Shipider
ProductPricingBlogSupport
Sign inStart free
ProductPricingBlogSupport
Sign inStart free
LEGAL·SECURITY OVERVIEW

Security at Shipider

How we protect your warehouse data — infrastructure, encryption, access control, audit trails, and how we respond when something goes wrong.

LAST UPDATED MARCH 4, 2026v1.0
Terms of ServicePrivacy PolicyData Processing AddendumSecuritySOC 2
ON THIS PAGE
  • 01Our approach
  • 02Infrastructure
  • 03Tenant isolation
  • 04Encryption
  • 05Access control
  • 06Audit trails
  • 07Backup & DR
  • 08Vulnerability mgmt
  • 09Incident response
  • 10Compliance
  • 11Responsible disclosure

1. Our Approach

Shipider was built from day one for multi-tenant warehouse operations, so security and data isolation are core platform concerns — not optional add-ons. This page summarizes the controls we apply across infrastructure, application, and operations.

2. Infrastructure

The platform runs on managed cloud infrastructure with redundant availability zones. Underlying providers maintain ISO 27001, SOC 2, and PCI DSS attestations. Compute, storage, and networking are isolated per environment (production, staging, development).

3. Tenant Isolation

Each Customer's data is logically isolated using a tenant identifier propagated at every layer — middleware, application, and database query level. Cross-tenant access is structurally impossible through the standard API.

4. Encryption

In transit: All traffic to the platform is encrypted with TLS 1.2 or higher. HSTS is enforced on the customer-facing dashboard.

At rest: Database storage and object storage are encrypted with AES-256.

5. Access Control

Customer access uses role-based permissions with optional two-step verification. Internal access to production systems is restricted to a minimal set of employees, gated by SSO with hardware-key MFA, and logged.

6. Audit Trails

The platform maintains immutable audit logs for sensitive actions: order processing, pallet confirmation, inventory adjustments, user role changes, and billing events. Logs are retained for the duration of the subscription and can be exported.

7. Backup & Disaster Recovery

Customer data is backed up daily with point-in-time recovery available within retention windows. We test recovery procedures regularly and maintain a documented disaster recovery plan.

8. Vulnerability Management

Dependencies are scanned continuously for known vulnerabilities. We perform regular penetration testing using independent third parties and address findings through a tracked remediation process.

9. Incident Response

We maintain a documented incident response plan covering detection, triage, containment, and customer notification. Confirmed security incidents affecting Customer Data are communicated to the affected Customer without undue delay.

10. Compliance

Shipider operates in alignment with GDPR and UK GDPR principles via the Data Processing Addendum. Our SOC 2 program is described on the SOC 2 page.

11. Responsible Disclosure

We welcome security research. To report a vulnerability, email support@shipider.com with reproduction steps and impact. We commit to acknowledging valid reports within 5 business days.

Shipider

The calm, capable WMS.

@UseShipider
Product
FeaturesReportsPricingAPI DocsSupportChangelogFeedback
Solutions
For 3PLsFor eCommerceFor Small WarehousesCase Studies
Company
About UsOur BlogContactInvestors
Legal
TermsPrivacyDPASecuritySOC 2
© 2026 Shipiderv2.4.1 · build 8821 · all systems operational