Version 1.2 — For Enterprise IT and Compliance Evaluation
Overview
Chain is a modern SaaS platform built for freight brokerages and logistics teams to streamline booking, tracking, and carrier engagement. Security and privacy are foundational to our architecture and operations. This whitepaper outlines how Chain protects customer data, ensures platform integrity, and complies with regulatory standards.
1. Platform Architecture & Isolation
Chain is deployed on Amazon Web Services (AWS) with a modern, serverless-first architecture. Our infrastructure follows strict isolation principles:
Microservice isolation: Each domain (e.g., booking, tracking) operates as an independent service with its own datastore and compute.
Data isolation: Each tenant is logically isolated. No cross-tenant access is permitted.
Scoped IAM policies: All AWS services operate with the principle of least privilege.
Private networking: Services and databases operate inside VPCs with no public access.
2. Data Security
We ensure security of data in transit, at rest, and during processing.
In Transit
All external traffic is encrypted using TLS 1.2 or higher.
Webhooks, APIs, and internal service calls are encrypted end-to-end.
At Rest
All data is encrypted at rest using AES-256 via AWS KMS.
Aurora, DynamoDB, S3, and backups are fully encrypted.
Application-Level Security
OAuth2 & SAML-based SSO with MFA support
Role-based access control (RBAC) and fine-grained permissions
Input validation, throttling, and audit logging
3. Infrastructure & Operational Security
Chain adheres to secure-by-default principles across its infrastructure:
Hosted in AWS US regions only, unless otherwise contracted
No public IPs for internal services or data stores
Code changes go through peer review and CI validation
Penetration tests are conducted annually by third-party firms
Dependency scanning via Snyk and GitHub Advanced Security
Monitoring is conducted using AWS CloudWatch, Datadog, and Sentry, with 24/7 on-call engineering response.
4. Identity & Access Management
Customer data is only accessible by authorized users with valid credentials.
All access to admin tools is logged and monitored.
Chain employees have tiered access levels with role-specific controls.
Production credentials are managed via AWS Secrets Manager.
5. Incident Response & RCA
Chain maintains a formal incident response policy, including:
24/7 alerting and triage for all production-impacting issues
Escalation to senior engineering within 15 minutes for SEV-1 incidents
Formal Root Cause Analysis (RCA) provided within 5 business days for Priority 1 outages, including resolution timeline and future mitigation steps
6. Availability & Disaster Recovery
Chain targets 99.99% uptime SLA, with daily automated backups retained for 30 days.
Systems are architected for high availability and auto-scaling via AWS Lambda, Aurora, and DynamoDB.
Critical workloads are stateless and can failover within AWS regional zones.
7. Compliance & Privacy
Chain is designed to support key regulatory frameworks:
GDPR & CCPA: We offer a Data Processing Addendum (DPA), enable customer data deletion, and provide subprocessor disclosures.
Data Residency: Customer data is hosted in the U.S. unless otherwise required.
Vendor Management: All subprocessors are vetted for security standards and data handling practices.
Cookies & Tracking: Minimal use of cookies; no cross-site tracking.
8. Customer Control & Transparency
Customers can request full audit logs of account activity.
SSO is available for enterprise customers.
Chain offers a shared responsibility model: we secure the infrastructure and services; customers are responsible for managing access and using secure configurations.
9. Subprocessors
Chain utilizes the following third-party subprocessors to deliver core platform functionality. All vendors are vetted for security, privacy, and operational standards:
Amazon Web Services (AWS) – Infrastructure, storage, compute
Twilio – SMS and voice communication
SendGrid – Transactional email delivery
Intercom – In-app support and messaging
Google Maps API – Geolocation services
LocationIQ – Supplemental geolocation
OpenAI – AI/LLM functionality
Claude (Anthropic) – AI/LLM functionality
PostHog (subject to usage) – Product analytics (self-hosted)
Sentry (subject to usage) – Error monitoring
For the most current list of subprocessors, please contact: team@trychain.com
10. Contact & Reporting
For security-related questions or disclosures: devs@trychain.com
For compliance and privacy inquiries: team@trychain.com
Chain reserves the right to update this whitepaper as systems and practices evolve.