TZTruckZen
PrivacyTermsCookiesSecurity

TruckZen legal

Security

A high-level summary of how TruckZen handles access, scoping, audit, backups, and operational monitoring.

Last updated: June 2026Applies to TruckZen ServiceOperational policy

Contents

01Security overview02Access03Audit and accountability04Backups and retention05Operational monitoring06Reporting a concern
01

Scope

Security overview

This page describes the security posture of the TruckZen Service at a high level. It is not a certification statement and does not claim third-party audit certifications or guarantees.

02

Controls

Access

  • Role-based access. Application features are gated by roles. Users only see the surfaces their role allows.
  • Shop and tenant scoping. Data is scoped to the shop or tenant a user belongs to. Cross-shop reads from a non-administrator account are not permitted by the API surface.
  • Authentication. Sign-in flows include password reset, two-factor authentication, failed-attempt visibility, and IP throttling for repeat failures.
03

Traceability

Audit and accountability

  • Sensitive administrative actions are recorded in internal activity logs where applicable so a shop owner or platform owner can review what changed.
  • Policy acceptance for Terms, Privacy, and related required policies is recorded server-side per user.
  • Security diagnostics avoid raw credentials, authorization headers, request bodies, API keys, tokens, and full URLs.
04

Recovery

Backups and retention

  • The database is backed up on a regular schedule. Backups have a bounded retention window and are monitored for completion and failure.
  • Soft-deleted records have a finite Trash window; rows older than the configured window are eligible for hard deletion.
  • See the Privacy Policy for the broader retention framework.
05

Runtime

Operational monitoring

  • The AWS production runtime uses AWS operational logs and alarms for service diagnostics.
  • Sentry diagnostics are sanitized, and optional diagnostics are user-controllable from the Cookie Preferences Center.
  • Public error pages show an opaque incident identifier instead of raw exception detail.
06

Contact

Reporting a concern

If you believe you found a vulnerability, account compromise, or data-handling issue, email support@truckzen.pro. Include what you observed, when it happened, and the smallest set of reproduction steps. Do not include third-party data you do not own.