Security Overview

Last updated: 9 July 2026

Security is foundational to FleetBlocks. This overview summarizes the technical and organizational measures we use to protect your data.

1. Infrastructure

FleetBlocks runs on a globally distributed edge platform with managed databases, object storage and real-time connections. Infrastructure is provisioned with least-privilege access and isolated per service.

2. Encryption

  • All traffic is encrypted in transit with TLS.
  • Data at rest is encrypted by our cloud providers.
  • Document downloads use signed, time-limited links.

3. Access control

  • Role-based access control (RBAC) across every module, enforced on the server.
  • Every record is scoped to its organization to prevent cross-tenant access.
  • Passwords are stored only as salted PBKDF2 hashes; optional one-time codes and magic links are supported.
  • Bot protection guards authentication endpoints.

4. Application security

  • Strict input validation on every request.
  • Public API keys are hashed at rest, scoped, and rate-limited.
  • Audit logging of sensitive actions for accountability.

5. Data protection & backups

Customer data is logically separated per organization and backed up regularly. Our data handling is described in the Privacy Policy and Data Processing Addendum.

6. Responsible disclosure

We welcome reports from security researchers. If you believe you’ve found a vulnerability, please email security@fleetblocks.com with details and steps to reproduce. Please give us reasonable time to remediate before public disclosure, and avoid accessing data that isn’t yours.

7. Continuous improvement

We evolve our controls as the platform grows. This page is not a certification statement; it describes practices in place today and is updated as they change.