Trust center

Data security & privacy

Your data. Your tenant. Our responsibility.

Waka Forward is a freight forwarder AI orchestration platform. We treat data isolation, access control, and auditability as core product requirements—not optional add-ons.

Last updated: 14-May-2026

Tenant isolation

Company-scoped data with relationship-based sharing only

Encryption

TLS in transit; encrypted cloud storage at rest

Access control

Roles, profiles, RLS, and server-side enforcement

Tenant isolation and relationship-scoped access

Every freight forwarder operates inside a secure, isolated tenant. Operational data is scoped strictly to your branch unless an explicit customer relationship or subcontractor authorization grants shared visibility.

  • Strict company-level scoping on APIs and database queries—no cross-tenant reads without a defined relationship or share record
  • Relationship graphs control what each counterparty sees: PO lines, RFQs, bookings, and documents follow party linkage rules
  • PostgreSQL row-level security (RLS) policies enforce data isolation at the database layer, not only in the UI
  • Server-side checks on role, operational permissions, and licensed modules for every mutating operation

Encryption and secure transport

Data is protected in motion and at rest using industry-standard cloud controls.

  • All application traffic uses HTTPS/TLS; production registration and authentication require encrypted transport
  • Authentication tokens are stored in httpOnly cookies where configured, reducing exposure to client-side script access
  • Cloud database and storage volumes use provider-managed encryption at rest (e.g. encrypted EBS/RDS on AWS)
  • Passwords are never stored in plain text; credential handling follows modern hashing practices on the auth service

Identity, roles, and least privilege

Access follows who you are, which company you belong to, and what your license entitles you to—not a one-size-fits-all console.

  • Role-based onboarding (Admin, Operator, Read-Only) gates modules, menus, and actions
  • Granular role and permission checks at company, branch, and operational scope where enabled
  • Known-contact registration claim flow prevents duplicate trial tenants for existing relationship contacts
  • Unified secure sign-in for your operations team and authorized counterparties—no shadow portals with weaker security

Audit trail and accountability

Multi-party logistics requires knowing who changed what, and when.

  • Audit events for sensitive operational actions: invites, relationship changes, awards, milestone updates, and visibility changes
  • PO, RFQ, and booking histories support review and dispute resolution across parties
  • Administrative and sponsorship scope changes are designed to be traceable for enterprise governance

Privacy rights and data stewardship

We align platform design with widely recognized privacy principles, including GDPR-oriented controls. Collection, use, sharing, retention, and your legal rights are described in our Privacy Policy.

  • Privacy Policy covers information we collect, how we use and share it, international transfers, and your rights
  • The Data Security section of the Privacy Policy summarizes technical and organizational safeguards in legal terms
  • This trust center (/security) provides additional operational detail on tenant isolation, encryption, and access control
  • Infrastructure supports data subject workflows: access, correction, export, and deletion requests (see Privacy Policy)
  • Consent and marketing preferences are tracked where required for regulated processing
  • Data minimization in directory and profile features—counterparties expose only what they agree to share

AI and document processing

Intelligent OCR and workflow assistance process your documents within your tenant context.

  • Document extraction for RFQ and booking uses AWS Bedrock within your configured cloud region and credentials model
  • AI-assisted answers for operational questions are grounded in your tenant workflow data—not public model training on your private shipments by default
  • Human review remains part of document and quote workflows before data is committed to operational records

Secure APIs and third-party system integrations

Waka Forward exposes REST APIs and webhooks so external systems—not workspace users—can integrate securely. Operational users who sign in to Waka are distinct from third-party API integrations such as accounting, ERP, INTRA, and custom enterprise systems.

  • Authenticated API access with tenant-scoped credentials and least-privilege integration patterns
  • Connect accounting (QuickBooks, Xero, SAP, Tally), ERP, INTRA, carriers, and custom connectors where enabled
  • PO import and ingestion flows use third-party system connectors; authorized operators use the Waka application directly
  • Webhook and event patterns support operational sync without sharing one login across organizations

Standards and practices we align with

We build toward enterprise expectations using recognized frameworks. Certification status varies by control area—ask us for your diligence questionnaire.

  • Security design informed by SOC 2 trust principles (security, availability, confidentiality)
  • Privacy practices aligned with GDPR and common B2B SaaS data-processing expectations
  • Secure development practices: typed services, SQL contract verification on critical dashboards, and separation of marketing vs application domains
  • Cloud-hosted on major providers with network isolation, patching, and monitoring responsibilities shared per the shared responsibility model

What you control

Security is shared. Your team governs users, relationships, and what you upload.

  • You manage user invitations, role assignments, and password hygiene inside your tenant
  • You choose which counterparties to link, invite, and share PO/RFQ/booking visibility with
  • Trial evaluators receive an isolated company sandbox—operational data is separated by tenant identifier
  • Report suspected incidents to security@wakatech.com; we investigate and respond per our incident process

Common questions

Can another Waka customer see my shipments?
Not by default. Each tenant is isolated by company scope. Another organization sees your data only when a commercial relationship, invitation, or explicit share record authorizes that visibility—enforced in application logic and database policies.
Where is my data stored?
Waka Forward runs on cloud infrastructure (typically AWS). Data residency and region choices depend on your deployment agreement. Contact sales or support for tenant-specific hosting details.
Do you sell customer data?
No. We use operational data to provide and improve the service you subscribe to, as described in our Privacy Policy—not to sell shipment or customer lists to third parties.
What happens if I register with an email already linked to a partner relationship?
Waka detects known relationship contacts during signup and routes you to an invite or admin-approval path instead of creating a duplicate trial company—keeping tenant and relationship data consistent.
How do I request data export or deletion?
Email support@wakatech.com with your company name and request type. We handle verified requests in line with our Privacy Policy and applicable law.

Privacy policy & contact

Legal topics—information collection, use, sharing, international transfers, children's privacy, and your statutory rights—are covered in our Privacy Policy, including an expanded Data Security section. This trust center describes how Waka Forward implements those safeguards in the product. For security reviews or incident reports: security@wakatech.com · support@wakatech.com