Security & trust

Your settlement data, encrypted, audited, and never used to train someone else's model.

SubOps reads settlement, payroll, and fuel data for FedEx Ground contractors. We never touch FedEx credentials, the AI never does math, and every dollar on every brief is traceable back to the source row. This page is the audit trail for that promise.

Credential posture

No FedEx login

Money math

Deterministic rules

Evidence

Source-linked rows

Trust commitments

The six promises we don't break.

Each one has a corresponding technical control. None of them are aspirational — they're how the product is built today.

SOC 2 roadmap from day one

Architected to the SOC 2 Type II control set. Type I audit window targeted post-pilot; Type II reporting is on the public roadmap.

Encryption at rest and in transit

All tenant data encrypted at rest. TLS 1.3 in transit. W-2 payroll fields tracked under tighter access than general financial data.

Audit log on every dollar

Every brief number, every finding, every dispute draft is timestamped and source-linked back to a row in your source documents.

No AI training on your data

Customer settlement, payroll, and fuel data are never used to train any model — ours or a third party's. Provider routing is configured zero-retention.

Tenant isolation

Each contractor is a separately keyed tenant. No cross-tenant reads, no cross-tenant writes, no shared analytics surface.

The math is auditable

The AI never does arithmetic. Every dollar runs through a deterministic TypeScript rules engine you can read, audit, and challenge.

The detail

Read the controls, not the claims.

Eight sections covering classification, encryption, audit log, AI posture, isolation, SOC 2 timing, FedEx separation, and how to report a security issue.

Data classification

We classify every field on ingest. Settlement totals, route revenue, and fuel costs are treated as general financial data — encrypted at rest, accessible to authorized users in your tenant.

W-2 payroll fields (driver name, SSN-last-four, gross pay, withholdings) are isolated under tighter access. Only the briefing engine and the audit-log reader can touch those rows, and every read is logged with actor, IP, and timestamp.

Encryption

All tenant data is encrypted at rest using AES-256 on the managed PostgreSQL cluster and on Spaces object storage. Transit security is TLS 1.3 end to end. Database backups are encrypted with the same keys and isolated to a separate region for disaster recovery.

Audit log

Every dollar that appears on an Owner Brief carries a source link back to the row in your uploaded source document. Every finding, dispute draft, and brief generation is timestamped and stored permanently as part of your account history.

You can export the entire audit log as CSV from your account settings at any time, with no retention cap.

No AI training on customer data

We do not use customer settlement, payroll, or fuel data to train models — our own or any third party's. AI provider calls are configured zero-retention where the provider supports it, and we never ship customer data into general-purpose training corpora.

The AI never computes money. Every dollar figure runs through a deterministic TypeScript rules engine. The AI only writes the narrative around numbers the rules engine already produced and sourced.

Tenant isolation

Each contractor is a separately keyed tenant. There are no shared queries, no cross-tenant analytics surface, and no support tooling that can read across tenants. Even our own support staff need explicit per-tenant access (audit-logged) to view your data.

SOC 2 roadmap

SubOps was architected to the SOC 2 Type II control set from day one — access controls, change management, vendor management, incident response, and continuous monitoring. We are targeting a Type I audit window after the pilot cohort, with Type II reporting on the public roadmap.

If your business requires a current SOC 2 report before signing, write to us; we share the roadmap and current control evidence under NDA.

No connection to FedEx systems

SubOps does not connect to MyGroundBiz, the FedEx network, or any FedEx API. We never scrape, never automate logins, and never integrate at the network level. All ingestion is manual upload of files you already have access to. This keeps you on the right side of the contractor agreement and keeps your data on your side of the wall.

Reporting a security issue

We take security reports seriously and respond within one business day. Email [email protected] with the details. We do not run a paid bug-bounty program at this stage, but we publicly credit researchers who report responsibly.

Still have questions?

Write to us. We answer security questions ourselves — no ticket queue, no sales filter.