Security

Last updated: July 15, 2026

Our approach

The portal carries operational freight data for many companies, so isolation and least-privilege access are designed in — not bolted on. This page summarizes the measures that protect your data.

Access control

  • Role-based access — every account has a role (UDTL admin, staff, account manager, customer admin, customer user) and only sees the screens and actions that role permits.
  • Organization isolation — customer data is separated per company and enforced at the database layer with row-level security, not just in application code. Users can additionally be restricted to only the orders assigned to them.
  • Account lifecycle — accounts are invitation-only; deactivating a user or company revokes portal access immediately.

Data protection

  • All traffic is encrypted in transit with TLS (HTTPS everywhere).
  • Data is encrypted at rest by our cloud database provider.
  • Passwords are never stored in plain text — authentication is handled by a dedicated identity service with industry-standard hashing.
  • Public tracking and rating links use unguessable tokens, expire automatically, and can be revoked by UDTL at any time.

Accountability

  • Sensitive actions — sign-ins, order changes, account changes, link sharing, notification sends — are recorded in an audit trail.
  • Email and SMS activity is logged, including suppressions when a recipient has unsubscribed.

Infrastructure

The portal runs on reputable cloud infrastructure with managed patching, backups and monitoring. We keep the software stack current and review dependencies for known vulnerabilities.

Reporting a concern

If you believe you’ve found a security issue, please email Dispatch@udtl.ca with the details. We appreciate responsible disclosure and will investigate promptly. Please don’t test against other customers’ data.