Security and Trust
Public security, data handling, credential, and SOC 2 posture for SubOps.
Last updated
Security and Trust
SubOps audits sensitive operating data for logistics service providers: settlements, contract pay tables, payroll CSVs, fuel CSVs, vehicle records, and repair invoices. This page is the public evergreen trust summary. Internal implementation detail belongs in docs/internal/technical-architecture.md; this page stays vendor-diligence friendly.
Commitments
- SubOps does not require FedEx portal credentials, session cookies, or shared mailbox credentials for the core audit workflow.
- Customer documents are not used to train shared AI models.
- Every tenant is isolated at the application and database boundary.
- Every dollar surfaced in the product is computed by deterministic code and tied to source evidence.
- AI is used for extraction fallback, classification, explanation, and drafting around locked values; AI does not compute financial values.
- Production logs must redact secrets, payment data, payroll values, and sensitive tenant fields.
Data handled
| Data | Purpose | Notes |
|---|---|---|
| Settlement PDFs | Extraction, reconciliation, variance review | Source references point back to page, row, and line context where available. |
| Contract pay tables | Expected-rate authority | Rate-backed findings stay limited until rates are confirmed. |
| Payroll CSVs | Margin and FLSA preview workflows | W-2 payroll data is sensitive and role-gated. |
| Fuel CSVs | Fuel ratio and surcharge review | Used for route and weekly owner-brief context. |
| Vehicle and invoice records | Fleet maintenance, parts, and invoice audit | Connected to route margin only through deterministic allocation. |
Hosting and subprocessors
SubOps is hosted on DigitalOcean App Platform with DigitalOcean Managed Postgres, Managed Valkey, and Spaces object storage. Authentication is handled by Clerk. Payments are handled by Stripe. Email delivery uses Microsoft Graph. AI provider calls route through the centralized provider layer documented internally; OpenAI direct is used for native-file extraction, repair invoice OCR, structured outputs, and embeddings where required.
SOC 2 posture
SubOps is not currently SOC 2 Type II certified. The control posture is being built around tenant isolation, source-to-output traceability, least-privilege access, secret handling, audit logs, and incident response. Trust portal evidence should be shared under NDA when requested; do not overstate certification status in public copy.
Evaluator FAQ
Do you store FedEx credentials? No. The product works from files and forwarded artifact emails. It does not store FedEx portal passwords.
Can an LLM change a dollar amount? No. Structured extraction can emit candidate line items, but reconciliation and variance math run in deterministic TypeScript.
Can one customer see another customer's data? No. Tenant scoping is a product and database invariant. Cross-tenant reads require explicit authorization.
Do you guarantee recovery? No. SubOps identifies evidence-backed findings and helps operators review, dispute, or dismiss them. It does not guarantee carrier reimbursement.