Is your data secure?
A fair question, and one we take seriously. Here is exactly how Shiporah protects your business data.
Encryption everywhere
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256 on Supabase-hosted PostgreSQL (AWS). Shipment records, client details and financial figures are never stored in plain text.
Complete data isolation
Each client operates in their own dedicated database — no shared table or schema between tenants. It is architecturally impossible for one client's data to be seen by another.
Secure authentication
Authentication is powered by Supabase Auth with JWTs signed using RS256. Sessions expire automatically and refresh tokens rotate on each use. Role-based access (Owner / Marketing / Logistics) keeps users to what their job needs.
Cloud-grade infrastructure
The API runs on Microsoft Azure App Service and the frontend on Azure Static Web Apps — backed by Microsoft's global infrastructure with built-in DDoS protection, automatic scaling, and a 99.9% uptime SLA.
Automated backups
Your database is backed up automatically on a regular schedule. Generated reports are stored in Supabase Storage (S3-backed object storage) and stay permanently accessible for approved shipments.
Full audit trail
Every session is logged with sign-in time, last activity and sign-out. Critical actions like shipment approval and report generation are tracked — so you always know who did what and when.
Our commitment
We treat your trade data with the same confidentiality you'd expect from a trusted business partner. We do not sell, share, or analyse your shipment or client data for any purpose beyond operating the service for you. If you have specific compliance requirements or security questions, email info@shiporah.com — we're happy to discuss.