How we protect your settlement, payroll, and fuel data.

We classify every field on ingest. Settlement totals, route revenue, and fuel costs are treated as general financial data — encrypted at rest, accessible to authorized users in your tenant.

W-2 payroll fields (driver name, SSN-last-four, gross pay, withholdings) are isolated under tighter access. Only the briefing engine and the audit-log reader can touch those rows, and every read is logged with actor, IP, and timestamp.

All tenant data is encrypted at rest using AES-256 on the managed PostgreSQL cluster and on Spaces object storage. Transit security is TLS 1.3 end to end. Database backups are encrypted with the same keys and isolated to a separate region for disaster recovery.

Every dollar that appears on an Owner Brief carries a source link back to the row in your uploaded source document. Every anomaly detection, dispute draft, and brief generation is timestamped and stored permanently as part of your account history.

You can export the entire audit log as CSV from your account settings at any time, with no retention cap.

We do not use customer settlement, payroll, or fuel data to train models — our own or any third party’s. AI provider calls are configured zero-retention where the provider supports it, and we never ship customer data into general-purpose training corpora.

The AI never computes money. Every dollar figure runs through a deterministic TypeScript rules engine. The AI only writes the narrative around numbers the rules engine already produced and sourced.

Each contractor is a separately keyed tenant. There are no shared queries, no cross-tenant analytics surface, and no support tooling that can read across tenants. Even our own support staff need explicit per-tenant access (audit-logged) to view your data.

SubOps was architected to the SOC 2 Type II control set from day one — access controls, change management, vendor management, incident response, and continuous monitoring. We are targeting a Type I audit window after the pilot cohort, with Type II reporting on the public roadmap.

If your business requires a current SOC 2 report before signing, write to us; we share the roadmap and current control evidence under NDA.

SubOps does not connect to MyGroundBiz, the FedEx network, or any FedEx API. We never scrape, never automate logins, and never integrate at the network level. All ingestion is manual upload of files you already have access to. This keeps you on the right side of the contractor agreement and keeps your data on your side of the wall.

We take security reports seriously and respond within one business day. Email [email protected] with the details. We do not run a paid bug-bounty program at this stage, but we publicly credit researchers who report responsibly.