Your supplier list, product catalog, purchase orders, and shipment data are some of your most sensitive operational assets. We built CartonFlow assuming a competitor could be on the other side of the wall.
Optional client-side encryption. Your supplier and product names live encrypted on our servers — even CartonFlow staff can't decrypt them.
Every database read filters on your account ID at the query layer. Account A can't see Account B's data even in error scenarios.
Every action by you, your team, and our AI assistant is logged to an append-only audit table. Investigate any change later.
For tenants that turn it on, product names, ASINs, SKUs, and supplier names are encrypted in your browser before they reach our servers. The decryption key never leaves your device.
If we got subpoenaed, hacked, or had a rogue employee — there's nothing useful for them to read. The data on our database is opaque ciphertext.
Standard encryption everywhere, with stronger protection available for tenants who need it.
Every byte between you and CartonFlow flows over TLS 1.3. HSTS preload directive tells browsers to never connect over HTTP again.
Database storage is AES-256 encrypted at rest by default — the standard the U.S. government uses for top-secret data.
Passwords are hashed with Argon2id — the OWASP-recommended algorithm. Even if our database leaked, passwords stay protected.
TOTP-based 2FA for any account that wants it. Required setting available for accounts with elevated permissions.
Multi-tenant architecture done right: isolation enforced at the lowest possible layer, not after-the-fact in application code.
Every read filters on your tenant ID. Even an internal bug can't accidentally show one customer's data to another.
Short-lived signed tokens carry your authentication. Revocable instantly via password change or 2FA reset.
Owner, distributor, 3PL partner, and read-only roles — each only sees what their job requires.
Internal access to production infrastructure is gated, MFA-enforced, and recorded in an immutable audit log.
Short answer: no. Here's why we're confident saying that.
CartonFlow integrates with Amazon Selling Partner API through Amazon's standard OAuth flow. You explicitly authorize the connection from your Seller Central account; you can revoke it anytime.
Every B2B service relies on vendors. We pick ones we trust, with regions and purposes clearly defined. Updated as our stack evolves.
We notify customers via email and update this page at least 30 days before adding a new subprocessor. View the full subprocessor list →
Real security is the process behind the product. Here's how we operate.
Documented runbook for security incidents. Affected customers notified within 72 hours per industry standard. Post-incident report published within 7 days.
Dependencies scanned weekly via Dependabot. Critical CVEs patched within 7 days; high-severity within 30. Reviewed and tracked in a public-style log.
Daily automated database backups. Restore drills run quarterly to verify backups are usable. Point-in-time recovery available for the last 7 days.
Found a vulnerability? Report it safely to [email protected]. We respond within 2 business days and won't pursue legal action against good-faith research. Read the full disclosure policy →
Every action that changes your data is recorded — who did it, when, from what IP, what was the before/after. Available to account owners on request.
DPA available on request for any customer needing one for GDPR, CCPA, or internal procurement. Email [email protected].
We'd rather tell you exactly where we are than imply we have certifications we don't. Here's the honest picture.
Data subject rights honored: access, correction, export, deletion. EU customers supported with SCCs in our DPA.
California consumer privacy rights honored. We don't sell your data and never have.
We're not yet SOC 2 certified. If your procurement requires it, talk to us — we'll share our timeline and the controls we've already implemented from the framework.
No third-party pen test report yet. Enterprise customers can request our internal security review and threat model under NDA.
Or need a DPA, security questionnaire response, or pen-test report under NDA?