Infrastructure Security

TraxQ is hosted on Google Cloud Platform (GCP), leveraging the same secure infrastructure that powers Google's own services.

• Data Centers: Our servers are located in Tier IV data centers with 24/7 physical security, biometric access controls, and redundant power systems.
• Network Protection: We utilize Virtual Private Clouds (VPCs) to isolate our network. All ingress traffic is filtered through a Web Application Firewall (WAF) to block SQL injection, XSS, and other common attacks.
• DDoS Mitigation: Automated defenses protect against Distributed Denial of Service (DDoS) attacks to ensure high availability.

Data Encryption

We protect your data throughout its lifecycle using industry-standard encryption protocols.

• In Transit: All data transmitted between your browser/mobile app and our servers is encrypted using TLS 1.2 or higher (Transport Layer Security). We score an "A+" on Qualys SSL Labs tests.
• At Rest: Data stored in our databases, file storage, and backups is encrypted using AES-256 encryption.
• Key Management: Encryption keys are managed via a secure Key Management Service (KMS) with strict rotation policies.

Authentication & Access Control

Ensuring that only authorized users can access your organization's data.

• Secure Authentication: We use secure, token-based authentication (JWT/OAuth) for session management. Passwords are never stored in plain text; they are salted and hashed using bcrypt/Argon2.
• Role-Based Access Control (RBAC): Granular permission settings allow you to define exactly what your dispatchers, drivers, and accountants can see and do.
• Internal Access: TraxQ employees do not have access to customer data unless explicitly required for support purposes and authorized by the customer. All internal access is logged and audited.

Application Security

Security is integrated into our software development lifecycle (SDLC).

• Code Reviews: All code changes undergo mandatory peer review and automated static analysis (SAST) to identify vulnerabilities before deployment.
• Vulnerability Scanning: We perform regular automated scanning of our dependencies and infrastructure to identify and patch security flaws.
• Penetration Testing: We engage third-party security firms to perform periodic penetration tests of our application and API.

Reliability & Disaster Recovery

We ensure your business keeps moving, even when the unexpected happens.

• Backups: Database backups are performed continuously and stored in multiple geographic locations to prevent data loss.
• Redundancy: Critical system components are deployed across multiple availability zones to ensure resilience against hardware failures.
• Uptime: We maintain a 99.9% uptime SLA. Status updates are publicly available at status.traxq.com.

Vulnerability Reporting

If you believe you have found a security vulnerability in TraxQ, please contact our security team immediately at security@traxq.com. We appreciate your help in keeping our platform safe and will respond to valid reports promptly.

Security Policy and Disclaimers

Last updated: 1/15/2026

This Security Policy ("Policy") describes the security practices of TraxQ LLC ("TraxQ," "we," "our," or "us") and important disclaimers and limitations of liability regarding the security of the TraxQ platform and services. By using TraxQ, you acknowledge and agree to the terms set forth in this Policy.

1. No Absolute Security Guarantee

1.1. Inherent Risks: WHILE WE IMPLEMENT REASONABLE SECURITY MEASURES TO PROTECT YOUR DATA, NO METHOD OF TRANSMISSION OVER THE INTERNET, METHOD OF ELECTRONIC STORAGE, OR SECURITY SYSTEM IS 100% SECURE. THE NATURE OF INTERNET COMMUNICATIONS AND DATA STORAGE MEANS THAT WE CANNOT GUARANTEE OR WARRANT THE ABSOLUTE SECURITY OF ANY INFORMATION TRANSMITTED TO OR FROM OUR SERVICE OR STORED ON OUR SYSTEMS.

1.2. Acknowledgment of Risk: BY USING THE TRAXQ SERVICE, YOU EXPRESSLY ACKNOWLEDGE AND ACCEPT THAT:

• There is an inherent risk in transmitting any information over the Internet
• No computer system or data transmission can be guaranteed to be fully secure against intrusion, hacking, or data breaches
• Sophisticated cyberattacks may bypass security measures despite our best efforts
• Third-party service providers on which we rely may experience their own security incidents
• Human error, both by our personnel and by users, can contribute to security vulnerabilities
• Zero-day vulnerabilities may exist in software before patches are available

1.3. Use at Your Own Risk: YOU USE THE TRAXQ SERVICE AT YOUR OWN RISK. WE RECOMMEND THAT YOU MAINTAIN YOUR OWN BACKUP OF IMPORTANT DATA AND NOT RELY SOLELY ON TRAXQ FOR DATA STORAGE OR PRESERVATION.

