Security at InboundShipments
Your supply chain data is sensitive. InboundShipments is built on enterprise-grade infrastructure with row-level security, encryption, and role-based access to keep your shipment, vendor, and financial data protected.
How We Protect Your Data
InboundShipments leverages enterprise-grade infrastructure from our infrastructure partners, combined with application-level security patterns designed for multi-tenant supply chain data.
Managed PostgreSQL Database
Your data is stored in a dedicated PostgreSQL database hosted on enterprise-grade cloud infrastructure. Our database hosting provider maintains SOC 2 Type II compliance, so your data benefits from enterprise-grade infrastructure security.
Row-Level Security (RLS)
Every database table is protected by PostgreSQL row-level security policies. These policies enforce data isolation at the database level, ensuring that users can only access records belonging to their organization regardless of how the application is queried.
Encryption at Rest and in Transit
All data is encrypted at rest using AES-256 encryption on our managed database infrastructure. All connections between your browser, our application servers, and the database use TLS encryption to protect data in transit.
Role-Based Access Control
InboundShipments uses role-based access to control what users can see and do within the platform. Permissions are enforced at the API level so access restrictions cannot be bypassed through the user interface.
Secure Vendor Sharing Links
Share purchase order details with vendors and suppliers through read-only shareable links. Recipients can view the information they need without creating an account or logging in, and you control which data is visible through each link.
HTTPS Everywhere
Every page and API endpoint in InboundShipments is served exclusively over HTTPS. Our application is deployed on a modern edge platform that provisions and manages TLS certificates automatically. HTTP connections are redirected to HTTPS.
Environment-Isolated API Keys
API keys are scoped to individual environments and never shared between development, staging, and production. Third-party integrations use dedicated API keys that can be rotated independently without affecting other services.
Edge Deployment
The InboundShipments application is deployed on an edge platform that provides DDoS protection, automatic failover, and edge caching. Our deployment provider maintains SOC 2 Type II compliance for their deployment platform.
Infrastructure Security
InboundShipments is built on two platforms with strong security track records. Our database layer runs on managed PostgreSQL cloud infrastructure with SOC 2 Type II compliance. Our application layer is deployed on an edge platform that also holds SOC 2 Type II certification and provides automatic DDoS mitigation, edge TLS termination, and zero-downtime deployments.
We chose this architecture deliberately. Rather than managing our own servers and re-implementing security controls from scratch, we build on platforms where security is a core product feature maintained by dedicated teams. This lets us focus on application-level security while inheriting infrastructure protections that would take years and significant resources to replicate independently.
Application-Level Security
At the application level, InboundShipments enforces data isolation through PostgreSQL row-level security policies on every table. This means access control is enforced by the database engine itself, not just by application code. Even if an application-level bug bypassed a permission check, the database would still prevent unauthorized access to another organization's data.
Role-based access control determines what actions users can perform within their organization. API endpoints validate permissions server-side before processing any request. Vendor sharing links are scoped to specific resources and provide read-only access without authentication, keeping collaboration simple while limiting data exposure.
Our Security Commitment
We are a growing product and we are transparent about where we stand. We do not yet hold our own SOC 2 certification or conduct independent penetration testing. As InboundShipments grows, we plan to pursue these milestones. In the meantime, we build on infrastructure providers who do hold these certifications, and we follow security best practices in our application code: parameterized queries, input validation, least-privilege access, and environment-isolated secrets.
If you have specific security questions or need documentation for your vendor assessment process, please reach out to us at support@inboundshipments.com. We are happy to discuss our security posture in detail.
Security FAQ
Ready to get started?
Start managing your inbound shipments on a platform built with security at every layer. No credit card required.