Security
Built secure
from day one
Logistics software carries operational, financial, and personal data. CyVeR is designed around tenant isolation, least-privilege access, encryption, and accountable engineering practices — without publishing implementation details that could aid attackers.
Below is how we think about security at the layer of principles and categories — the same posture we describe to prospects and auditors before sharing specifics under agreement.
Tenant isolation
Extensive systematic review across the codebase — every path treated as multi-tenant by default.
Injection defenses
Layered validation and output encoding wherever user-generated content reaches documents or messaging.
Audit trail
Immutable logs for privileged actions — accountability for operators and investigators.
Canadian posture
Canadian-hosted infrastructure with privacy-aware design aligned to common carrier obligations.
01 · Architecture
Multi-tenant by design
CyVeR is architected so each customer's operational universe stays logically separated from every other tenant. Queries, APIs, exports, notifications, and administrator tooling all honour tenant boundaries — before anyone reads a row, uploads a document, or triggers an automation.
Strict tenant data isolation is enforced at the database layer. Automated checks and systematic reviews reduce the risk of cross-tenant leakage as the product evolves.
- Canadian-hosted infrastructure — aligned with typical carrier expectations for where fleet data lives.
- Geographic data residency — positioned for Canadian logistics operators; Enterprise arrangements can document residency commitments contractually.
- Defense in depth — isolation assumptions carry through APIs, jobs, integrations, and administrative tooling.
Tenant boundary
Conceptual model
Fleet A — orders, drivers, invoices, integrations — isolated logical boundary.
Fleet B — separate boundary; no operational crossover without explicit platform-admin workflows where applicable.
Illustrative only — design reviewed continuously as modules ship.
02 · Authentication & access
Strong identity & roles
Passwords are stored using industry-standard password hashing. Sessions use token-based authentication with rotation so credentials do not remain valid indefinitely after lifecycle events. Administrative workflows support multi-factor authentication where appropriate for console users.
Login flows include brute-force protections and rate limiting on authentication endpoints. Configurable session timeout and session management with concurrent-session controls reduce risk from unattended workstations or credential reuse across devices.
- Role-based access control across features — fewer humans touch fewer surfaces than their job requires.
- Single sign-on (SSO) for Enterprise customers — planned / roadmapped alongside negotiated contracts.
- OAuth integrations (for example accounting connections) use short-lived, server-managed authorization flows.
RBAC overview
Illustrative roles
Admin
Tenant settings · users · billing coordination
Dispatcher
Operations · trips · customer-facing workflows
Driver manager
Fleet · drivers · compliance artefacts
Driver
Mobile app · trips · POD capture
Accountant
Invoices · AR · financial exports
Viewer
Read-only scope where configured
03 · Data protection
Confidentiality & backups
Customer data is protected in transit using TLS and at rest using proven encryption approaches, including modern authenticated encryption for offline backup material. Operational policies limit who may access production systems and under what approvals.
Daily encrypted backups support disaster recovery objectives. Sensitive fields receive additional handling where warranted. We apply data minimization in product design — for example, public tracking surfaces are scoped to what shippers need, not full operator views.
Encryption & keys
Encryption responsibilities span transport, database volumes, backups, and selective application-layer protections for especially sensitive payloads — compartmentalised so no single artefact grants blanket access.
Production access
Human access to production is restricted, logged where used for support, and governed by internal procedures appropriate to regulated logistics workloads.
04 · Application security
Safe inputs & safe outputs
Requests are validated against schemas before reaching persistence layers. Generated HTML — invoices, emails, PDFs — passes through systematic encoding paths so scripting payloads cannot silently execute in customer-facing artefacts.
Schema-based validation
Structured checks on payloads at API boundaries — types, lengths, and formats enforced consistently.
Output encoding
Risk-aware interpolation everywhere templated documents render customer-supplied fields — defence against injection into browsable or printable surfaces.
Upload controls
Attachment handling restricts risky types and sizes — logistics paperwork stays paperwork, not executable payloads.
Browser security headers
Hardened HTTP responses including Content Security Policy enforcement, clickjacking protection, MIME sniffing protections, and transport layer security enforcement for compatible clients.
Origin controls
Browser integrations allow known customer-facing origins — wildcards are avoided in production configurations.
Abuse prevention
API rate limiting on authentication and sensitive lookups slows scripted guessing and accidental thundering herds.
05 · Infrastructure
Edge & production hardening
Production traffic sits behind enterprise-grade edge protection with automated certificate management, DNS security extensions, and automated bot mitigation. Certificates are validated end-to-end; plaintext loops to customer browsers are avoided for primary applications.
Servers run on Canadian-hosted infrastructure using hardened operating-system baselines and administrative discipline appropriate for regulated workloads. Database connectivity is restricted to localhost — no external network exposure to the database server. Telemetry that leaves your tenant boundary follows subprocessors disclosed in our Privacy Policy.
Monitoring & alerting
Production relies on error tracking and alerting plus external uptime monitoring — layered visibility without broadcasting sensitive internals publicly.
Secure engineering lifecycle
Automated testing runs on meaningful changes; dependency posture benefits from automated dependency monitoring; secrets never ship with insecure defaults suitable for production.
06 · Compliance & privacy
Accountability & assessments
We document data handling consistent with PIPEDA-aligned expectations, maintain retention policies appropriate to trucking and tax context, and treat privacy as a product concern — not a marketing footnote.
- ✓ Documented retention policies coordinated with our Privacy Policy.
- ✓ Privacy-by-design product decisions — minimization on public surfaces, tenant-scoped audit material, clear subprocessors lists.
- ✓ Continuous internal security testing — multi-tenant isolation, role-based authorization, authentication attack surface, input validation, file upload defenses, and infrastructure hardening probed via reproducible automated test suites ahead of every major release.
- ✓ Targeted penetration testing on a defined cadence — findings remediated as production-grade defects.
Driver location
Dispatcher views show operational detail; customer tracking links stay intentionally coarse.
Financials
Field-level filtering keeps rate and margin data in the right roles and surfaces.
Customer PII
Tokenized public links avoid email or note leakage to unauthenticated viewers.
07 · Monitoring & response
Detect, trace, notify
Comprehensive audit logging captures privileged changes with enough context for security and operations teams to reconstruct who did what and when — without storing secrets in log metadata.
We combine engineering alerts, anomaly awareness, and defined incident response procedures. When a breach poses a real risk of significant harm, customer breach notification follows the commitments in our Privacy Policy and applicable Canadian privacy law — including coordination with regulators when required.
Logging policy
Design principles
- Tenant-scoped visibility — customer administrators review their trail; platform operations retain separate controls.
- Structured metadata only — sensitive payloads are excluded from audit rows by policy.
- Immutable storage model — events append; history supports dispute resolution and investigations.
Audit trail
Illustrative excerpt
Dispatcher access granted
Customer remittance packet
Accounting sync authorized
08 · Responsible disclosure
Found something?
If you've found a security issue in CyVeR, please report it privately. We'll respond within one business day, coordinate on a fix timeline, and credit you publicly if you want.
Please don't open public issues with exploit details or post on social media before we've had a chance to respond.
09 · Detailed security documentation
Under NDA for enterprise buyers
Comprehensive security architecture documentation — including deeper control descriptions, assessment summaries where available, and incident response playbooks tailored to procurement questions — is shared with enterprise customers under NDA as part of diligence.
Contact [email protected] to request enterprise security documentation or to schedule a security review with our team.
Want to audit it yourself?
Enterprise customers can get a security walk-through with our team. Bring your security team — we'll answer everything.