Security
Last updated: March 26, 2026
WardenIQ is built for freight brokerages that handle sensitive pricing, customer, and carrier data. Security is foundational to our architecture, not an afterthought.
Infrastructure
US-Based Hosting
All data is stored on dedicated servers in US data centers. We do not use shared hosting or multi-tenant cloud databases.
TLS Everywhere
All connections use TLS 1.2+ encryption in transit. No unencrypted HTTP connections are accepted.
Firewall & Rate Limiting
UFW firewall with only ports 22, 80, and 443 open. API rate limiting, connection limits, and Fail2Ban intrusion prevention.
Tenant Isolation
Every database query is scoped to your tenant ID. There is no way for one organization to access another's data, even at the database level.
Data Protection
- Passwords are hashed using bcrypt with per-user salts. We never store plaintext passwords.
- Email credentials (SMTP/IMAP passwords, OAuth tokens) are encrypted at rest using Fernet symmetric encryption with a key stored outside the database.
- Database backups are encrypted and retained for disaster recovery.
- Session tokens use signed JWTs with expiration. Tokens are not stored server-side and cannot be forged without the signing key.
Email Permissions
WardenIQ uses two distinct permission scopes. They are independent: you can use the Outlook Add-in without ever connecting Microsoft Graph, and vice-versa.
1. Outlook Add-in (the in-Outlook panel)
The add-in requests the ReadItem permission level — the lowest available for Outlook mail add-ins. Within the add-in panel:
- Can read the subject, body, sender, and recipients of the email you are currently viewing.
- Cannot access other emails in your inbox, your calendar, contacts, or any other mailbox data.
- Can compose a pre-filled reply when you click "Reply with Quote" — you review and send it yourself in Outlook. The add-in itself does not send emails on your behalf.
- Cannot modify or delete any existing mailbox content.
- Does not run in the background. No data is transmitted until you actively click the WardenIQ button on a specific email.
2. Inbox Monitoring & Reply Automation (Microsoft Graph API, optional)
If you opt in to inbox monitoring or reply automation, WardenIQ requests the following Microsoft Graph API scopes via Microsoft's standard OAuth consent flow:
- Mail.Read — scan your inbox for new freight RFQs (auto-quote / inbox monitoring features).
- Mail.Send — send quote replies and rate-con responses on your behalf.
- MailboxSettings.Read — read timezone and working hours for scheduling.
- offline_access — refresh access tokens automatically without re-prompting.
These permissions are broader than the add-in's ReadItem scope. They are opt-in per tenant. You can revoke access at any time from your Microsoft 365 admin center (Azure Active Directory → Enterprise Applications). OAuth refresh tokens are encrypted at rest using Fernet symmetric encryption and are tenant-isolated; no other tenant or third party can access them.
What happens with email content sent to our servers
- The email body is processed by our AI parser to extract lanes, equipment, dates, and rates.
- Extracted structured data (lanes, rates, customer info) is stored in your tenant's encrypted database.
- Raw email bodies are not stored after parsing is complete.
AI & Data Processing
- Email parsing: AI models extract structured freight data from unstructured email text. The AI provider does not retain your data after processing, and your data is not used to train models.
- Win probability: A locally-trained machine learning model runs entirely on our servers. No customer data leaves our infrastructure for this feature.
- Lane scoring: A proprietary scoring engine analyzes your quote history across four dimensions (balance, consistency, momentum, timing) to score every lane. Scores are computed from your own account data only, cached server-side for up to 15 minutes per tenant, and invalidated when outcomes change. When city-level data is insufficient, the engine aggregates to market, state, or regional level using only your own data. No cross-tenant data is used in individual scores.
- WIQ Network: Anonymized, aggregated market trends. Individual quotes, customer names, and rates are never shared across tenants.
Access Controls
| Feature | Admin | Member |
|---|---|---|
| View own quotes & lanes | Yes | Yes |
| View team quotes | Yes | Own team only |
| Manage users & roles | Yes | No |
| View all teams' data | Yes | No |
| Billing & subscription | Yes | No |
Incident Response
In the event of a security incident affecting customer data, we will notify affected customers within 72 hours via email with details of the incident, data affected, and remediation steps taken.
Responsible Disclosure
If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond within 48 hours.
Questions
For security-related questions, contact [email protected]. For general support, visit our support page.