Trust Centre

Suply Ltd. operates under a governance charter that makes data protection and information security a board-level responsibility. This is not delegated solely to the technology team — the board reviews our security posture, data practices, and incident history as a standing agenda item.

• A designated Data Protection Officer (DPO) is responsible for GDPR compliance and acts as the primary point of contact for data subjects and the ICO.
• A data governance committee with defined membership meets regularly to review policies, assess data risks, and approve changes to data processing activities.
• All data processing activities are recorded in a maintained Record of Processing Activities (ROPA) as required under Article 30 of the UK GDPR.
• Data Protection Impact Assessments (DPIAs) are conducted before introducing new processing activities that may result in high risk to individuals.
• All security and privacy policies are reviewed and formally approved at least annually, or following material changes to the business or platform.
• A named responsible person is designated for security incidents. Escalation paths are documented and tested.

Suply Ltd. is registered as a data controller with the Information Commissioner's Office (ICO) in the United Kingdom. We process personal data under the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR).

• We collect only the data that is necessary to provide the CargoPilot platform. We do not collect data speculatively or for purposes beyond those disclosed.
• Your shipment data, temperature records, documents, and business information are used exclusively to operate the platform on your behalf. They are never sold, rented, or shared with third parties for commercial purposes.
• We maintain a lawful basis for every category of processing we undertake. For customers, the primary basis is the performance of a contract.
• Sub-processors who handle personal data on our behalf are bound by data processing agreements and are required to maintain appropriate security standards consistent with this policy.
• International transfers of personal data outside the UK and EEA are conducted only under appropriate safeguards, such as standard contractual clauses.
• We honour data subject rights — including the right of access, rectification, erasure, and objection — within the statutory timeframes.

We believe that leaving should be as clean as joining. When an organisation closes its CargoPilot account, we follow a documented data deletion procedure to ensure that no customer data is retained beyond what is strictly necessary.

• Upon account closure, all active shipment data, temperature records, documents, device pairings, and user records are scheduled for deletion from our primary systems.
• Automated deletion completes within 30 days of account closure across all active data stores.
• Encrypted backup copies containing customer data are rotated out within 90 days of account closure, at which point the data is unrecoverable.
• Before closing your account, you may request a full export of your data including shipment records, temperature readings, and uploaded documents.
• We do not retain customer business data for product analytics, model training, or any purpose after departure. Aggregated, fully anonymised usage statistics from which no individual or organisation can be identified may be retained.
• Our DPO can confirm the status of data deletion in writing upon request.

CargoPilot uses AI-assisted analysis to generate risk assessments and document intelligence summaries. This section explains precisely what AI is and is not used for, and the safeguards we apply.

• AI is used to generate advisory summaries — cold chain analysis narratives, likely cause assessments, document reference extraction — that are always presented for human review.
• No automated decisions with legal or similarly significant effect are made using AI. Every AI output is clearly labelled as AI-generated and must be reviewed by a user before any action is taken.
• Your shipment data and documents are never used to train, fine-tune, or improve any AI model. Data submitted to our AI processing pipeline is used solely to generate your analysis and is not retained by the AI provider beyond the immediate request.
• AI prompts are designed to minimise data exposure. We send only the minimum data necessary to produce a useful output.
• AI analysis results are cached within your account for convenience. You may regenerate any analysis at any time to obtain a fresh result, or request deletion of any cached analysis.
• The cold chain Integrity Score and all excursion calculations are computed using deterministic algorithms defined by our published methodology — not by AI. AI is used only to write the interpretive narrative around those calculated results.

Our internal security posture is built on documented procedures that govern how changes are made, how access is granted, and how incidents are managed. Security is a process, not a product.

• All changes to the production platform go through a documented change management process, including peer review and a security impact assessment before deployment.
• Audit logs capture all administrative actions on production systems, including data access, configuration changes, and user management events. Logs are retained and tamper-evident.
• An incident response plan with defined severity levels, escalation paths, and communication templates is maintained and reviewed annually. Incident response exercises are conducted periodically.
• Security reviews are conducted as a mandatory step when introducing new features that process personal data, accept file uploads, or communicate with external services.
• Vulnerability management is continuous. Security patches are assessed for severity and applied within defined SLAs — critical patches within 24 hours.
• We maintain a responsible disclosure policy. Verified security researchers who report vulnerabilities in good faith are acknowledged and kept informed. Reports should be directed to service@suply.ai.

