Skip to content
Security

Tenant isolation built into the database — not bolted on

Trucker Flow is multi-company by design. Per-company Row-Level Security, role-based access, audited sensitive data, and hardened headers protect every department from dispatch to settlements.

RLS on every table 10 roles Audited access
Defense in depth

Five layers between an attacker and your data

A request is checked again at each layer on its way in. A failure in one layer does not silently open the next — and the innermost layer is the data itself.

  1. Hardened transport & headers

    Edge

    Every response is served over TLS with strict security headers — HSTS, nosniff, clickjacking and referrer protection.

  2. Authentication & role-based access

    App

    Signed-in users are mapped to one of ten roles that gate navigation and every page in the app.

  3. Per-company Row-Level Security

    Database

    Postgres enforces company scoping on every table, so a tenant can only ever reach its own rows.

  4. Row-locked money operations

    Database

    Invoices, payments, settlements and escrow move through secured routines that lock the rows they touch.

  5. Tamper-aware, fail-closed audit trail

    Core

    Privileged and sensitive actions are logged — and if the record cannot be written, the action is refused.

Each layer is enforced independently

How we protect your data

Security where it counts

Concrete protections the product enforces today — described honestly, with no certifications, uptime figures, or customer counts we have not earned.

Per-company data isolation

Every table enforces Postgres Row-Level Security scoped by company. A company only ever sees its own data — isolation is applied in the database, not just the app layer.

  • Row-Level Security on every table
  • Tenant scoping by company on all reads and writes
  • Cross-company access is denied by the database itself

Role-based access control

Ten roles map navigation, page gates, and database policies to what each person should see — from owner to driver.

  • Roles: owner, admin, dispatcher_manager, dispatcher, accounting, maintenance, hr, safety, read_only, driver
  • Role-aware navigation and page gates in the app
  • The same roles enforced again in Row-Level Security

Sensitive data protection

HR sensitive records are deny-by-default and reached only through an audited server-side funnel. Identifiers like SSNs are never sent to the browser.

  • Sensitive HR data is deny-by-default at the database
  • Reached only through an audited server-side funnel
  • SSNs are never serialized to the client

Money integrity

Financial movements run through secure database routines that lock the rows they touch — never ad-hoc multi-step edits that could drift or double-apply.

  • Invoices, payments, settlements, escrow move via secured routines
  • Row locks prevent races and double application
  • Numbering allocated atomically per scope

Audit trail

Sensitive actions are written to an audit log so privileged access and changes can be reviewed after the fact.

  • Sensitive and privileged actions are logged
  • Access to protected HR data is recorded
  • Designed so the trail survives the action it records

Hardened transport & headers

Responses are served with strict security headers to harden the browser session against common web attacks.

  • HSTS (HTTP Strict Transport Security)
  • Clickjacking protection: frame-ancestors none / X-Frame-Options
  • X-Content-Type-Options nosniff and a strict referrer policy
Principles

The rules we hold ourselves to

The same posture we apply when we build and review every feature.

Defense in depth

App-layer permission checks and database Row-Level Security must agree. A bug in one layer does not silently open the other.

Least privilege

Each role reaches only the data its job requires. Privileged cross-boundary writes go through an explicit, permission-checked funnel.

Fail closed

When a check or audit cannot complete, the action is refused rather than allowed without a record.

Enforced MFA for platform operators

Roadmap

We plan to hard-enforce multi-factor authentication for platform operators accessing the multi-company control center. This is on the roadmap and is not enforced today — we label it honestly rather than imply protection that is not yet live.

Want to walk through our security model?

We'll show you exactly how isolation, roles, and auditing work for your operation.

Request a demoContact sales