FleetSpire Security Policy

1. Infrastructure Security

FleetSpire operates on secure cloud infrastructure with:

• Encrypted data storage
• Firewall-restricted database access
• Enforced HTTPS (TLS 1.2+)
• Automated security patching
• Encrypted backups
• Restricted administrative access

2. Authentication & Access Control

We enforce:

• Secure password hashing (bcrypt/argon2)
• Role-based access control (RBAC)
• Multi-tenant data isolation
• Token expiration policies
• Login rate limiting
• Audit logs for critical actions

3. Data Encryption

All sensitive data is:

• Encrypted in transit (HTTPS)
• Encrypted at rest where applicable
• Protected via strict database isolation

4. Communication Security

For in-app calling and messaging:

• Encrypted VoIP connections
• Webhook signature verification
• Controlled access to call recordings
• Recording consent management

5. Billing Security

• PCI-compliant payment processing via Stripe
• No raw credit card storage
• Webhook verification
• Secure subscription handling

6. Data Retention

FleetSpire provides configurable retention policies including:

• Call recording retention
• Document archival
• Account deletion procedures

7. Incident Response

In the event of a security incident:

• Immediate internal investigation
• Impact analysis
• Customer notification (if required)
• Remediation and monitoring