Security at GreenKit™

Security at GreenKit™ is a first-class concern. We treat the routes, customer lists, payment records, and crew data you trust us with as if they were our own. This page summarizes the technical and operational controls we maintain.

1. Encryption

All data transmitted between your browser or mobile device and GreenKit™ is encrypted in transit using Transport Layer Security (TLS 1.2 or higher). Sensitive data — including credentials, customer records, and payment metadata — is encrypted at rest using AES-256 within our hosting environment.

2. Data storage and infrastructure

GreenKit™ is hosted on Amazon Web Services (AWS) within data centers in the United States. AWS maintains industry-leading certifications for physical security, environmental controls, datacenter operations, and personnel security, including SOC 1, SOC 2, SOC 3, ISO 27001, and PCI DSS Level 1. Customer data is logically separated by account and replicated across multiple availability zones for durability.

3. Backups and disaster recovery

We perform automated, encrypted backups of customer data on a daily basis and retain them for a rolling window sufficient to support point-in-time recovery. Our disaster recovery procedures are tested periodically to confirm they meet our recovery-time objectives.

4. Security testing

We engage independent third-party security firms to conduct annual external penetration tests of the GreenKit™ platform. We also operate continuous automated vulnerability scanning, dependency monitoring, and static analysis on every code change before it reaches production. Critical findings are tracked to remediation under defined service-level objectives.

5. Credit card and payment security

GreenKit™ never directly stores full credit card numbers. Subscription billing and Account-Owner-to-client payments are processed by Stripe, a PCI DSS Level 1 certified payment provider. Card data is collected by Stripe using their hosted elements, which means sensitive payment details flow directly to Stripe and never traverse GreenKit™ servers.

6. Access controls and internal governance

Access to production systems and customer data is strictly limited to a small number of authorized engineers, granted on a least-privilege basis, and reviewed regularly. All employee access is protected by strong, unique credentials and mandatory two-factor authentication. We log and monitor administrative actions on production systems.

7. Security training and personnel

Every GreenKit™ team member completes security awareness training at hire and annually thereafter. All employees and contractors are bound by confidentiality obligations as a condition of employment.

8. Monitoring and incident response

We continuously monitor our infrastructure for unusual activity, failed authentication attempts, and signs of compromise. Our incident response plan defines clear roles, escalation procedures, and notification commitments. In the unlikely event of a security incident affecting your data, we will notify affected Account Owners as soon as reasonably possible and provide ongoing updates as we investigate.

9. Account-level security features

• Two-factor authentication (2FA): available to every Account Owner and Employee User and strongly recommended.
• Role-based access: Account Owners control which Employee Users can view, edit, or delete records.
• Activity log: a record of significant actions taken in your account, available for review.
• Session management: sign-out from all devices at any time from Account Settings.

10. Reporting a security issue

If you believe you have discovered a security vulnerability in GreenKit™, we want to hear about it. Please email security@greenkit.app with details. We commit to acknowledging your report within two business days and to keeping you informed as we investigate. We will not pursue legal action against researchers who act in good faith and follow responsible disclosure practices.

11. Contact

For general security questions, contact security@greenkit.app.