• All team members who have access to production systems or customer data undergo background screening as a condition of employment, including identity verification and reference checks.
• Security awareness training is mandatory for all employees on joining and is repeated annually. Training covers phishing, social engineering, credential hygiene, and data handling responsibilities.
• The principle of least privilege is applied to all internal access. Team members receive only the access necessary for their specific role. Access is reviewed when roles change and revoked promptly on departure.
• Multi-factor authentication (MFA) is required for all internal systems, including production infrastructure, source code repositories, and third-party tooling that processes customer data.
• Separation of duties is enforced for critical operations — no single individual can both authorise and execute a sensitive action such as a production data change or access grant.
• Remote working security requirements are defined and enforced, including encrypted storage on all devices used for work, and the use of company-managed access controls.
• A confidentiality agreement covering customer data, security practices, and intellectual property is signed by all personnel before system access is granted.

Security controls are implemented at every layer of the CargoPilot platform — from the network boundary down to individual database queries.

• All data in transit is encrypted using TLS 1.3. Connections using older protocol versions are rejected.
• All data at rest is encrypted using AES-256. This applies to databases, backup storage, and file storage.
• Databases are isolated in private network segments with no direct public internet access. Access from the application layer is mediated through authenticated, authorised connections only.
• Authentication uses short-lived cryptographically signed tokens. Tokens are invalidated on logout and expire automatically. Passwords are hashed using bcrypt with a high work factor — plaintext credentials are never stored.
• Organisation-level data isolation is enforced at the query layer. Every data access is scoped to the requesting organisation. Cross-organisation data leakage is structurally prevented, not just access-controlled.
• All file uploads are validated for type, content, and size before processing. Uploaded documents are not directly served to browsers without sanitisation.
• Input sanitisation and parameterised queries are used throughout to prevent SQL injection and cross-site scripting (XSS). Security controls are tested as part of the development process.
• Infrastructure is monitored continuously for anomalous activity. Alerts are routed to on-call personnel with defined response procedures.
• Regular automated backups are performed with point-in-time recovery capability. Backup integrity is verified.

• UK GDPR: Suply Ltd. is a registered data controller with the Information Commissioner’s Office (ICO). We comply with all applicable obligations under the UK General Data Protection Regulation.
• EU GDPR: Where we process personal data of individuals in the European Economic Area, we comply with the requirements of the EU General Data Protection Regulation.
• ISO 27001 alignment: Our information security management practices are aligned with the ISO/IEC 27001 framework — risk-based security management, access controls, asset management, business continuity, and supplier security.
• Our cold chain analytical methodology is grounded in regulatory and scientific standards: ICH Q1A (pharmaceutical stability), USDA guidelines (perishable cargo), Codex Alimentarius (food safety), and IDF standards (dairy). These are applied directly in our Integrity Score calculations and excursion analysis.
• Verified report authentication: PDF reports issued by CargoPilot include a cryptographically unique token and QR code that can be independently verified at any time, providing a tamper-evident audit trail for quality control and regulatory inspection purposes.

CargoPilot is aligned with the standards published by the Digital Container Shipping Association (DCSA) — the cross-industry body whose mission is to drive standardisation and digitalisation across the global container shipping industry. Following DCSA standards means the data structures, event models, and tracking formats used in CargoPilot are interoperable with those used by major ocean carriers and logistics platforms worldwide.

• CargoPilot's shipment event model follows the DCSA Track & Trace standard, ensuring that milestone events (Gate In, Loaded, Departed, Arrived, Discharged, Delivered) carry consistent definitions across carriers and trade lanes.
• Transport document structures and container identification formats in CargoPilot conform to DCSA blueprints, enabling straightforward integration with carriers and freight platforms that share the same standard.
• Adherence to DCSA standards reduces friction when exchanging data with partners, customers, and downstream systems — no proprietary translation layers required.
• As DCSA standards evolve, CargoPilot's data model is updated in step, ensuring long-term compatibility with the direction the industry is moving.

Full details of the DCSA standards that underpin container shipping interoperability are publicly available at dcsa.org/standards.

If you have questions about this Trust Centre, want to discuss our security practices before onboarding, or need to exercise a data subject right, please contact us. We aim to acknowledge all trust and privacy enquiries within 2 business days.