Security

Built secure
from day one

Logistics software carries operational, financial, and personal data. CyVeR is designed around tenant isolation, least-privilege access, encryption, and accountable engineering practices — without publishing implementation details that could aid attackers.

Below is how we think about security at the layer of principles and categories — the same posture we describe to prospects and auditors before sharing specifics under agreement.

Tenant isolation

Extensive systematic review across the codebase — every path treated as multi-tenant by default.

Injection defenses

Layered validation and output encoding wherever user-generated content reaches documents or messaging.

Audit trail

Immutable logs for privileged actions — accountability for operators and investigators.

PIPEDA

Canadian posture

Canadian-hosted infrastructure with privacy-aware design aligned to common carrier obligations.

01 · Architecture

Multi-tenant by design

CyVeR is architected so each customer's operational universe stays logically separated from every other tenant. Queries, APIs, exports, notifications, and administrator tooling all honour tenant boundaries — before anyone reads a row, uploads a document, or triggers an automation.

Strict tenant data isolation is enforced at the database layer. Automated checks and systematic reviews reduce the risk of cross-tenant leakage as the product evolves.

  • Canadian-hosted infrastructure — aligned with typical carrier expectations for where fleet data lives.
  • Geographic data residency — positioned for Canadian logistics operators; Enterprise arrangements can document residency commitments contractually.
  • Defense in depth — isolation assumptions carry through APIs, jobs, integrations, and administrative tooling.

Tenant boundary

Conceptual model

Fleet A — orders, drivers, invoices, integrations — isolated logical boundary.

Fleet B — separate boundary; no operational crossover without explicit platform-admin workflows where applicable.

Illustrative only — design reviewed continuously as modules ship.

02 · Authentication & access

Strong identity & roles

Passwords are stored using industry-standard password hashing. Sessions use token-based authentication with rotation so credentials do not remain valid indefinitely after lifecycle events. Administrative workflows support multi-factor authentication where appropriate for console users.

Login flows include brute-force protections and rate limiting on authentication endpoints. Configurable session timeout and session management with concurrent-session controls reduce risk from unattended workstations or credential reuse across devices.

  • Role-based access control across features — fewer humans touch fewer surfaces than their job requires.
  • Single sign-on (SSO) for Enterprise customers — planned / roadmapped alongside negotiated contracts.
  • OAuth integrations (for example accounting connections) use short-lived, server-managed authorization flows.

RBAC overview

Illustrative roles

A

Admin

Tenant settings · users · billing coordination

D

Dispatcher

Operations · trips · customer-facing workflows

DM

Driver manager

Fleet · drivers · compliance artefacts

DR

Driver

Mobile app · trips · POD capture

AC

Accountant

Invoices · AR · financial exports

V

Viewer

Read-only scope where configured

03 · Data protection

Confidentiality & backups

Customer data is protected in transit using TLS and at rest using proven encryption approaches, including modern authenticated encryption for offline backup material. Operational policies limit who may access production systems and under what approvals.

Daily encrypted backups support disaster recovery objectives. Sensitive fields receive additional handling where warranted. We apply data minimization in product design — for example, public tracking surfaces are scoped to what shippers need, not full operator views.

Encryption & keys

Encryption responsibilities span transport, database volumes, backups, and selective application-layer protections for especially sensitive payloads — compartmentalised so no single artefact grants blanket access.

Production access

Human access to production is restricted, logged where used for support, and governed by internal procedures appropriate to regulated logistics workloads.

04 · Application security

Safe inputs & safe outputs

Requests are validated against schemas before reaching persistence layers. Generated HTML — invoices, emails, PDFs — passes through systematic encoding paths so scripting payloads cannot silently execute in customer-facing artefacts.

Schema-based validation

Structured checks on payloads at API boundaries — types, lengths, and formats enforced consistently.

Output encoding

Risk-aware interpolation everywhere templated documents render customer-supplied fields — defence against injection into browsable or printable surfaces.

Upload controls

Attachment handling restricts risky types and sizes — logistics paperwork stays paperwork, not executable payloads.