2. Security Disclaimer of Warranties

2.1. AS-IS BASIS: THE TRAXQ SERVICE, INCLUDING ALL SECURITY FEATURES AND MEASURES, IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TRAXQ EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO:

• IMPLIED WARRANTIES OF MERCHANTABILITY
• FITNESS FOR A PARTICULAR PURPOSE
• NON-INFRINGEMENT
• WARRANTIES THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE
• WARRANTIES THAT DEFECTS WILL BE CORRECTED
• WARRANTIES THAT THE SERVICE OR THE SERVERS THAT MAKE IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS
• WARRANTIES REGARDING THE SECURITY, RELIABILITY, TIMELINESS, OR PERFORMANCE OF THE SERVICE

2.2. No Guarantee Against Attacks: WE DO NOT WARRANT THAT THE SERVICE WILL BE IMMUNE FROM OR PROTECTED AGAINST:

• Hacking attempts or successful breaches
• Ransomware, malware, or viruses
• Phishing or social engineering attacks
• Distributed Denial of Service (DDoS) attacks
• Man-in-the-middle attacks
• SQL injection, cross-site scripting (XSS), or other code injection attacks
• Brute force attacks on authentication systems
• Insider threats or employee malfeasance
• Advanced persistent threats (APTs)
• Nation-state sponsored cyberattacks
• Exploitation of zero-day vulnerabilities
• Supply chain attacks through third-party dependencies

2.3. Third-Party Security: WE DO NOT WARRANT THE SECURITY OF ANY THIRD-PARTY SERVICES, PLATFORMS, OR INTEGRATIONS THAT MAY BE CONNECTED TO OR USED IN CONJUNCTION WITH TRAXQ, INCLUDING BUT NOT LIMITED TO PAYMENT PROCESSORS, CLOUD PROVIDERS, MAP SERVICES, EMAIL PROVIDERS, AND GOVERNMENT DATABASES.

3. Limitation of Liability for Security Incidents

3.1. No Liability for Security Breaches: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TRAXQ, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, LICENSORS, AND SERVICE PROVIDERS SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO ANY SECURITY INCIDENT, DATA BREACH, OR UNAUTHORIZED ACCESS, INCLUDING BUT NOT LIMITED TO:

• Loss of data, including load records, financial data, driver information, or business documents
• Unauthorized access to or disclosure of personal information, location data, or business information
• Business interruption, downtime, or inability to access the Service
• Loss of profits, revenue, business opportunities, or goodwill
• Costs of data recovery, system restoration, or forensic investigation
• Regulatory fines, penalties, or legal fees arising from a breach
• Reputational damage or harm to business relationships
• Identity theft, fraud, or financial losses suffered by you or third parties
• Claims by your employees, drivers, customers, or other third parties
• Any losses resulting from reliance on the security of the Service

3.2. Cap on Liability: IN NO EVENT SHALL TRAXQ'S TOTAL LIABILITY ARISING OUT OF OR RELATED TO ANY SECURITY INCIDENT OR THIS SECURITY POLICY EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID TO TRAXQ IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT, OR (B) ONE HUNDRED DOLLARS ($100 USD).

3.3. Essential Basis of the Bargain: THE LIMITATIONS OF LIABILITY SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN TRAXQ AND YOU. TRAXQ WOULD NOT BE ABLE TO PROVIDE THE SERVICE WITHOUT SUCH LIMITATIONS. THESE LIMITATIONS APPLY EVEN IF TRAXQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF WHETHER A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

3.4. Jurisdictional Variations: Some jurisdictions do not allow the exclusion of certain warranties or the limitation of liability for certain types of damages. To the extent that such exclusions or limitations are not permitted under applicable law, the above limitations may not apply to you, but shall apply to the maximum extent permitted.

