Security
Last updated: July 15, 2026
Our approach
The portal carries operational freight data for many companies, so isolation and least-privilege access are designed in — not bolted on. This page summarizes the measures that protect your data.
Access control
- Role-based access — every account has a role (UDTL admin, staff, account manager, customer admin, customer user) and only sees the screens and actions that role permits.
- Organization isolation — customer data is separated per company and enforced at the database layer with row-level security, not just in application code. Users can additionally be restricted to only the orders assigned to them.
- Account lifecycle — accounts are invitation-only; deactivating a user or company revokes portal access immediately.
Data protection
- All traffic is encrypted in transit with TLS (HTTPS everywhere).
- Data is encrypted at rest by our cloud database provider.
- Passwords are never stored in plain text — authentication is handled by a dedicated identity service with industry-standard hashing.
- Public tracking and rating links use unguessable tokens, expire automatically, and can be revoked by UDTL at any time.
Accountability
- Sensitive actions — sign-ins, order changes, account changes, link sharing, notification sends — are recorded in an audit trail.
- Email and SMS activity is logged, including suppressions when a recipient has unsubscribed.
Infrastructure
The portal runs on reputable cloud infrastructure with managed patching, backups and monitoring. We keep the software stack current and review dependencies for known vulnerabilities.
Reporting a concern
If you believe you’ve found a security issue, please email Dispatch@udtl.ca with the details. We appreciate responsible disclosure and will investigate promptly. Please don’t test against other customers’ data.
