Security & trust
Your settlement data, encrypted, audited, and never used to train someone else's model.
SubOps reads settlement, payroll, and fuel data for FedEx Ground contractors. We never touch FedEx credentials, the AI never does math, and every dollar on every brief is traceable back to the source row. This page is the audit trail for that promise.
Credential posture
No FedEx login
Money math
Deterministic rules
Evidence
Source-linked rows
Choose your review path.
Three ways into the same control set, sorted by what you need to verify first.
I'm a lender doing diligence
Data handling & isolation
Where settlement and payroll data lives, who can read it, how it's encrypted, and what evidence we keep. Start with the trust commitments below, then read the engineering deep-dive.
Read trust commitments
I'm a partner reviewing
SOC 2 posture & vendor controls
Our SOC 2 Type II control set is in place from day one. We share the roadmap, current control evidence, and our subprocessor list under NDA.
Request control evidence
I'm a prospective contractor
What we will (and won't) do with your data
We don't connect to MyGroundBiz. We don't store FedEx logins. We don't train models on your numbers. We do show you every dollar and let you export everything.
See the commitments
Trust commitments
The six promises we don't break.
Each one has a corresponding technical control. None of them are aspirational — they're how the product is built today.
SOC 2 roadmap from day one
Architected to the SOC 2 Type II control set. Type I audit window targeted post-pilot; Type II reporting is on the public roadmap.
Encryption at rest and in transit
All tenant data encrypted at rest. TLS 1.3 in transit. W-2 payroll fields tracked under tighter access than general financial data.
Audit log on every dollar
Every brief number, every finding, every dispute draft is timestamped and source-linked back to a row in your source documents.
No AI training on your data
Customer settlement, payroll, and fuel data are never used to train any model — ours or a third party's. Provider routing is configured zero-retention.
Tenant isolation
Each contractor is a separately keyed tenant. No cross-tenant reads, no cross-tenant writes, no shared analytics surface.
The math is auditable
The AI never does arithmetic. Every dollar runs through a deterministic TypeScript rules engine you can read, audit, and challenge.
The detail
Read the controls, not the claims.
Eight sections covering classification, encryption, audit log, AI posture, isolation, SOC 2 timing, FedEx separation, and how to report a security issue.
Data classification
We classify every field on ingest. Settlement totals, route revenue, and fuel costs are treated as general financial data — encrypted at rest, accessible to authorized users in your tenant.
W-2 payroll fields (driver name, SSN-last-four, gross pay, withholdings) are isolated under tighter access. Only the briefing engine and the audit-log reader can touch those rows, and every read is logged with actor, IP, and timestamp.
Encryption
All tenant data is encrypted at rest using AES-256 on the managed PostgreSQL cluster and on Spaces object storage. Transit security is TLS 1.3 end to end. Database backups are encrypted with the same keys and isolated to a separate region for disaster recovery.
Audit log
Every dollar that appears on an Owner Brief carries a source link back to the row in your uploaded source document. Every finding, dispute draft, and brief generation is timestamped and stored permanently as part of your account history.
You can export the entire audit log as CSV from your account settings at any time, with no retention cap.
No AI training on customer data
We do not use customer settlement, payroll, or fuel data to train models — our own or any third party's. AI provider calls are configured zero-retention where the provider supports it, and we never ship customer data into general-purpose training corpora.
The AI never computes money. Every dollar figure runs through a deterministic TypeScript rules engine. The AI only writes the narrative around numbers the rules engine already produced and sourced.
Tenant isolation
Each contractor is a separately keyed tenant. There are no shared queries, no cross-tenant analytics surface, and no support tooling that can read across tenants. Even our own support staff need explicit per-tenant access (audit-logged) to view your data.
SOC 2 roadmap
SubOps was architected to the SOC 2 Type II control set from day one — access controls, change management, vendor management, incident response, and continuous monitoring. We are targeting a Type I audit window after the pilot cohort, with Type II reporting on the public roadmap.
If your business requires a current SOC 2 report before signing, write to us; we share the roadmap and current control evidence under NDA.
No connection to FedEx systems
SubOps does not connect to MyGroundBiz, the FedEx network, or any FedEx API. We never scrape, never automate logins, and never integrate at the network level. All ingestion is manual upload of files you already have access to. This keeps you on the right side of the contractor agreement and keeps your data on your side of the wall.
Reporting a security issue
We take security reports seriously and respond within one business day. Email [email protected] with the details. We do not run a paid bug-bounty program at this stage, but we publicly credit researchers who report responsibly.
Still have questions?
Write to us. We answer security questions ourselves — no ticket queue, no sales filter.