4. Your Security Responsibilities

4.1. Shared Security Model: Security is a shared responsibility. While TraxQ implements reasonable security measures on our systems, you are responsible for security on your end. TraxQ SHALL NOT BE LIABLE FOR SECURITY INCIDENTS CAUSED BY OR CONTRIBUTED TO BY YOUR FAILURE TO FULFILL YOUR SECURITY RESPONSIBILITIES.

4.2. Your Obligations: You agree to:

• Password Security: Use strong, unique passwords (minimum 12 characters with mixed case, numbers, and symbols) and change them regularly. Never share your password or write it down in an unsecure location.
• Multi-Factor Authentication: Enable multi-factor authentication (MFA) when available. TraxQ strongly recommends MFA for all accounts.
• Account Access: Immediately revoke access for employees or drivers who leave your organization or no longer require access.
• Device Security: Keep your devices (computers, tablets, smartphones) updated with the latest security patches and operating system updates.
• Antivirus/Antimalware: Use reputable antivirus and antimalware software on all devices used to access TraxQ.
• Network Security: Access TraxQ only from secure networks. Avoid using public Wi-Fi without a VPN.
• Phishing Awareness: Be vigilant against phishing emails and never click on suspicious links or provide credentials in response to unsolicited requests. TraxQ will never ask for your password via email.
• Browser Security: Keep your web browser updated and avoid installing untrusted browser extensions.
• Monitoring: Regularly review account activity and immediately report any suspicious activity to security@traxq.com.
• Session Security: Log out of TraxQ when finished, especially on shared devices. Do not save credentials in browsers on shared computers.
• API Key Security: If you use API keys or integration credentials, keep them confidential and rotate them regularly.
• Mobile App Security: Only download the TraxQ mobile app from official app stores (Apple App Store, Google Play Store).
• Tracking Link Security: Treat tracking links as sensitive information and only share with authorized parties.

4.3. Consequences of Failure: If a security incident occurs due to your failure to comply with the above responsibilities (including but not limited to weak passwords, failure to enable MFA, clicking on phishing links, or failure to promptly revoke access for former employees), TraxQ shall have no liability for any resulting damages, and you shall indemnify TraxQ against any claims arising from such incident.

5. Security Incident and Data Breach Response

5.1. Our Response: In the event of a confirmed security breach affecting your data, TraxQ will:

• Take reasonable steps to contain and remediate the breach
• Investigate the nature and scope of the incident
• Notify affected users in accordance with applicable law
• Provide reasonable cooperation with your investigation (subject to our legal obligations)

5.2. Notification Timeframe: We will notify you of a confirmed data breach affecting your data within a reasonable timeframe, and in any event in accordance with applicable breach notification laws (e.g., within 72 hours where required by GDPR). However, notification may be delayed if law enforcement requests a delay or if doing so would impede our investigation.

5.3. No Admission of Liability: Any notification of a security incident or data breach shall not constitute an admission of fault, liability, or wrongdoing by TraxQ. Cooperation with your investigation or remediation efforts shall not be construed as acceptance of responsibility.

5.4. Your Notification Obligations: You agree to notify TraxQ immediately at security@traxq.com if you become aware of any actual or suspected security incident, unauthorized access, or compromise of your account credentials. Failure to promptly notify us may limit our ability to mitigate harm and may affect your ability to seek any remedies.

6. Third-Party Services and Integrations

6.1. Third-Party Risk: TraxQ integrates with and relies on various third-party services to provide our platform, including but not limited to:

• Cloud infrastructure providers (Google Cloud/Firebase, Cloudflare)
• Payment processors (Stripe)
• Email and SMS delivery services
• Map and geocoding services (OpenStreetMap, Nominatim)
• Government databases (FMCSA, DOT)
• Analytics and monitoring services

6.2. No Responsibility for Third Parties: TRAXQ SHALL NOT BE LIABLE FOR ANY SECURITY INCIDENTS, DATA BREACHES, SERVICE INTERRUPTIONS, OR OTHER ISSUES ARISING FROM OR RELATED TO THIRD-PARTY SERVICES, INCLUDING:

• Security breaches at third-party providers that affect TraxQ or your data
• Downtime or service interruptions caused by third-party providers
• Data loss or corruption occurring on third-party systems
• Privacy violations by third-party services
• Changes to third-party services that affect TraxQ functionality
• Third-party services becoming unavailable or being discontinued

6.3. User Integrations: If you choose to connect third-party integrations to your TraxQ account (e.g., accounting software, load boards, ELD providers), you do so at your own risk. TraxQ is not responsible for the security practices of third-party services you choose to integrate.

