Trust & Safety

Security

Your business data is valuable. Here's how we protect it.

Last updated: April 30, 2026

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Backups are encrypted before leaving our servers.

Infrastructure

Hosted on enterprise-grade cloud infrastructure with redundant availability zones, DDoS protection, and automated failover.

Access Controls

Row-level security ensures each company can only access its own data. Employee access to production data is restricted and audited.

Backups

Automated daily backups with point-in-time recovery. We can restore any account to any minute within the last 7 days.

Monitoring

24/7 uptime monitoring, anomaly detection, and automated alerts. Incidents are investigated and resolved with full post-mortems.

Authentication

Secure password hashing (bcrypt), optional two-factor authentication (TOTP), and session management with automatic expiry.

Infrastructure Security

DumpTruckBoss runs on Supabase (built on AWS), one of the world's most reliable cloud infrastructure providers. Our deployment uses:

  • Isolated PostgreSQL database instances per region
  • Virtual private cloud (VPC) with strict inbound/outbound rules
  • Automatic scaling to handle traffic spikes without service degradation
  • DDoS mitigation at the network edge
  • Redundant storage with geographic replication

Our physical infrastructure is housed in SOC 2 Type II certified data centers. We do not operate our own physical servers.

Data Encryption

All data is protected at every layer:

  • In transit: TLS 1.2 or higher for all connections. HTTP requests are automatically redirected to HTTPS.
  • At rest: AES-256 encryption for all stored data, including database rows, file uploads, and backups.
  • Passwords: Stored as bcrypt hashes. We never store plaintext passwords and cannot retrieve them.
  • API keys: Stored as one-way hashes. Shown only once at creation time.

Access Controls and Isolation

Multi-tenant data isolation is enforced at the database level using Row Level Security (RLS):

  • Every database query is automatically scoped to the authenticated company's records
  • It is architecturally impossible for one company to access another company's data
  • Role-based permissions within a company (Admin, Dispatcher, Driver, Accountant)
  • Drivers can only submit and view their own tickets

DumpTruckBoss employees do not have routine access to customer data. When access is required for support purposes, it requires explicit authorization and is logged.

Authentication

  • Passwords must meet minimum complexity requirements
  • Optional TOTP-based two-factor authentication (Google Authenticator, Authy)
  • Sessions expire after periods of inactivity
  • Email verification required for new accounts and email changes
  • Rate limiting on login attempts to prevent brute-force attacks
  • Account lockout after repeated failed login attempts

Backups and Recovery

  • Automated backups run daily with a 7-day retention window
  • Point-in-time recovery available to restore data to any minute within the retention window
  • Backups are stored in a separate region from primary data
  • Recovery procedures are tested quarterly

Monitoring and Incident Response

We maintain continuous monitoring across our systems:

  • Real-time uptime monitoring with automatic alerts
  • Application error tracking and performance monitoring via Sentry
  • Anomaly detection for unusual access patterns or data volumes
  • Security event logging with tamper-proof audit trails

In the event of a confirmed security incident affecting your data, we will notify affected customers by email within 72 hours of discovery, in accordance with applicable regulations.

Responsible Disclosure

We take security reports seriously. If you discover a vulnerability in DumpTruckBoss, please report it to us privately before disclosing it publicly. We commit to:

  • Acknowledging your report within 2 business days
  • Providing a timeline for investigation and remediation
  • Notifying you when the issue is resolved
  • Crediting you publicly (if you'd like) for the finding

Report a vulnerability

Email: security@dumptruckboss.com — PGP key available on request.

Questions

For security questions, vendor assessments, or compliance inquiries, contact security@dumptruckboss.com.