Enterprise-Grade Security — Swiss-hosted, security-audited, GDPR-compliant.
External security specialists regularly test the platform against real-world attack scenarios — identifying vulnerabilities before they can be exploited.
Application code is reviewed for OWASP Top 10 vulnerabilities and industry-specific threats. Security is built in — not patched on afterwards.
Server configuration, network security, and data storage practices are evaluated against current best practices. Swiss data center standards, rigorously maintained.
Security is not a one-time checkbox. Spoterix maintains an ongoing relationship with independent cybersecurity experts to continuously improve its security posture.
| Feature | Description |
|---|---|
| Two-Factor Authentication | Email code or authenticator app (TOTP) — user choice, admin-enforceable organization-wide |
| Brute Force Protection | Automatic detection and lockout of suspicious login patterns with IP-based rate limiting |
| IP Restriction | Optional allowlist-based access control per organization — restrict access to trusted networks |
| Full Audit Trail | Every action — RFQ creation, quote submission, award decision, shipment update — logged with actor, timestamp, and IP |
| Authentication Logging | Complete login history for security monitoring and anomaly detection |
| Role-Based Access Control | Three distinct roles (Shipper, Supplier, Admin) with strict data isolation between organizations |
| Encrypted Data Transfer | TLS encryption for all data in transit — no unencrypted communication |
| Consent Management | Versioned legal consents with automatic re-consent prompts on policy updates |
| AI Data Privacy | Opt-in AI features with automatic data purge and no model training on customer data |
| Rate Limiting | Protection against API abuse across all sensitive endpoints |
Full data subject rights support. Data Processing Addendum (DPA) with clearly defined controller/processor roles, data categories, retention periods, and sub-processor obligations. Right to erasure supported.
Compliant with the Swiss Federal Data Protection Act (nDSG/revDSG) in addition to EU GDPR. B2B-focused platform designed for business data processing — no consumer data complexity.
Complete action logs for internal and external compliance reviews. Data minimization by design — only procurement-relevant data is collected and processed. Transparent retention policies.
Conceived and architected by Swiss software engineers with deep logistics domain expertise. Clean, maintainable codebase built on proven open-source frameworks (Symfony, Vue.js). Every line of code written in Switzerland.
Application servers and databases hosted in Swiss data centers. Data never leaves Switzerland — full data sovereignty guaranteed. Swiss hosting infrastructure meets the highest availability and redundancy standards.
Reliability, precision, and transparency — engineering principles, not just marketing claims. Independent and self-funded. Direct, responsive support — no call centers, no ticket queues. Long-term partnership approach.