Security at Shipider
How we protect your warehouse data — infrastructure, encryption, access control, audit trails, and how we respond when something goes wrong.
1. Our Approach
Shipider was built from day one for multi-tenant warehouse operations, so security and data isolation are core platform concerns — not optional add-ons. This page summarizes the controls we apply across infrastructure, application, and operations.
2. Infrastructure
The platform runs on managed cloud infrastructure with redundant availability zones. Underlying providers maintain ISO 27001, SOC 2, and PCI DSS attestations. Compute, storage, and networking are isolated per environment (production, staging, development).
3. Tenant Isolation
Each Customer's data is logically isolated using a tenant identifier propagated at every layer — middleware, application, and database query level. Cross-tenant access is structurally impossible through the standard API.
4. Encryption
In transit: All traffic to the platform is encrypted with TLS 1.2 or higher. HSTS is enforced on the customer-facing dashboard.
At rest: Database storage and object storage are encrypted with AES-256.
5. Access Control
Customer access uses role-based permissions with optional two-step verification. Internal access to production systems is restricted to a minimal set of employees, gated by SSO with hardware-key MFA, and logged.
6. Audit Trails
The platform maintains immutable audit logs for sensitive actions: order processing, pallet confirmation, inventory adjustments, user role changes, and billing events. Logs are retained for the duration of the subscription and can be exported.
7. Backup & Disaster Recovery
Customer data is backed up daily with point-in-time recovery available within retention windows. We test recovery procedures regularly and maintain a documented disaster recovery plan.
8. Vulnerability Management
Dependencies are scanned continuously for known vulnerabilities. We perform regular penetration testing using independent third parties and address findings through a tracked remediation process.
9. Incident Response
We maintain a documented incident response plan covering detection, triage, containment, and customer notification. Confirmed security incidents affecting Customer Data are communicated to the affected Customer without undue delay.
10. Compliance
Shipider operates in alignment with GDPR and UK GDPR principles via the Data Processing Addendum. Our SOC 2 program is described on the SOC 2 page.
11. Responsible Disclosure
We welcome security research. To report a vulnerability, email support@shipider.com with reproduction steps and impact. We commit to acknowledging valid reports within 5 business days.
