SubOps Trust
Trust

SubOps never holds FedEx portal credentials

The single most important trust commitment SubOps makes, and why it matters for your contractor agreement.

Last updated

What you get from this page

The single most important trust commitment SubOps makes, in writing: we never touch your FedEx portal credentials. This page tells you what that means in practice, why it matters under the contractor agreement, and which ingest paths are acceptable instead.

Why this matters

A FedEx Ground contractor's operating agreement and the underlying portal terms of service prohibit sharing portal credentials with third parties, prohibit automated login, and treat session cookies as your own protected materials. A vendor who asks you to hand over your MyGroundBiz password — even to "make it easier" — is asking you to violate that agreement and exposing you to operational risk if the vendor is breached. SubOps will never ask, even by accident.

The commitment, in plain English

Specifically:

  • No passwords. SubOps does not have a field, a vault, or a hidden setting for storing FedEx portal credentials. There is nowhere in the product to put one.
  • No automated logins. SubOps does not log into any FedEx portal on your behalf, headlessly or otherwise. We do not run scrapers, browser-automation scripts, or RPA bots against any FedEx surface.
  • No session cookies. SubOps does not hold session cookies, OAuth tokens, refresh tokens, or any session artifact harvested from a FedEx property. If a user pastes a session value into a support ticket, it is purged.
  • No proxy access. SubOps does not run a reverse proxy, "co-browse" tool, or pixel-streaming bridge into FedEx portals.

This is an architectural commitment, not a policy commitment. The product is built so that the credential question literally cannot come up.

Why this matters for your contractor agreement

The relevant portal terms of service prohibit:

  • Sharing credentials with third parties.
  • Automating access to the portal.
  • Using the portal in a manner not contemplated by the agreement.

Several contractors have asked whether a vendor that does any of the above could put their contracting relationship at risk. The short answer is: yes, and the conservative read is that the contractor — not the vendor — bears that risk. SubOps designed around that risk so you do not have to evaluate it.

How we get your data without portal access

The settlement audit, fuel ratio analysis, payroll reconciliation, and dispute workflow all work without portal scraping. Acceptable ingest paths are:

  1. Manual upload. Drag a settlement PDF, fuel CSV, or payroll export into the SubOps dashboard. The audit runs in roughly 60 seconds.
  2. Email forward. Each tenant gets a unique ingest address (for example, [email protected]). You forward the settlement notification email from MyGroundBiz to that address; SubOps detaches the PDF and runs the audit. The email pipeline does not log into any FedEx system to retrieve anything; you push, we receive.
  3. Bank or accounting connector (deposits only, not portal data). If you want SubOps to reconcile deposits against settlement gross, we can wire to your bank or accounting system through a read-only OAuth connector to that system. This is unrelated to portal access.

That is the full list. There are no other ingest paths in the product, and the team will not add a portal-scraping path. If you ever see a feature pitch that proposes one, the answer is no.

What this means for your team

  • Your owner/operator keeps their MyGroundBiz login in their own password manager, the way they always did. Nothing in SubOps asks for it.
  • The "first audit in 60 seconds" path is a single drag-and-drop of the settlement PDF. No portal connection step exists in onboarding.
  • If a SubOps support engineer ever asks for a portal credential to debug something, the answer is no, and that engineer should be reported to [email protected]. We have never asked, and we will not.

Common questions

What if I want SubOps to "just pull" the settlement so I don't have to upload? We will not build that path. The two-second drag-and-drop is the friction we accept to keep the commitment. Email forwarding is the closer alternative if you want it to feel automatic.

Does this apply to my fuel card portal too? No. WEX, Comdata, and other fuel-card portals are not FedEx-owned, and contractors generally consent to vendor data sharing in their fuel-card agreements. SubOps does support direct fuel-card data feeds where the customer-of-record (you) provisions the connector. We do not scrape; we do not store passwords; we use first-party API connectors only.

What about a future "FedEx integration"? There is no roadmap entry for one, and there will not be. If FedEx ships a public, contractor-consented API in the future, we will evaluate it on its own terms. Until then, "FedEx integration" is not on the table.

Next steps

  • See Data handling for the full data-flow detail.
  • See SOC 2 roadmap for the broader control posture.
  • If a vendor evaluation requires a written attestation of this commitment, contact us and we will provide one on letterhead.

Data handling at SubOps

What tenant data SubOps touches, what it never touches, and how it is protected end to end.

Sample Owner Brief

An annotated sample Owner Brief showing where every number comes from and what is dispute-eligible.

On this page

What you get from this pageWhy this mattersThe commitment, in plain EnglishWhy this matters for your contractor agreementHow we get your data without portal accessWhat this means for your teamCommon questionsNext steps