Security & Trust

Security Built for Carriers

Atlas Command runs the same freight your team does every day. We take security, privacy, and uptime seriously — and we design the product like we’re going to run our own fleet on it.

Atlas Command is an early-stage, AI-powered TMS. We’re not claiming every enterprise checkbox yet — but we are designing the platform from day one with encryption, isolation, and auditability as core requirements.

Platform Architecture

Cloud-Native Stack
Vercel + Supabase + Postgres
Atlas Command is hosted on modern, managed infrastructure:
  • Frontend hosted on Vercel with global CDN and automatic TLS.
  • Backend data stored in managed Postgres via Supabase.
  • Authentication, access control, and audit logs handled centrally.
Managed Postgres
Global CDN
Automatic TLS
We inherit physical and network security controls from these providers.
Tenant Isolation
Row-Level Security (RLS)
Each organization sees only its own data:
  • Row-Level Security policies enforced at the database level.
  • Every query is scoped by the current authenticated organization.
  • We test RLS as part of our normal development and QA flow.
Per-org isolation
Least privilege
We design features assuming multiple carriers share the same cluster.

Data Protection

Encryption
In transit & at rest
  • All traffic between your browser and Atlas Command uses HTTPS/TLS.
  • Database storage and backups leverage provider-level encryption at rest.
  • API keys, secrets, and credentials are stored in managed secret stores, not in code.
HTTPS/TLS
Encrypted backups
We never ask you to send credentials or documents over insecure channels.
Backups & Recovery
Operational resilience
  • Managed Postgres provides automated backups and point-in-time recovery options.
  • We monitor for deployment issues and can roll back to stable versions when needed.
  • Core operational data (loads, drivers, documents) is treated as critical.
Automated backups
Rollback capability
We’re building toward documented RPO/RTO targets as we grow.

Access & Authentication

User Authentication
Strong identity
  • User accounts are authenticated via Supabase Auth.
  • Multi-factor authentication (MFA) is supported and recommended for all admins.
  • Session handling is managed by the platform; we do not store plaintext passwords.
MFA support
Hashed credentials
Administrative access is limited to a small, audited set of accounts.
Role-Based Access
Team controls
  • Within an organization, roles determine who can view, create, or change data.
  • We separate administrative capabilities from day-to-day dispatch work.
  • As the product matures, more granular permissions will be exposed in the UI.
Org admins
Member roles
We aim to make permissioning predictable and easy to audit.

AI & Vendor Security

AI Processing
OpenAI & other providers
  • When you use AI features (OCR, lane recommendations, Dipsy the dispatch assistant), relevant data is sent securely to AI providers via API.
  • We configure providers such that API data is not used to train public models.
  • We minimize the data sent: only what’s necessary for the AI feature to work.
No public training
Scoped prompts
See the Privacy Policy for more details on AI data usage.
Third-Party Services
Careful integrations
  • We use third-party services only when they add clear value (e.g., email delivery, AI processing).
  • We review their security posture and documentation before integrating.
  • Access to your data is limited to what’s required for the service to function.
Scoped access
Vendor review
We aim to keep the vendor list small, focused, and transparent.

Compliance & Roadmap

Current State
Early stage, honest posture
  • Atlas Command is currently in beta and not yet certified under frameworks like SOC 2.
  • We are designing the product so that formal audits and certifications are achievable as we scale.
  • If you have specific compliance needs, we’re happy to discuss what’s in place today and what’s on the roadmap.
Use the contact form for security or compliance questions.
Data Residency & Regions
Where your data lives
  • Atlas Command currently runs in US-based cloud regions.
  • As we grow, we plan to support additional regions to address data residency requirements where appropriate.
  • We’ll update this page as regional options expand.
If data residency is critical for you, please reach out before onboarding.

This page is a high-level summary of how Atlas Command approaches security and trust. For details on data collection and usage, please see our Privacy Policy and Legal & Trust Center.