Security controls

Every compliance-relevant action is recorded as an immutable, hash-chained event so records can be proven unaltered.

• Each audit event is hashed with SHA-256 over its contents plus the previous event's hash, forming a continuous chain.
• Any edit, deletion, or re-ordering breaks the chain and is detectable.
• Chain integrity can be re-verified on demand across the full history or a single module.
• Events capture who, what, and when for pickup, delivery, and cold-chain actions.

Temperature-sensitive freight is monitored against per-product thresholds with automatic excursion handling.

• Configurable temperature profiles (e.g. 2–8°C) per customer / product.
• Automatic excursion detection and alerting when readings fall out of range.
• Temperature auto-captured from telematics sensors at pickup and delivery, stamped to the proof record.
• Quality workflows: deviations, CAPA (corrective & preventive action), checklists, and a document vault.

Controlled and narcotic shipments carry an unbroken, evidenced custody record from pickup to delivery.

• Controlled / narcotic loads are flagged and require signature and custody capture at handover.
• Barcode scan verification ties each piece to the correct stop before pickup or delivery.
• Proof of Pickup / Delivery captures signature, photo, recipient, GPS, device, and temperature.
• All custody evidence is written to the tamper-evident audit trail.

Customer data is encrypted in transit and access to it is tightly scoped.

• TLS 1.3 for all application and API traffic.
• Evidence (signatures, photos) and audit metadata stored with integrity hashing.
• Secrets and credentials are kept out of source control and rotated on exposure.
• Backups managed by our cloud infrastructure provider.

Access is authenticated, role-scoped, and least-privilege by default.

• Token-based authentication (Laravel Sanctum) for app and API sessions.
• Role-based access — drivers, agents, and administrators see only what their role permits.
• Service-to-service calls are authenticated with signed webhook secrets.
• Driver sessions support secure offline operation with token re-validation on reconnect.

Each customer's data lives in its own isolated tenant, hosted on hardened cloud infrastructure.

• Per-tenant database isolation — one customer can never query another's data.
• Hosted on a major cloud provider with managed, access-controlled databases.
• Configuration and environment separation between tenants.
• High-availability application runtime with health monitoring.

AI features are sandboxed so model output can never act as code or reach the database unchecked.

• AI responses are treated as data, never executable code — guarded by a dedicated response validator.
• Model output must pass schema validation before any value touches the database.
• AI is used cost-consciously with rule-based fallbacks; no customer data is used to train third-party models.
• Input validation and safe defaults across the API surface.

Operational events are logged and proof-of-work is captured for every delivery.

• Status history and activity logs across loads, stops, and routes.
• GPS and device metadata captured with pickup/delivery evidence.
• Excursion and compliance alerts surfaced to the operations dashboard.
• Proof records (POP/POD) retained with full capture context for audit.