Security

PackageTrack Pro is built to handle your facility's package data with the same care you put into managing it. Here's how we protect your information at every layer.

1. Encryption

Data in Transit

All connections to PackageTrack Pro use TLS 1.2 or higher. Every request between your browser and our servers is encrypted. API calls, photo uploads, webhook communications, and database connections are all encrypted in transit.

Data at Rest

Sensitive integration credentials (webhook URLs, API keys for notification channels) are encrypted using AES-256-GCM — the same standard used by banks and government agencies. Each encryption operation uses a unique initialization vector and authentication tag to prevent tampering.

Passwords

User passwords are never stored in plain text. We use bcrypt with a cost factor of 12, which makes brute-force attacks computationally impractical. We never log, display, or transmit passwords — not even to our own team.

2. Tenant Isolation

PackageTrack Pro is a multi-tenant platform, meaning multiple organizations share the same infrastructure. But your data is completely isolated.

• Every database query is scoped to your facility. Cross-facility data access is architecturally prevented at every layer of the application.
• Facility identity is extracted from the authenticated session on the server — it is never supplied by the browser, so it cannot be spoofed.
• Photos are stored in facility-specific paths. Presigned upload URLs expire after 5 minutes and are scoped to your facility.
• If someone attempts to access data from another facility, the system returns a "not found" response — it does not confirm whether the data exists elsewhere.

3. Authentication & Access Control

Login Security

• Accounts are locked after 5 failed login attempts for 15 minutes to prevent brute-force attacks.
• Login timing is normalized so that response times do not reveal whether an email address is registered.
• Sessions use signed JWT tokens with automatic expiration.

Role-Based Access

Within each facility, access is controlled by role. Admins manage users and settings. Operators handle day-to-day package receiving and delivery. Viewers have read-only access. No role can access data outside their facility.

4. Payment Security

We never see, store, or process your credit card information. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of certification in the payments industry. Card numbers go directly from your browser to Stripe's servers.

Stripe webhook events are verified using cryptographic signatures before processing, and each event is processed exactly once using idempotency checks.

5. Photo & File Security

• Package photos are stored on Cloudflare's global network (R2 object storage), separate from the application database.
• Upload URLs are time-limited (5-minute expiration) and facility-scoped.
• Photos are automatically deleted according to your facility's retention policy (default: 90 days).
• Upload rate limiting prevents abuse — 60 uploads per user per hour.

6. AI Privacy

PackageTrack Pro uses AI (Anthropic's Claude) for label scanning and recipient matching. Here's what you should know:

• Anthropic does not use API data to train their models. Your package labels and data are processed and discarded.
• AI features degrade gracefully — if the AI service is unavailable, all core functionality (receiving, delivering, searching) continues to work without interruption.
• AI usage is rate-limited per user to control costs and prevent abuse.

7. Infrastructure

Hosting & Deployment

PackageTrack Pro runs on Vercel's edge network with automatic HTTPS, DDoS protection, and global distribution. Deployments are automated from source control — no manual server access required.

Database

Our PostgreSQL database is hosted on Neon, which provides automated backups, point-in-time recovery, and encrypted connections. Database credentials are never exposed in client-side code.

Error Monitoring

We use Sentry for error tracking with source maps hidden from client bundles. Error reports include contextual information for debugging but never include passwords, API keys, tokens, or sensitive user data.

8. Input Validation

All user input is validated on both the client and server using strict schema validation (Zod). This prevents malformed data, injection attacks, and unexpected input from reaching the database. All database queries use parameterized queries through our ORM — there are no raw SQL queries in the application.

9. Data Retention

• Package photos are automatically cleaned up per your facility's retention policy (default: 90 days).
• Trial accounts that expire have their data deleted after 30 days.
• Old notifications are automatically pruned to keep the system lean.

10. Subprocessors

We use the following third-party services to operate PackageTrack Pro. Each maintains their own security certifications:

• Neon — PostgreSQL database hosting (SOC 2)
• Cloudflare — Photo storage via R2 (SOC 2, ISO 27001)
• Vercel — Application hosting (SOC 2)
• Stripe — Payment processing (PCI DSS Level 1)
• Resend — Transactional email delivery
• Sentry — Error monitoring (SOC 2)
• Anthropic — AI label scanning (does not train on API data)
• Twilio — SMS notifications (optional, per-facility)
• BetterStack — Uptime monitoring

11. Compliance

Our security practices are designed with SOC 2 principles in mind, and our core infrastructure providers (Neon, Cloudflare, Vercel, Stripe, Sentry) are independently SOC 2 certified. We maintain a Privacy Policy covering data collection, usage, and your rights under CCPA/CPRA, and Terms of Service governing platform usage.

For enterprise customers requiring a Data Processing Agreement or additional compliance documentation, contact us at support@packagetrackpro.com.

Questions?

If you have security questions or want to report a vulnerability, contact us at support@packagetrackpro.com.