Browser security headers

Hardened HTTP responses including Content Security Policy enforcement, clickjacking protection, MIME sniffing protections, and transport layer security enforcement for compatible clients.

Origin controls

Browser integrations allow known customer-facing origins — wildcards are avoided in production configurations.

Abuse prevention

API rate limiting on authentication and sensitive lookups slows scripted guessing and accidental thundering herds.

05 · Infrastructure

Edge & production hardening

Production traffic sits behind enterprise-grade edge protection with automated certificate management, DNS security extensions, and automated bot mitigation. Certificates are validated end-to-end; plaintext loops to customer browsers are avoided for primary applications.

Servers run on Canadian-hosted infrastructure using hardened operating-system baselines and administrative discipline appropriate for regulated workloads. Database connectivity is restricted to localhost — no external network exposure to the database server. Telemetry that leaves your tenant boundary follows subprocessors disclosed in our Privacy Policy.

Monitoring & alerting

Production relies on error tracking and alerting plus external uptime monitoring — layered visibility without broadcasting sensitive internals publicly.

Secure engineering lifecycle

Automated testing runs on meaningful changes; dependency posture benefits from automated dependency monitoring; secrets never ship with insecure defaults suitable for production.

🇨🇦 Canadian-hosted Encryption in transit & at rest Daily encrypted backups PIPEDA-aligned posture

06 · Compliance & privacy

Accountability & assessments

We document data handling consistent with PIPEDA-aligned expectations, maintain retention policies appropriate to trucking and tax context, and treat privacy as a product concern — not a marketing footnote.

  • Documented retention policies coordinated with our Privacy Policy.
  • Privacy-by-design product decisions — minimization on public surfaces, tenant-scoped audit material, clear subprocessors lists.
  • Continuous internal security testing — multi-tenant isolation, role-based authorization, authentication attack surface, input validation, file upload defenses, and infrastructure hardening probed via reproducible automated test suites ahead of every major release.
  • Targeted penetration testing on a defined cadence — findings remediated as production-grade defects.

Driver location

Dispatcher views show operational detail; customer tracking links stay intentionally coarse.

Financials

Field-level filtering keeps rate and margin data in the right roles and surfaces.

Customer PII

Tokenized public links avoid email or note leakage to unauthenticated viewers.

07 · Monitoring & response

Detect, trace, notify

Comprehensive audit logging captures privileged changes with enough context for security and operations teams to reconstruct who did what and when — without storing secrets in log metadata.

We combine engineering alerts, anomaly awareness, and defined incident response procedures. When a breach poses a real risk of significant harm, customer breach notification follows the commitments in our Privacy Policy and applicable Canadian privacy law — including coordination with regulators when required.

Logging policy

Design principles

  • Tenant-scoped visibility — customer administrators review their trail; platform operations retain separate controls.
  • Structured metadata only — sensitive payloads are excluded from audit rows by policy.
  • Immutable storage model — events append; history supports dispute resolution and investigations.

Audit trail

Illustrative excerpt

Tenant view
Operations user·Updated role

Dispatcher access granted

14:32
Finance user·Issued invoice

Customer remittance packet

13:18
Administrator·Connected integration

Accounting sync authorized

09:45
Append-only · tenant-scoped · no credentials in rows

08 · Responsible disclosure

Found something?

If you've found a security issue in CyVeR, please report it privately. We'll respond within one business day, coordinate on a fix timeline, and credit you publicly if you want.

Please don't open public issues with exploit details or post on social media before we've had a chance to respond.

09 · Detailed security documentation

Under NDA for enterprise buyers

Comprehensive security architecture documentation — including deeper control descriptions, assessment summaries where available, and incident response playbooks tailored to procurement questions — is shared with enterprise customers under NDA as part of diligence.

Contact [email protected] to request enterprise security documentation or to schedule a security review with our team.

Want to audit it yourself?

Enterprise customers can get a security walk-through with our team. Bring your security team — we'll answer everything.

Request a Demo