Enterprise grade security with Swiss hosting, security audits, and GDPR compliance.
Security specialists regularly test the platform against real world attack scenarios and identify vulnerabilities before they can be exploited.
Application code is reviewed for OWASP Top 10 vulnerabilities and industry specific threats. Security is built in from the start.
Server configuration, network security, and data storage practices are evaluated against current best practices. Swiss data center standards, rigorously maintained.
Security is not a one-time checkbox. Spoterix maintains an ongoing relationship with cybersecurity experts to continuously improve its security posture.
| Feature | Description |
|---|---|
| Two Factor Authentication | Email code or authenticator app (TOTP), with optional organization wide admin enforcement. |
| Brute Force Protection | Detection and mitigation of suspicious login patterns, including lockouts and IP based rate limiting. |
| Security Audit Trail | Security relevant actions are logged with actor, timestamp and IP address, including spot request creation, quote submission, award decisions and shipment updates. |
| Authentication Logging | Login events are recorded to support security monitoring and anomaly detection. |
| Role Based Access Control | Dedicated roles for Shippers, Suppliers and Admins with organization level data separation. |
| Encrypted Data Transfer | TLS encryption for application traffic and API communication. |
| Consent Management | Versioned legal consents with re consent prompts after policy updates. |
| AI Data Privacy | Optional AI features with customer controlled usage, data retention limits and no training on customer data. |
| API Rate Limiting | Rate limiting on sensitive endpoints to reduce abuse and automated attacks. |
Full data subject rights support. Data Processing Addendum (DPA) with clearly defined controller/processor roles, data categories, retention periods, and sub-processor obligations. Right to erasure supported.
Compliant with the Swiss Federal Data Protection Act (nDSG/revDSG) in addition to EU GDPR. B2B focused platform designed for business data processing without consumer data complexity.
Complete action logs for compliance reviews. Data minimization by design means only procurement relevant data is collected and processed. Retention policies are transparent.
Conceived and architected by Swiss software engineers with deep logistics domain expertise. Clean, maintainable codebase built on proven open-source frameworks (Symfony, Vue.js). Every line of code written in Switzerland.
Application servers and databases are hosted in Swiss data centers. Data never leaves Switzerland, giving customers full data sovereignty. Swiss hosting infrastructure meets high availability and redundancy standards.
Reliability, precision, and transparency are engineering principles, not just marketing claims. Independent and self funded. Direct, responsive support with no call centers and no ticket queues. Long term partnership approach.