7. GPS and Location Data Security Disclaimer

7.1. Location Data Risks: TraxQ collects and processes GPS and location data from driver mobile devices. You acknowledge and accept the following inherent risks:

• Location data could be intercepted during transmission despite encryption
• Stored location history could be accessed in the event of a data breach
• Public tracking links could be accessed by unintended recipients if shared improperly
• Location data could be subpoenaed by law enforcement or revealed in litigation
• GPS signals can be spoofed or manipulated by sophisticated attackers

7.2. Tracking Link Security: Public tracking links do not require authentication by design to allow customers to track shipments easily. TRAXQ IS NOT LIABLE FOR:

• Unauthorized access to tracking information due to improper sharing of tracking links
• Tracking link URLs being guessed, enumerated, or otherwise discovered
• Privacy claims from drivers whose location was viewed via tracking links you shared
• Any consequences arising from location data being visible to tracking link recipients

7.3. Your Responsibility: You are solely responsible for ensuring that location tracking complies with applicable laws, including obtaining appropriate consent from drivers, and for configuring what information is displayed on tracking links.

8. Document and File Upload Security Disclaimer

8.1. Upload Risks: TraxQ allows users to upload various documents including Bills of Lading, proof of delivery photos, insurance certificates, driver documents, and other files. TRAXQ DISCLAIMS LIABILITY FOR:

• Loss, corruption, or unavailability of uploaded documents
• Unauthorized access to uploaded documents in the event of a security breach
• Malware, viruses, or malicious content contained in files uploaded by you or your users
• Documents being accessed by unauthorized users due to improper permission settings
• Third-party claims arising from documents you upload

8.2. Your Responsibility: You are responsible for maintaining your own backup copies of important documents. Do not upload documents containing sensitive information unless necessary, and ensure you configure document sharing permissions appropriately.

9. Account and Authentication Security Disclaimer

9.1. Account Compromise: TRAXQ SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO YOUR ACCOUNT OR DATA RESULTING FROM:

• Weak, reused, or compromised passwords
• Failure to enable multi-factor authentication
• Phishing attacks where you voluntarily provided credentials
• Social engineering attacks targeting your organization
• Malware or keyloggers on your devices
• Credential stuffing attacks using passwords leaked from other services
• Shoulder surfing or physical observation of your login
• Failure to log out on shared or public devices
• Sharing your login credentials with others
• Former employees or contractors retaining access due to failure to revoke their credentials

9.2. Account Activity: You are responsible for all activity that occurs under your account credentials, regardless of whether you authorized such activity. We strongly recommend regularly reviewing your account activity and login history.

10. Mobile Application Security Disclaimer

10.1. Mobile Device Risks: The TraxQ mobile application runs on devices you control. TRAXQ IS NOT LIABLE FOR SECURITY INCIDENTS ARISING FROM:

• Jailbroken or rooted devices that bypass operating system security
• Outdated operating systems with known vulnerabilities
• Malware or malicious apps installed on the same device
• Lost or stolen devices where the app was logged in
• Failure to use device passcodes or biometric locks
• Unauthorized physical access to devices
• Screen recording or screenshot malware
• Fake or counterfeit TraxQ apps downloaded from unauthorized sources

10.2. App Store Security: Only download the TraxQ mobile application from official app stores. TraxQ is not responsible for malicious apps impersonating our service on unofficial app stores or websites.

