Atlas Bridge

Security & Trust

Your shipments and your data, protected by design.

Security is not a feature we sell — it is the floor. Here is exactly how we protect your account, your customers' data, and your compliance posture.

Encryption everywhere

All traffic is TLS 1.2+ in transit. Data is encrypted at rest with AES-256. Secrets and access tokens are stored encrypted, never in plaintext.

Row-level security

Every database table enforces row-level security. One customer can never read another customer’s data, even in the event of an application bug.

Strong authentication

Optional TOTP two-factor auth for your account. Compromised-password detection via HaveIBeenPwned on signup and password change. Staff access requires MFA.

Least-privilege access

Internal access follows least-privilege. Every administrative action is written to an immutable audit log you can export.

Sanctions screening

Every shipment is screened against OFAC, BIS, EU, UK, and UN denied-party lists — protecting you from inadvertent violations and keeping a permanent record.

Reputable infrastructure

Built on Supabase (Postgres), Vercel, and Stripe — providers with their own SOC 2 / ISO 27001 programs. We do not run our own data centers.

How we handle your data

  • We are a processor. For the personal data you submit (consignees, addresses), you are the controller and we process it only to provide the service. See our Data Processing Agreement.
  • You can export or delete. Pull your data as CSV any time, or delete your account and we purge it (backups within 90 days).
  • We never sell your data. No third-party advertising trackers, no data brokering. Ever.
  • Payment data stays with Stripe. Card numbers never touch our servers — Stripe handles PCI-DSS scope.

International & sub-processors

For EU/UK/Swiss data subjects, transfers are governed by the Standard Contractual Clauses. Our full, current list of sub-processors (Supabase, Vercel, Stripe, Shippo, Resend, Twilio, Anthropic) is published in our DPA, and we give 30 days' notice before adding or changing any.

Found a vulnerability?

We take reports seriously and will not pursue legal action against good-faith security research. Email security@atlasbridgelogistics.com with details and steps to reproduce. We aim to acknowledge within 2 business days.

On the roadmap

We believe in being straight about what is in place versus what is coming. A formal SOC 2 Type II program and SSO/SAML for Enterprise are on our roadmap. We are happy to walk Enterprise prospects through our current controls and timeline — reach out via contact.

Start shipping securely