evident audit trail.

Data protection & encryption

Customer data is encrypted in transit and access to it is tightly scoped.

  • TLS 1.3 for all application and API traffic.
  • Evidence (signatures, photos) and audit metadata stored with integrity hashing.
  • Secrets and credentials are kept out of source control and rotated on exposure.
  • Backups managed by our cloud infrastructure provider.

Compliance approach

View all

Cenntrax is engineered around the principles behind recognized security and quality frameworks — least-privilege access, encryption, immutable audit, and documented quality processes (deviations, CAPA, controlled documents). We do not display certifications we have not earned. Where a customer requires formal attestations or a specific framework, we are happy to walk through our current controls and roadmap directly.

  • Built for regulated cold-chain and controlled-substance logistics.
  • Tamper-evident audit and quality workflows (deviation / CAPA / document control) implemented in-product.
  • Independent third-party certification (e.g. SOC 2 / ISO 27001) is a roadmap item, not a current claim.

Frequently asked

View all
Do you encrypt data?
All application and API traffic is encrypted in transit with TLS 1.3. Data at rest is stored on managed cloud databases with provider-level encryption, and integrity-sensitive records (audit events, proof of delivery) are additionally protected with SHA-256 hashing.
How do you prove records haven't been tampered with?
Every compliance-relevant action is written as an immutable, hash-chained audit event. Each event's hash includes the previous event's hash, so any change, deletion, or re-ordering breaks the chain and is detectable. Chain integrity can be re-verified on demand.
Is one customer's data ever mixed with another's?
No. Each customer runs in its own isolated tenant with a separate database, so cross-customer access is not possible.

Updates

View all
June 2026

Trust Center launched

Cenntrax's Trust Center is now live with our current security and compliance posture.

General
June 2026

Auto-captured temperature on proof of delivery

Vehicle fridge temperature is now auto-captured from telematics and stamped to every pickup and delivery record.

Cold chain
May 2026

Tamper-evident audit trail

Compliance events are now hash-chained with on-demand integrity verification.

Audit