Security

1. Overview

At FlexOps, LLC ("FlexOps", "we", "us", or "our"), security is a top priority. We are committed to protecting your data and maintaining the highest standards of security across our platform and services.

This Security page outlines our security practices, measures, and commitments to keeping your information safe and secure.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) 1.2 or higher. This ensures that your data cannot be intercepted or read by unauthorized parties during transmission.

2.2 Encryption at Rest

All sensitive data stored in our databases is encrypted at rest using AES-256 encryption. This includes customer information, shipping data, and other confidential data.

2.3 Key Management

Encryption keys are managed using secure key management systems and are never stored alongside the encrypted data. Access to encryption keys is strictly controlled and monitored.

3. Access Controls

3.1 Authentication

We implement strong authentication mechanisms including:

• Multi-factor authentication (MFA) for administrative access
• Password complexity requirements
• Session management and timeout controls
• Secure password hashing using industry-standard algorithms

3.2 Authorization

Access to customer data is restricted based on the principle of least privilege. Employees and contractors only have access to the minimum data and systems necessary to perform their job functions.

3.3 Access Monitoring

All access to systems and data is logged and monitored. We regularly review access logs to detect and respond to any unauthorized access attempts.

4. Infrastructure Security

4.1 Cloud Infrastructure - Microsoft Azure

Our services are hosted on Microsoft Azure, providing enterprise-grade cloud infrastructure with redundant systems, automated backups, and global availability. We leverage Azure's security features, compliance certifications, and built-in security controls.

Azure Compliance Certifications: Azure maintains numerous compliance certifications that benefit our services, including:

• SOC 1 Type II, SOC 2 Type II, SOC 3
• ISO 27001, ISO 27017, ISO 27018
• PCI DSS Level 1 (for payment processing)
• HIPAA, HITECH (for healthcare data if applicable)
• GDPR compliance (EU Model Clauses)
• FedRAMP, NIST 800-53 (for government customers)

Data Residency: Customer data is stored in Azure data centers located in the United States. We can accommodate data residency requirements for international customers upon request. All data transfers comply with applicable data protection laws, including GDPR Standard Contractual Clauses (SCCs) for international transfers.

Azure Security Services: We utilize Azure's comprehensive security services including:

• Azure Key Vault for encryption key management
• Azure Security Center for threat protection
• Azure DDoS Protection for network security
• Azure Active Directory for identity and access management
• Azure Monitor and Application Insights for security monitoring
• Azure Backup and Site Recovery for data protection

Uptime Target: We maintain a 99.9% uptime target for our core services. Our infrastructure is designed with redundancy and failover capabilities to minimize downtime and ensure service availability.

4.2 Network Security

Our network infrastructure is protected by Azure firewalls, intrusion detection systems, and DDoS mitigation services. We regularly update and patch our systems to address security vulnerabilities.

4.3 System Hardening

All systems are hardened according to security best practices, including:

• Regular security updates and patches
• Removal of unnecessary services and software
• Configuration of security policies and controls
• Regular security audits and assessments

5. Application Security

5.1 Secure Development

We follow secure software development practices including:

• Code reviews and security testing
• Vulnerability scanning and penetration testing
• Dependency management and security updates
• Input validation and output encoding

5.2 API Security

Our APIs are secured using authentication tokens, rate limiting, and request validation. API keys are managed securely and can be revoked at any time.

5.3 Third-Party Security

We carefully vet and monitor third-party services and integrations. All third-party providers must meet our security standards and are subject to regular security assessments.

6. Carrier API Approvals

FlexOps maintains approved API integrations with major shipping carriers. All carrier integrations are authorized, comply with carrier terms of service, and meet carrier security requirements.

7. Data Protection

6.1 Data Backup

We maintain regular automated backups of all critical data. Backups are encrypted and stored in geographically distributed locations to ensure data availability and recovery.

Restore Testing: We regularly test our backup and restore procedures to ensure data can be recovered quickly and accurately in the event of data loss or system failure. Our restore testing includes both automated and manual verification processes.

6.2 Data Retention

We retain data only for as long as necessary to provide our services and comply with legal obligations. Data is securely deleted when it is no longer needed.

6.3 Data Isolation

Customer data is logically and physically isolated to prevent unauthorized access. Each customer's data is segregated to ensure privacy and security.

8. Incident Response

7.1 Security Monitoring

We continuously monitor our systems for security threats, anomalies, and potential breaches. Our security operations team is available 24/7 to respond to security incidents.

7.2 Incident Response Plan

We maintain a comprehensive incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. This plan is regularly tested and updated.

7.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities in accordance with applicable laws and regulations.

9. System Status and Availability

We maintain a public status page where you can check the real-time status of our services, view uptime history, and receive updates about any incidents or maintenance.

10. Compliance and Certifications

We are committed to maintaining compliance with relevant security standards and regulations, including:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• Industry best practices and security frameworks

We regularly undergo security assessments and audits to ensure ongoing compliance and identify areas for improvement.

11. Payment Security

Payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We do not store or process credit card information directly. All payment data is encrypted and handled securely by Stripe.

For more information about Stripe's security practices, please visit Stripe's Security page.

12. Security Best Practices for Users

We recommend that users take the following steps to enhance their account security:

• Use a strong, unique password for your account
• Enable multi-factor authentication when available
• Keep your account credentials confidential
• Regularly review your account activity
• Log out of your account when using shared devices
• Keep your devices and browsers updated

13. Security Updates

We regularly update our security practices and may modify this Security page to reflect changes in our security measures, technologies, or legal requirements. We will notify users of any material changes to our security practices.

14. Reporting Security Issues

If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately. We take security issues seriously and will investigate and address them promptly.

15. Contact Us

If you have questions about our security practices or this Security page, please contact us at: