Security
Last updated: March 28, 2026
1. Infrastructure
FreightFlow360 runs on cloud infrastructure with encrypted storage at rest (AES-256) and in transit (TLS 1.2+). All services operate in private networks with strict firewall rules and no direct public access to databases or internal services.
2. Data Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Database credentials, API keys, and secrets are stored in environment variables and secret management services — never in source code.
3. Authentication & Access Control
User authentication uses bcrypt-hashed passwords and JWT tokens with short expiration windows. Google OAuth 2.0 is supported for single sign-on. Role-based access control ensures users only see data belonging to their organization.
4. Email Integration Security
Gmail integration uses OAuth 2.0 with read-only scopes. We only access emails matching freight-related patterns (rate confirmations, dispatch sheets, load tenders). Personal emails are never read, stored, or analyzed. OAuth tokens are encrypted at rest and can be revoked at any time from your Google account settings.
5. Carrier & Shipment Data
Shipment data is isolated per tenant using tenant-scoped database queries. Carrier performance scores are aggregated anonymously across the platform — no broker can see another broker's individual shipment details. GPS tracking data and check-call records are retained per our data retention policy and can be exported or deleted on request.
6. Third-Party Integrations
We integrate with Twilio (SMS/Voice), Deepgram (transcription), and Anthropic (AI classification). All third-party communications use TLS. We share only the minimum data required for each integration to function. No third party receives your full shipment database.
7. Incident Response
We monitor systems for unauthorized access and anomalies. In the event of a security incident, affected customers will be notified within 72 hours with details of the incident, data impacted, and remediation steps taken.
8. Responsible Disclosure
If you discover a security vulnerability, please report it to security@freightflow360.com. We take all reports seriously and will respond within 48 hours.
9. Contact
For security questions, contact us at:
FreightFlow360
Email: security@freightflow360.com
Web: freightflow360.com