TruckZen

This page describes the security posture of the TruckZen Service at a high level. It is not a certification statement. We do not claim third-party audit certifications or guarantees.

Access

• Role-based access. Application features are gated by roles. A user only sees the surfaces their role allows.
• Shop and tenant scoping. Data is scoped to the shop / tenant a user belongs to. Cross-shop reads from a non-administrator account are not permitted by the API surface.
• Authentication. Sign-in flows include password reset, two-factor authentication, and login monitoring (failed-attempt visibility and IP throttling for repeat failures).

Audit and accountability

• Sensitive administrative actions are recorded in internal activity logs where applicable so a shop owner / platform owner can review what changed.
• Policy acceptance (Terms / Privacy) is recorded server-side per user.

Backups and retention

• The database is backed up on a regular schedule. Backups have a bounded retention window and are monitored for completion / failure.
• Soft-deleted records have a finite Trash window; rows older than the configured window are eligible for hard-deletion. See the Privacy Policy for the broader retention framework.

Error monitoring

• The Service uses a third-party error-monitoring provider (Sentry) for sanitized error and performance telemetry.
• Default personal-information collection is suppressed; session-replay capture is disabled; URL query strings are sanitized before transmission.
• Optional diagnostics are user-controllable from the Cookie Preferences Center.

Reporting a concern

If you believe you have found a vulnerability, an account compromise, or a data-handling issue, email support@truckzen.pro. Please include what you observed, when, and (if you reproduced it) the smallest set of steps. Do not include third-party data you do not own.