🔒
Encrypted in transit & at rest
Your data travels over TLS/HTTPS and is stored with AES-256 encryption in a managed Postgres database. It's never sent or kept in the clear.
🧱
Per-tenant data isolation
Every company's data is scoped to its own organization and filtered on every request. One tenant can never see another's drivers, tickets, carriers, or finances.
🔑
Access-controlled portals
Each area — your TMS, the Carrier Clearance Bureau, and the Sales portal — is separately locked behind its own PIN/login. Staff only reach what they're cleared for.
Sensitive actions are logged — who did what, and when — so you always have an answer for an audit or a dispute.
💾
Daily backups + recovery
Your database is backed up daily with point-in-time recovery, so your operation's records are protected against loss.
🏛️
Certified infrastructure
We run on SOC 2 / ISO 27001-certified cloud infrastructure (AWS), and card payments go through Stripe (PCI DSS Level 1) — we never store card numbers.
Strict transport security (HSTS), clickjacking and content-type protections, and a locked-down permissions policy are enforced on every response.
We publish a security contact and welcome researchers to report anything they find, so issues reach us fast and get fixed.
On SOC 2 & ISO 27001
We'll be straight with you: MoveAround is not formally certified yet — and we'll never claim a badge we don't hold. What we have done is build to the standard. We've implemented the technical and policy controls SOC 2 and ISO 27001 look for — encryption, per-tenant isolation, access control, audit logging, change management, incident response, and vendor risk management — and documented them. Formal certification is actively in progress.
Our underlying infrastructure is already independently certified: our cloud host and database run on SOC 2 / ISO 27001-certified platforms (AWS), and payments run through Stripe (PCI DSS Level 1). Need our security overview or a questionnaire completed? Ask your rep — we'll turn it around.