Security

Enterprise-grade protection for every tenant.

Multi-tenant architecture, encrypted data, and audited processes keep your routes, customers, and billing data safe.

Talk Compliance Download Security Brief
SOC 2 Type II Ready GDPR/CCPA Aligned Stripe Verified Partner AWS Advanced Tier

Platform security layers

Defense-in-depth protects customer data from the device to the database.

Infrastructure

AWS multi-AZ deployments with redundant Postgres, Redis, and S3. Regional failover and CDN edge caching keep latency low.

Data protection

AES-256 encryption at rest, TLS 1.2+ in transit, automatic key rotation via AWS KMS, and hashed credentials with Devise.

Access controls

Role-based permissions, SSO/SAML support, least-privilege IAM, and audit trails via PaperTrail, ActivityLog, and Ahoy.

Compliance

  • Principle of least privilege enforced across infrastructure, apps, and vendor access.
  • Background checks + security training for employees with production access.
  • Annual penetration testing with third-party reports and remediation tracking.
  • Vendor diligence for USPS, Stripe, AWS, SendGrid, and integration partners.
  • Customer NDA package includes policies, architecture diagrams, and DR plans.

Monitoring & Reliability

  • 24/7 uptime monitoring and `/up` health endpoint with PagerDuty alerts.
  • Bugsnag, structured logging, and anomaly detection for rapid incident response.
  • Sidekiq + Redis job health dashboards surfaced inside the admin console.
  • Nightly encrypted backups with point-in-time recovery and quarterly DR tests.
  • Dedicated on-call rotation spanning Americas, EMEA, and APAC.

Data lifecycle

Transparent processes for collecting, storing, retaining, and deleting tenant data.

Capture

Normalized ingestion

CSV imports, API events, and manual entries run through validation + PII tagging.

Storage

Segmented tenancy

Separate Postgres schemas + Redis namespaces per company with strict row-level access.

Retention

Configurable policies

Tenant-specific retention windows, automated purges, and export tooling.

Destruction

Verified deletion

Cryptographic erasure across hot + cold storage with audit confirmation.

Organization & people

Security is a company-wide mandate.

Access reviews, tabletop exercises, and customer council feedback keep our controls effective as we scale.

  • Quarterly SOC 2-aligned control assessments with external counsel
  • Follow-the-sun incident response with documented SLAs
  • Secure SDLC with peer review, automated scans, and secrets scanning

Security resources

  • Acceptable use, data retention, and DR policies available on request
  • Vendor risk questionnaires + CAIQ responses
  • Customer security council with quarterly roadmap reviews
  • Dedicated security@routtr.com alias for disclosures

Need a security review?

We'll share architecture docs, policies, and recent test reports under NDA.

Contact Our Team

Roo Assistant

How can we help?

Let us know how to reach you and we’ll keep the history handy.

Need a human? Contact Sales