Security

Your shipping data is safe with us

Enterprise-grade security isn't an add-on. It's how we built FreightCake from the first line of code.

Security Architecture

Defense in depth, not security theater

Encryption everywhere

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database connections, API calls, internal service mesh — nothing travels in plaintext.

OIDC authentication

OpenID Connect-based authentication with JWT tokens. No shared sessions, no cookie-based auth. Supports SSO integration for Enterprise plans.

Least-privilege IAM

Every service, every deployment, every CI pipeline runs with scoped IAM roles. OIDC trust policies — no long-lived access keys anywhere in the system.

Network isolation

Services run in private subnets with no direct internet access. Ingress is controlled through load balancers with WAF rules and rate limiting.

Audit logging

Every API call, every login attempt, every permission change is logged with immutable audit trails. CloudTrail for infrastructure, application-level audit for user actions.

Automated patching

Container base images rebuilt weekly with latest security patches. Kubernetes nodes upgraded on a rolling schedule. Zero-downtime throughout.

Compliance

Built for regulated industries

SOC 2 Type II

In progress

Architecture designed for SOC 2 compliance from the ground up. Formal audit planned.

GDPR

Compliant

Data processing agreements, right to erasure, data portability, and privacy-by-design principles.

PCI DSS

Delegated to Stripe

Payment processing handled entirely by Stripe. We never store, process, or transmit cardholder data.

Development Practices

Security in the development lifecycle

Infrastructure as Code

All infrastructure defined in Terraform with peer-reviewed pull requests. No manual changes.

Dependency scanning

Automated vulnerability scanning on every commit. Known CVEs flagged and patched before merge.

Secrets management

Secrets stored in AWS Secrets Manager. Rotated automatically. Never committed to source control.

Questions about security?

We're happy to walk through our security architecture, share our policies, or discuss your compliance requirements.

Contact security team
Get started today

Modern shipping. Simplified.

Free to start. No credit card required. Your first 25 shipments are on us.

Start shipping freeContact sales