Security & data confidentiality

Your rates are yours.

Carriers care about confidentiality more than almost anything else. QuoteFleet is built around that. Below is exactly what we do — and what we deliberately don't do — with the rates and customer data you put in.

1. Default-private architecture

Per-tenant data isolation, enforced at the database

Every rate card, accessorial, lane zone, terminal, lead and conversation in QuoteFleet is keyed to the tenant_id that created it. Every query goes through middleware that pins the query to the authenticated tenant — there is no UI, API, or backend code path that returns another carrier's rate data. Super-admin access is logged to an immutable audit trail.

The marketplace is opt-in only

The "carrier marketplace" (where shippers and forwarders can find carriers by lane and equipment) shows your carrier name, lanes, and current rates only if you explicitly toggle marketplace visibility ON in your dashboard. The default is OFF, and you can toggle it back OFF at any time — your profile disappears from the marketplace immediately.

Anonymized industry benchmarks (also opt-out)

To help carriers price competitively, the platform shows aggregated benchmarks like "the median dryvan rate from LA to Phoenix is $2.45/mi". These aggregates:

Never include carrier name, MC#, DOT#, or company identifier
Are suppressed unless the sample size is at least 5 carriers (a single rate cannot be reverse-engineered)
Show p25 / median / p75 only — never your specific value
You can opt out of contributing in your dashboard settings; you'll still see the aggregates if you want

2. How we protect your data technically

Encryption in transit

TLS 1.2+ everywhere, HSTS preload, modern cipher suites only. No HTTP fallback for any authenticated route.

Encryption at rest

Sensitive secrets (your Anthropic API key, custom-domain verification tokens) are encrypted with AES-256-GCM with a unique IV per record before they touch the database.

Per-tenant AI keys

Bring your own Anthropic API key. Your AI calls go on your account, your rates never enter a shared LLM context across tenants.

Audit log

Every change to your rates — by you, your team, or the AI agent — is logged with actor, timestamp, before / after values, and reason. Visible to you in your dashboard.

Sessions & auth

HttpOnly + Secure cookies, bcrypt cost-12 password hashing, 30-day session expiry, "sign out everywhere" available, password change requires the current password.

Bot & abuse protection

Rate-limited public endpoints, Cloudflare-fronted DNS, X-Worker-Auth header gating to prevent direct-deployment spoofing. Custom-domain claims require DNS TXT verification before they go live.

3. Data ownership

You own your data. We are the custodian; you are the owner.
Export anytime — leads as CSV, rates as JSON, audit log as CSV. No paywall, no friction.
Delete anytime — full account + tenant deletion erases your rate cards, accessorials, lane zones, terminals, leads, conversations, audit log, and brand config. Backups are purged within 30 days.
We don't sell, share, or rent your data to third parties. Ever.
We don't train models on your data. Your rates and customer leads are not used to fine-tune any AI model.

4. Compliance posture

Standards we follow today

TLS 1.2+ for data in transit, with HSTS
AES-256-GCM (authenticated encryption) for secret fields at rest
Per-tenant data isolation enforced at the database query layer
Encrypted DB backups (handled by our managed Postgres provider)
Privacy-by-design data handling — no third-party analytics scripts on your dashboard or hosted page
GDPR & CCPA cooperation: data subject access requests, right-to-deletion, right-to-portability all supported via your dashboard or email request

On the roadmap

SOC 2 Type II audit (target: H2 2026)
ISO 27001 certification (planned after SOC 2)
Annual third-party penetration testing
Customer-facing security disclosures & status page

We don't claim certifications we don't yet hold. If a buyer contract requires SOC 2 today, we can negotiate a security addendum / DPA in the meantime — security@quotefleet.net.

5. Legal documents

Data Processing Addendum (DPA) — standard DPA for customers subject to GDPR / UK GDPR / CCPA / PIPEDA. Sign electronically through your dashboard, or download / print / counter-sign.
security.txt — RFC 9116 vulnerability-disclosure manifest for security researchers' tooling.

6. Reporting a vulnerability

Found a bug that affects security or confidentiality? We'd like to hear from you before our customers do. Email security@quotefleet.net with details. We respond to all reports within 48 hours and publicly credit researchers (with permission) once a fix ships.

Researcher acknowledgments

We list contributors here when their report has shipped a fix and they've agreed to be credited. (No reports yet — yours could be the first.)