Security

Security Built Into Every Layer

From anti-spoofing protection to database-level tenant isolation, HaulGuardr is built with security as a foundational requirement, not an afterthought.

6-Layer Anti-Spoofing

Every photo submission passes through six independent checks to detect manipulation, fraud, and spoofing attempts.

EXIF Metadata Analysis

Checks photo metadata for device, timestamp, and GPS data. Detects screenshots, downloads, and edits.

GPS Coordinate Validation

Compares photo GPS against expected checkpoint location. Flags submissions from wrong locations.

Timestamp Consistency

Validates photo timestamps align with the session window. Catches pre-taken or recycled photos.

Image Quality Checks

Analyzes resolution, blur, and lighting to ensure photos are genuine, not photos of photos.

Device Fingerprinting

Tracks device characteristics to detect shared devices or suspicious submission patterns.

Behavioral Analysis

Monitors timing, sequence, and interaction patterns to flag automated or scripted attempts.

Platform Security

Multi-Tenant Row-Level Security

PostgreSQL RLS ensures complete data isolation between organizations. Every query is automatically scoped to the authenticated tenant. No cross-tenant data leakage is possible at the database level.

HMAC Webhook Authentication

All inbound webhooks (ELD, IoT) are verified with HMAC signatures. Invalid signatures are rejected before processing, preventing spoofed data injection.

API Key Security

API keys are hashed and stored securely. Keys are scoped to specific tenants and roles with configurable permissions and expiry.

Security Headers

Strict Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers on all responses.

14 Role Types

Granular RBAC with 6 base roles and 8 portal-specific roles. Each role defines exactly what data can be viewed, modified, and exported.

Password & Session Security

Bcrypt password hashing, 2FA support with backup codes, nonce-based session management, and automatic session expiry.

Additional Security Measures

TLS encryption on all data in transit

Encrypted verification links with expiry

One-time passwords for driver verification

VoIP phone detection to flag virtual numbers

Audit logging for every action and access

Consent capture and compliance tracking

STOP/HELP SMS keyword support

Configurable data retention policies

Nonce-based session management

2FA with backup code support

Rate limiting on authentication endpoints

CSP headers restricting script sources

Security Inquiries

For security-related questions, vulnerability reports, or to discuss HaulGuardr's security practices, contact our team.

security@haulguardr.com

Questions about security?

Schedule a demo to see HaulGuardr's security architecture firsthand.