DocumentationSecurity & admin
DOCS

Security overview

How Orbex Data protects shipment data, trade documents, and API credentials with encryption, access controls, and independent security assessments.

Read time:
8 min
Updated:
January 2026

Security model

Orbex Data is a multi-tenant SaaS platform hosting sensitive commercial and logistics data for global freight operations. Security is built into infrastructure, application, and operational layers with defense in depth.

Shared responsibility

Orbex Data secures the platform. Customers control user access, API key hygiene, and data classification within their workspace.

Encryption

  • TLS 1.2+ for all data in transit including API and webhook traffic
  • AES-256 encryption at rest for databases and object storage
  • Encrypted backups with geographically redundant replication
  • Optional customer-managed encryption keys (CMEK) on Enterprise plans
Encryption scope
LayerStandardEnterprise
TransitTLS 1.2+TLS 1.3 preferred
RestAES-256AES-256 + CMEK option
BackupsEncryptedEncrypted + dedicated region

Infrastructure

Production services run on SOC 2 Type II certified cloud infrastructure with network segmentation, WAF protection, and DDoS mitigation. Production and staging environments are logically isolated.

Data residency options are available for EU and APAC customers on Enterprise plans. Contact your account team for region-specific deployment.

Platform access controls

Orbex Data employees access production systems on a least-privilege basis with MFA, session logging, and quarterly access reviews. Customer data access by support requires explicit customer authorization except for security incidents.

  • SSO/SAML 2.0 for workspace authentication
  • Mandatory MFA for admin roles
  • API key scoping and rotation
  • Session timeout and device management

Compliance and assessments

Orbex Data maintains SOC 2 Type II attestation and aligns controls with GDPR requirements for EU personal data. Annual penetration tests are performed by independent third parties.

Trust materials

Request our security whitepaper, SOC 2 report, and DPA at hello@orbexdata.com during procurement.

Incident response

Security incidents are triaged 24/7. Customers with material impact receive notification per contractual commitments and applicable law. Report suspected vulnerabilities to security@orbexdata.com.

Need help? Email hello@orbexdata.com or visit Trust & security.