Security at TruckerProfit Inc.

Security program overview

• Encryption in transit: TLS 1.3 with HSTS preload on all public properties
• Encryption at rest: AES-256 for customer data in production databases
• Identity: JWT with refresh-token revocation, TOTP 2FA for staff, role-based access control
• Audit logging: Append-only audit trail for sensitive operations, 365-day retention
• Vulnerability management: Continuous dependency scanning, monthly third-party penetration tests
• Compliance: SOC 2 Type II audit in progress, target completion Q3 2026
• Incident response: 24-hour customer notification SLA for confirmed security incidents