Information Security

Effective: April 4, 2026

FleetGuard, operated by DailyVault LLC, is committed to protecting the sensitive compliance documents and personal data our customers entrust to us. This statement describes the technical, administrative, and physical safeguards we use to secure that data.

1. Encryption & Data Transmission

  • All data transmitted between your browser and FleetGuard is encrypted using TLS 1.2+ (HTTPS).
  • Document files uploaded to FleetGuard are stored in Cloudflare R2 object storage with encryption at rest.
  • Database connections use encrypted TLS links to the hosting provider.

2. Authentication & Access Control

  • Passwords are hashed using bcrypt and are never stored in plain text.
  • Authentication uses JSON Web Tokens (JWT) with 24-hour expiration.
  • Multi-user access supports role-based permissions (Owner, Admin, Viewer).
  • Document access uses signed URLs with 15-minute expiration — no permanent public links.
  • Every document view, download, upload, and deletion is logged with user ID and timestamp.

3. Data Isolation & Multi-Tenancy

  • Every database query filters by company ID to enforce tenant isolation. Users can only access their own company's data.
  • Document files are organized by company ID in storage: /company/{id}/drivers/{id}/... No cross-tenant access paths exist.
  • All data modifications are logged in an immutable audit trail (who changed what, when).

4. Abuse Prevention & Rate Limiting

  • Authentication endpoints are rate-limited (5 registrations/minute, 10 logins/minute per IP).
  • Per-plan usage limits prevent abuse of AI and SMS features.
  • File uploads are validated for MIME type and size (25MB max).
  • All user input is validated against injection attacks (SQL, XSS).

5. Third-Party Services & Data Processors

FleetGuard uses the following vetted service providers:

  • Anthropic (Claude AI)Document reading. Commercial API terms prohibit training on customer data.
  • Cloudflare R2Document storage. SOC 2 Type II certified.
  • RenderApplication hosting and managed PostgreSQL.
  • StripePCI DSS Level 1 certified payment processing.
  • Quo (formerly OpenPhone)SMS delivery (A2P 10DLC registered).

6. Monitoring & Incident Response

  • Application errors are monitored in real-time via Sentry.
  • All access logs are retained for 90 days for security review.
  • In the event of a data breach affecting your personal information, you will be notified within 72 hours.

7. Industry Standards & Compliance

FleetGuard's security practices follow OWASP Top 10 guidelines and industry best practices for SaaS applications handling sensitive compliance data.

FleetGuard is actively working toward SOC 2 Type I certification as our customer base grows. We do not currently hold SOC 2, ISO 27001, or PCI DSS certifications — though our payment processor (Stripe) is PCI DSS Level 1 certified and our infrastructure provider (Cloudflare R2) is SOC 2 Type II certified.

8. Your Responsibilities

  • Use a strong, unique password for your FleetGuard account.
  • Never share your login credentials with anyone.
  • Sign out when accessing FleetGuard from shared or public devices.
  • Notify us immediately at support@docketscreen.com if you suspect unauthorized access to your account.
  • Use the team access feature to grant role-based access instead of sharing passwords.

9. Multi-Fleet Data Handling

FleetGuard supports multiple fleet operation types (CDL Commercial, Non-CDL Commercial, Rideshare, and Rental Fleet). Each driver, vehicle, and document record is tagged with the operation type that applies to it, and the required-document checklist is filtered server-side based on the operation type of the specific driver being viewed. Cross-operation-type data leakage is prevented at the application layer through company_id and driver-level filtering on every API request. Fleet managers are solely responsible for selecting the correct operation type for each driver — FleetGuard does not make regulatory determinations.

10. Exemption Audit Trail

When a fleet manager marks a required document as "not applicable" for a specific driver or vehicle, FleetGuard stores a permanent audit record including the acting user's identity, the timestamp, the document type, and the written reason (minimum 5 characters, maximum 500 characters). Exemption records are retained for the lifetime of the account plus six years after account closure. Exempted documents are excluded from coverage score calculations but are displayed in a dedicated "Marked Not Applicable" section on the driver detail page for full transparency. Exemptions created inside FleetGuard have no legal or regulatory effect outside of the Service — fleet managers are responsible for confirming that any exempted requirement genuinely does not apply to their specific situation.

11. User Responsibility for State, City, and Platform Requirements

Compliance requirements vary by state, city, and platform. FleetGuard's default document checklists and operation-type templates are general starting points — they are not a comprehensive legal compliance program for your specific jurisdiction or platform. Users are solely responsible for verifying current requirements with authoritative sources (state DMV, state DOT, FMCSA, city clerks, platform operators, licensed consultants, or attorneys) and for ensuring their fleet, drivers, and vehicles meet all applicable laws and platform terms of service. FleetGuard does not make regulatory determinations, does not track platform rule changes in real time, and does not substitute for professional compliance, tax, insurance, or legal advice.

12. Admin Tab and Company Records

The Admin tab lets account owners and admins upload and track company-level records (LLC formation, EIN, DOT authority, insurance certificates, IFTA, IRP, annual reports, 2290, etc.) and recurring obligations (quarterly taxes, LLC annual fees, yard rent, broker payouts). These records are stored using the same encryption and tenant isolation as driver compliance documents: TLS in transit, AES-256 at rest in Cloudflare R2, signed URLs with 15-minute expiration, company_id filtering on every query, and audit logging of every view, upload, edit, and deletion. Only users with Owner or Admin roles can access the Admin tab; Viewer-role team members cannot see company administrative records.

13. Vehicle Maintenance and State Compliance Data

Vehicle maintenance logs (oil changes, tire rotations, brake checks, state inspections, emissions checks), current mileage readings, and related schedules are stored alongside the vehicle record and scoped to the company that owns the vehicle. They follow the same tenant isolation rules as all other fleet data. Estimated cost fields stored with maintenance records are used only for user-facing budget planning and are never shared with other customers or sold to third parties.

14. Personal Plan Isolation

The Personal plan ($9.99/month) is intended for individual drivers tracking their own license, insurance, registration, inspection, and maintenance reminders. Personal plan accounts are subject to the same encryption, tenant isolation, and access control as business accounts. Personal plan data is never combined with any other user's data, never used for benchmarking or aggregate analytics that could re-identify the user, and never shared with any third party beyond the essential subprocessors listed in the Terms of Service.

15. Reporting Security Issues

If you discover a security vulnerability in FleetGuard, please report it responsibly to support@docketscreen.com. We commit to acknowledging reports within 48 hours and working with researchers to resolve issues promptly.

16. Contact

For security or privacy questions, contact us at:

DailyVault LLC
Hackensack, New Jersey
support@docketscreen.com