PackageX Security Standards
Our infrastructure
Data encryption
We encrypt all data sent from our server to your device (and vice-versa). We protect all access to the PackageX Servers with TLS v1.2 and above encryption over HTTPS. All data housed on PackageX servers is not shared with any 3rd party or used by PackageX in any manner, except by the user in the operation of the system. All data imported into or generated by PackageX remains the property of the user. We do not expose any insecure endpoints; all API calls are made over SSL or TLS, which effectively eliminates the possibility of eavesdroppers reading your data as it is sent over the network. We encrypt all data at rest on all our servers. We maintain all access logs and every action by every PackageX user. Secure deletion will occur upon written notification from the user.
Data storage
When your Mobile app is connected to a network, package records are stored in PackageX’s database. Backups are taken every day and stored off-site on our cloud service provider. Cloud Service Provider oversees the physical security of these facilities and tightly controls who has access. PackageX never stores customer data on local devices or any other internal network.
Data retention
PackageX stores your data 6 months while you are a customer unless defined separately in a contract. PackageX may retain customer data for up to 30 days after termination of the contract.
Device Security
The PackageX app balances security and usability to provide a fluid customer experience while protecting valuable information. PackageX does not store any PII (Personally Identifiable Information) on the mobile devices. PackageX is a native iOS and Android App, as a result all updates are approved by Apple and Google for security and compliance.
Reliability
Up time
We understand the importance of reliability and aspire to a 99.9% uptime. PackageX proactively protects against denial-of-service (DoS) attacks using WAF advanced distributed DoS protection. We continually monitor uptime of our application using Cloud Service Provider Tools and Services.
Infrastructure Security
Our primary infrastructure uses a Cloudmine backend which runs on Amazon's AWS platform, which has passed numerous third-party security audits and certifications including ISO, SOC2, HIPPA & FEDRAMP.
Additional verifications
OWASP ASVS Compliance
We have ensured the OWASP Application Security Verification Standards compliance while developing the PackageX applications. The application complies against relevant controls defined by OWASP ASVS. This advocates the security conscious development approach by PackageX.
Vulnerability testing
We seek out and proactively address vulnerabilities and exposures in PackageX’s code and dependencies through automated as well as manual vulnerability assessment tools, peer-review, and penetration tests. All public access to our applications is proxied through a Web Application Firewall, which detects and automatically blocks unexpected traffic.
Access management
PackageX makes it easy to centrally manage data and permissions for multiple facilities, no matter where you’re located. Role-based administration allows customers to provide the right PackageX access to specified team members on global- or location-specific levels.