Security

Encryption in Transit

All data transmitted between your device and our servers is encrypted using industry-standard protocols:

• HTTPS/TLS 1.3: All web traffic is encrypted using Transport Layer Security (TLS)
• Secure Connections: We enforce HTTPS for all connections
• Certificate Validation: SSL certificates are regularly updated and validated
• Perfect Forward Secrecy: Each session uses unique encryption keys

Encryption at Rest

Your data stored in our database is protected:

• Database Encryption: All data is encrypted at rest using AES-256 encryption
• Storage Encryption: Media files (PODs, avatars) are encrypted in storage
• Backup Encryption: All backups are encrypted before storage
• Key Management: Encryption keys are managed securely and rotated regularly

Password Security

• Hashing: Passwords are hashed using bcrypt with salt rounds
• Never Stored in Plain Text: We never store or transmit passwords in plain text
• Minimum Requirements: Passwords must be at least 8 characters long
• Password Reset: Secure password reset via email with time-limited tokens

Session Management

• JWT Tokens: Secure JSON Web Tokens for session management
• Token Expiration: Tokens expire after a period of inactivity
• Secure Cookies: Session cookies are HttpOnly and Secure
• Single Sign-On: Integrated with Supabase Auth for secure authentication

Account Protection

• Email Verification: Accounts require email verification before activation
• Login Monitoring: We monitor for suspicious login activity
• Rate Limiting: Login attempts are rate-limited to prevent brute force attacks

Row-Level Security (RLS)

We use Supabase's Row-Level Security to ensure data isolation:

• User Isolation: Users can only access their own data
• Policy Enforcement: Security policies are enforced at the database level
• Automatic Protection: RLS prevents unauthorized data access even if application code has bugs
• Granular Control: Different policies for SELECT, INSERT, UPDATE, and DELETE operations

Database Access

• Connection Pooling: Secure connection pooling with connection limits
• Network Isolation: Database is not directly accessible from the internet
• Access Logging: All database access is logged and monitored
• Regular Updates: Database software is kept up-to-date with security patches

Media File Protection

• Signed URLs: All media files (PODs, avatars) are accessed via time-limited signed URLs
• Access Control: Files are only accessible to the owner
• Storage Policies: RLS policies control file upload, access, and deletion
• No Public Access: Files are never publicly accessible without authentication

File Validation

• Type Validation: Only allowed file types can be uploaded
• Size Limits: File sizes are limited to prevent abuse
• Image Compression: Images are automatically compressed to reduce storage and improve security
• Virus Scanning: Files are scanned for malware (when available)

Cloud Infrastructure

VanLogIQ is hosted on secure cloud infrastructure:

• Supabase Platform: Built on Supabase, which uses enterprise-grade security
• Data Centers: Data is stored in SOC 2 Type II certified data centers
• Redundancy: Data is replicated across multiple geographic locations
• Uptime Monitoring: 24/7 monitoring for availability and security incidents

Network Security

• Firewalls: Network firewalls protect against unauthorized access
• DDoS Protection: Distributed Denial of Service (DDoS) protection is in place
• Intrusion Detection: Systems monitor for suspicious network activity
• VPN Access: Administrative access requires VPN connection

Code Security

• Input Validation: All user inputs are validated and sanitized
• SQL Injection Prevention: Using parameterized queries and ORM
• XSS Protection: Cross-site scripting (XSS) protection built into framework
• CSRF Protection: Cross-site request forgery (CSRF) tokens for state-changing operations

Dependency Management

• Regular Updates: Dependencies are regularly updated for security patches
• Vulnerability Scanning: Automated scanning for known vulnerabilities
• Minimal Attack Surface: Only necessary dependencies are included

Error Handling

Error messages are designed to not expose sensitive information. Detailed error logs are kept securely and only accessible to authorized personnel.

Security Monitoring

• 24/7 Monitoring: Continuous monitoring of systems and networks
• Anomaly Detection: Automated systems detect unusual patterns
• Access Logging: All access attempts and actions are logged
• Alert System: Immediate alerts for security incidents

Incident Response

• Response Plan: Documented incident response procedures
• Rapid Response: Security team responds to incidents within defined timeframes
• User Notification: Users are notified of security incidents affecting their data
• Post-Incident Review: All incidents are reviewed to prevent recurrence

Data Protection

• GDPR Compliance: We comply with General Data Protection Regulation (GDPR) requirements
• Data Minimization: We only collect data necessary for service provision
• Right to Deletion: Users can request deletion of their data
• Data Portability: Users can export their data (Pro tier feature)

Infrastructure Certifications

Our infrastructure provider (Supabase) maintains various certifications including SOC 2 Type II, ISO 27001, and others. We leverage these certifications to ensure our service meets high security standards.

Best Practices

While we implement strong security measures, you also play a crucial role in keeping your account secure:

• Strong Passwords: Use a unique, strong password (at least 8 characters, mix of letters, numbers, symbols)
• Don't Share Credentials: Never share your account password with anyone
• Secure Devices: Keep your devices updated and use screen locks
• Log Out: Log out when using shared or public devices
• Email Security: Keep your email account secure (it's used for password resets)
• Report Suspicious Activity: Contact us immediately if you notice any suspicious activity

Recognizing Phishing

Be cautious of phishing attempts:

• We will never ask for your password via email
• Always check the URL before entering credentials
• Look for HTTPS and valid SSL certificates
• Be suspicious of unexpected emails asking for account information

Service Providers

We use trusted third-party services that maintain high security standards:

• Supabase: Database and authentication infrastructure (SOC 2 Type II certified)
• Stripe: Payment processing (PCI DSS Level 1 certified)
• Email Services: Secure email delivery for notifications

All third-party services are contractually required to maintain appropriate security measures and comply with data protection regulations.

Report Security Issues

If you discover a security vulnerability, please report it responsibly:

• Email: security@loadstandard.com
• Support: support@loadstandard.com

Please include as much detail as possible about the vulnerability. We appreciate responsible disclosure and will work with you to address any security issues.

Suspicious Activity

If you notice any suspicious activity on your account, such as unauthorized access or changes you didn't make, please contact us immediately at the email addresses above.