Modern office with secure operations
Security & Data Protection

Security & Privacy

Your data security and privacy are our top priorities. Learn how we protect your information and maintain trust.

Data Encryption

End-to-end encryption for your sensitive information

In Transit

All data transmitted between your browser and our servers is encrypted using industry-standard TLS 1.3 protocol with 256-bit encryption.

At Rest

Your stored data is encrypted at rest using AES-256 encryption. Database backups are also encrypted with separate keys for enhanced security.

Authentication & Access Control

Secure authentication methods to protect your account

Secure Password Requirements

Passwords must meet minimum complexity requirements and are hashed using bcrypt with salt rounds before storage.

Session Management

Sessions automatically expire after 30 minutes of inactivity. Active monitoring prevents unauthorized access.

Role-Based Access Control

Your data is isolated and protected by Row Level Security (RLS) policies enforced at the database level. Users can only access their own routes and loads. Admin access is protected with RLS on admin user tables, ensuring even privileged accounts are subject to security policies.

SQL Injection Protection

All database functions use explicit search_path configurations to prevent SQL injection attacks. Our database security architecture includes parameterized queries and strict input validation across all endpoints.

Trusted Third-Party Services

We partner with industry-leading security providers

Supabase

PostgreSQL database with built-in security, backups, and row-level security policies.

Learn more →

Vercel

Enterprise-grade hosting with DDoS protection, automatic SSL, and global CDN.

Learn more →

Google Cloud

Maps API and geocoding services with enterprise security and compliance certifications.

Learn more →

Compliance & Standards

Committed to meeting industry security standards

GDPR Compliance

We respect user privacy rights and provide data portability and deletion upon request.

SOC 2 Preparation

We are actively working towards SOC 2 Type II certification to demonstrate our commitment to security.

Regular Security Audits

Our systems undergo regular security assessments using automated linting tools and manual code review. Most recently (October 2025), we executed comprehensive database security migrations to address identified vulnerabilities, achieving an 82% overall health score with all critical security issues resolved.

Responsible Disclosure Policy

Help us keep RouteAware secure for everyone

If you discover a security vulnerability, we encourage you to report it responsibly. We are committed to working with security researchers to verify and address potential vulnerabilities.

How to Report

  1. 1.Email detailed information to security@berouteaware.com
  2. 2.Include steps to reproduce the issue, potential impact, and any proof-of-concept code
  3. 3.Allow us 90 days to investigate and remediate before public disclosure
  4. 4.We will acknowledge your report within 48 hours and provide updates on our progress

What We Promise

  • We will not pursue legal action against researchers who follow responsible disclosure
  • Credit will be given to researchers who discover genuine vulnerabilities (if desired)
  • We will work with you to understand and address the issue promptly

Security Contact

For security-related questions, concerns, or to report vulnerabilities, please contact our security team directly.

security@berouteaware.com

Additional Resources

Privacy Policy →|Terms of Service →|Help & Setup Guide →|Contact Us →
Last updated: October 19, 2025