Skip to main content
◉ Security & Compliance

Built for freight that
can't go missing.

Mid-sized shippers — pharma, electronics, regulated chemicals — ask the same four questions before they trust any new marketplace. Here are the answers, with the operational details behind each one.

01 — Pillar

Carrier identity

  • FMCSA SAFER cross-check on every onboard. Active broker / motor-carrier authority required.
  • In-house identity & liveness KYC. Government ID + multi-frame selfie + Claude Vision pre-review.
  • BMC-84 surety bond active on the broker authority (CVS Logistics LLC, MC-123033).
  • No anonymous carriers. Public surfaces (e.g. /trucks landing) anonymise coordinates and never expose carrier names.
02 — Pillar

Payments & escrow

  • Stripe Connect platform model. Funds held in escrow at post-time, never on our balance sheet.
  • Release on proof-of-delivery. Standard ACH settlement is two business days to the carrier.
  • Application-fee enforcement at the gateway level — flat 5 % is non-negotiable per load.
  • PCI-DSS handled by Stripe end-to-end. Card data never touches our infrastructure.
03 — Pillar

Data & infrastructure

  • TLS 1.2+ on every endpoint, HSTS preload eligible, modern security headers.
  • Auth via HttpOnly Set-Cookie. JWTs are 24-hour and rotate on password change. WebSocket auth via subprotocol, not query string.
  • Per-microservice nginx routing with rate limits on auth endpoints (10/min on /login, lockout after 10 failures in 15 minutes).
  • Daily Postgres backups with 30-day retention. Stripe webhooks HMAC-verified, fail-closed when secret missing.
04 — Pillar

Privacy & marketplace controls

  • No public load board. Shippers see only their own loads; carriers see only matched offers routed to them.
  • Shipper rate posts are private — competitors cannot scrape pricing.
  • Cross-tab logout via BroadcastChannel. localStorage cleared on sign-out so a shared device doesn't leak the next user.
  • DEMO accounts are isolated at the matching layer — they can never offer to or appear in real shippers'/carriers' workflows.

Have a security question we missed?

Compliance, SOC2 status, vendor questionnaires — email security@gethauldirect.com. We answer within one business day with the controls you need to clear procurement.

Post your first load →