🔒 Security & Compliance

Enterprise-grade security.
Without enterprise pricing.

Your load data, customer records, and financial history are protected by the same infrastructure used by banks and Fortune 500 companies — SOC 2 Type II certified at the infrastructure layer, AES-256 encrypted at rest, TLS 1.3 in transit, and PIPEDA-aligned for Canadian operators.

🔒 AES-256 encrypted at rest
🔐 TLS 1.3 in transit
🏗 SOC 2 Type II infrastructure
🇨🇦 PIPEDA & Law 25 aligned
💳 Stripe PCI DSS Level 1
🔑 Optional MFA / 2FA
Data Protection

How your data is protected

🏢
Tenant isolation

Row-Level Security (RLS) is enforced at the database layer. Your data is cryptographically separated from every other account — even on shared infrastructure. No cross-tenant data leakage is architecturally possible.

🔒
Encryption at rest & in transit

All data is encrypted at rest using AES-256 — load records, financials, carrier contacts, and documents. All connections use TLS 1.3. There is no unencrypted path to your data.

👤
Role-based access control

Seven role types — Owner, Manager, Sales Agent, Dispatcher, Accountant, Customer Service, and Indy Agent — each with scoped permissions enforced at the API layer. Dispatchers access loads but not financials. Accountants access invoices but not CRM. Customer Service reps can track shipments and view customer records. Access is granted by role, never by trust.

📋
Full audit log

Every action taken inside your workspace is logged with a timestamp, user identity, and session context. Load changes, invoice edits, permission grants — every event is immutable and permanently retrievable.

🇨🇦
PIPEDA & Québec Law 25

Designed for Canadian operators. Data handling follows PIPEDA principles: purpose limitation, minimal collection, and user rights. Québec Law 25 consent flows are implemented for data subjects in Québec.

🌍
US state privacy alignment

For US-based users, data handling aligns with CCPA-inspired principles: no sale of personal data, right to deletion on account closure, and opt-out of marketing communications at any time.

Infrastructure

Built on certified infrastructure

FreightLeads Pro is built on infrastructure providers that maintain their own independent security certifications — so you get enterprise-grade protection without paying enterprise prices.

Supabase
SOC 2 Type II

Our database and authentication layer. Supabase is SOC 2 Type II certified, with AES-256 encryption at rest, point-in-time recovery, and infrastructure hosted on AWS with geographic redundancy. Row-Level Security is enforced at the Postgres layer — no application-layer workarounds.

Supabase Security Documentation ↗
Vercel
SOC 2 Type II

Our application hosting and global edge network. Vercel is SOC 2 Type II certified. The platform runs on AWS with DDoS protection, automatic HTTPS enforcement on every route, and isolated build environments per deployment.

Vercel Security Documentation ↗
Stripe
PCI DSS Level 1

All subscription billing is handled by Stripe — certified at PCI DSS Level 1, the highest certification level available. No card data ever passes through or is stored on FreightLeads Pro servers. The payment flow is entirely tokenized and handled by Stripe's infrastructure.

Stripe Security Documentation ↗
Payment Security

We never see your card number

Subscription payments for FreightLeads Pro are processed entirely by Stripe using tokenized card data. Your card number, CVV, and billing details never touch our servers — Stripe handles every step of the payment flow. This is not a policy choice; it is an architectural constraint.

Data Retention & Deletion

Your data, your call

When you cancel your account, your data is retained for 30 days in case of reactivation, then permanently deleted from our systems on request. You can request a full export of your account data at any time by contacting [email protected].

Responsible Disclosure

Found a security issue?

If you discover a security vulnerability in FreightLeads Pro, please report it responsibly before any public disclosure. We take all reports seriously and commit to responding within 72 hours.

[email protected]

Please do not disclose security issues publicly until we have had a chance to investigate and remediate. We do not currently offer a bug bounty program, but we appreciate responsible disclosure and will acknowledge contributors publicly if they wish.

Ready to get started?

Your data is safer here
than in a spreadsheet.

14-day free trial. No credit card. Cancel anytime.

Start free — 14 days →Back to home