11. API and Integration Security Disclaimer

11.1. API Key Security: If you use TraxQ APIs or integration features, you are responsible for:

• Keeping API keys and credentials secure and confidential
• Not exposing API keys in client-side code or public repositories
• Rotating API keys regularly
• Immediately revoking compromised API keys
• Implementing appropriate security measures in your own applications

11.2. API Abuse: TRAXQ SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM THE COMPROMISE OR MISUSE OF YOUR API KEYS OR INTEGRATION CREDENTIALS. You are responsible for all API calls made using your credentials.

12. Indemnification for Security Matters

12.1. Your Indemnification Obligations: You agree to indemnify, defend, and hold harmless TraxQ, its officers, directors, employees, agents, affiliates, successors, and assigns from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Your failure to comply with your security responsibilities as described in this Policy
• Security incidents caused by or contributed to by your negligence or misconduct
• Unauthorized access resulting from compromised credentials or devices under your control
• Claims by your employees, drivers, customers, or other third parties related to your use of TraxQ
• Your violation of any applicable laws, regulations, or third-party rights related to data security or privacy
• Your failure to properly obtain consent for GPS tracking or location data collection
• Improper sharing of tracking links or disclosure of location information
• Malware or malicious content introduced through files you upload

12.2. Procedure: TraxQ will provide you with prompt written notice of any claim subject to indemnification and will allow you to control the defense, provided that TraxQ may participate in the defense at its own expense. You may not settle any claim in a manner that admits fault or liability on the part of TraxQ without our prior written consent.

13. Regulatory Compliance Disclaimer

13.1. Your Compliance Responsibility: You are solely responsible for ensuring that your use of TraxQ complies with all applicable laws, regulations, and industry standards related to data security and privacy, including but not limited to:

• Federal and state data breach notification laws
• FMCSA and DOT regulations regarding electronic records and data security
• HIPAA (if you transport medical-related freight)
• PCI-DSS (if you process payment card data)
• State privacy laws (CCPA, VCDPA, CPA, etc.)
• GDPR and other international privacy regulations (if applicable)
• State employee monitoring and location tracking laws
• Industry-specific security requirements

13.2. No Compliance Guarantee: TRAXQ DOES NOT WARRANT THAT USE OF THE SERVICE WILL MAKE YOU COMPLIANT WITH ANY SPECIFIC LAW, REGULATION, OR STANDARD. You should consult with qualified legal and security professionals to ensure compliance with applicable requirements.

14. Dispute Resolution for Security Matters

14.1. Binding Arbitration: ANY DISPUTE, CLAIM, OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS SECURITY POLICY OR ANY SECURITY INCIDENT SHALL BE RESOLVED BY BINDING ARBITRATION IN ACCORDANCE WITH THE DISPUTE RESOLUTION PROVISIONS SET FORTH IN OUR TERMS OF SERVICE.

14.2. Class Action Waiver: YOU AGREE THAT ANY CLAIMS RELATED TO SECURITY INCIDENTS OR DATA BREACHES SHALL BE BROUGHT IN YOUR INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT PRESIDE OVER ANY FORM OF CLASS OR REPRESENTATIVE PROCEEDING.

14.3. Jury Trial Waiver: YOU AND TRAXQ HEREBY WAIVE ANY CONSTITUTIONAL AND STATUTORY RIGHTS TO SUE IN COURT AND HAVE A TRIAL IN FRONT OF A JUDGE OR A JURY WITH RESPECT TO ANY CLAIMS ARISING FROM SECURITY INCIDENTS OR THIS SECURITY POLICY.

15. Changes to This Security Policy

15.1. Updates: TraxQ reserves the right to modify this Security Policy at any time. Material changes will be posted on this page with an updated "Last Updated" date. We may also notify you by email for significant changes.

15.2. Continued Use: Your continued use of the Service after any changes to this Security Policy constitutes your acceptance of the updated Policy. If you do not agree to the changes, you must stop using the Service.

16. Security Contact Information

For security-related inquiries, incident reports, or questions about this Security Policy, contact us:

Security Team: security@traxq.com

Vulnerability Reports: security@traxq.com (Subject: "Security Vulnerability Report")

Incident Reports: security@traxq.com (Subject: "Security Incident Report")

Legal Department: legal@traxq.com

For urgent security incidents, please include "URGENT" in your email subject line.