Built with Security Controls From Day One
Route data, delivery addresses, and driver information require serious data handling. Parcelarc is designed with security controls appropriate for carrier operations data.
Six Security Pillars
Encryption in Transit
All API traffic and driver app communications encrypted with TLS 1.3. No unencrypted plaintext endpoints. Certificate pinning on the driver app.
Encryption at Rest
All route data, delivery addresses, and customer data encrypted at rest using AES-256. Database encryption keys managed via dedicated key management with rotation.
Access Controls (RBAC)
Role-based access control per depot and per organization. Dispatchers see only their assigned depots. API keys scoped to specific depot IDs and action types.
Data Residency (US)
All customer data — route data, delivery addresses, driver records — stored in US-based data centers. No cross-border data transfer. Data residency terms available in carrier agreements.
Audit Logs
Full audit trail for every re-optimization event: who triggered it, what constraints were applied, what the output was, and which driver received the update. Retained for 12 months minimum.
SOC 2 Controls in Design
Parcelarc is designed with SOC 2 Type II controls in mind. We have not yet completed a formal SOC 2 audit. Carriers with audit requirements should contact us to discuss our controls documentation.
Route Data Policy
Parcelarc processes route data — delivery addresses, stop sequences, driver identifiers, and timing data — as part of its core function. Here's what we store and for how long:
Security Questions? Contact Our Team.
Carrier IT evaluators: we can provide our security controls documentation and answer specific questions about data handling and audit requirements.
Contact Our Team