Security

Last updated: June 1, 2026

Our commitment

We protect carrier and driver data with industry-standard security controls and continuously improve our posture as we grow.

Data encryption

All traffic between your browser and AI DriverPay is encrypted in transit with TLS 1.2+. Customer data at rest is encrypted using AES-256 by our managed database provider. Backups are encrypted with the same standard.

Secure authentication

  • Passwords are stored hashed with bcrypt — never in plain text.
  • Session tokens are short-lived and rotated automatically.
  • Row-Level Security policies isolate each carrier's data at the database layer.
  • Admin and super-admin actions are gated by role-based checks on the server.

Stripe payment security

All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. We never see or store full card numbers, CVCs, or bank credentials — Stripe collects them directly through their hosted checkout. AI DriverPay only stores Stripe customer and subscription IDs.

Infrastructure security

  • Hosted on SOC 2 Type II compliant cloud infrastructure.
  • Least-privilege access for production systems with audit logging.
  • Automated dependency vulnerability scanning on every deploy.
  • Regular database backups with point-in-time recovery.

Responsible disclosure

If you believe you have discovered a security vulnerability in AI DriverPay, please report it privately so we can fix it before it is publicly disclosed. We will acknowledge your report within 2 business days and keep you informed as we investigate.

Do not access data that is not yours, perform denial-of-service tests, or test against accounts you do not own.

Contact

Security reports: security@aidriverpay.com