Data Processing and Security Overview
Effective date: July 11, 2026 ยท Version 2026-07-11
Processing Purpose
CarrierOps processes customer data to provide business software for company setup, users and permissions, load management, document storage, invoicing, inspection and maintenance records, fuel purchases, alerts, reminders, feedback, partner integrations, support, security, and troubleshooting.
Verified Safeguards
Repository evidence shows ASP.NET Identity authentication, HTTP-only cookies, secure cookies outside development, anti-forgery protection, company-level query scoping, role/permission checks, authorization-controlled file access, private storage abstraction for uploads, rate limiting for partner API requests, and provider-based database and upload storage configuration.
Hosting, Storage, and Backups
Deployment docs reference Render hosting, PostgreSQL, and Azure Blob Storage as the production-safe upload storage mode. Local file storage is explicitly warned as unsafe for durable production uploads. Backup retention, restore testing, and company archive/export procedures are not fully documented and require launch-readiness work.
No Certification Claims
The repository does not show SOC 2, HIPAA, PCI, ISO 27001, or similar security certifications. CarrierOps should not make those claims unless independently verified.
Security Reports
Report suspected vulnerabilities, unauthorized access, or security incidents to [SECURITY EMAIL REQUIRED].