Security
Last updated: June 1, 2026
Our commitment
We protect carrier and driver data with industry-standard security controls and continuously improve our posture as we grow.
Data encryption
All traffic between your browser and AI DriverPay is encrypted in transit with TLS 1.2+. Customer data at rest is encrypted using AES-256 by our managed database provider. Backups are encrypted with the same standard.
Secure authentication
- Passwords are stored hashed with bcrypt — never in plain text.
- Session tokens are short-lived and rotated automatically.
- Row-Level Security policies isolate each carrier's data at the database layer.
- Admin and super-admin actions are gated by role-based checks on the server.
Stripe payment security
All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. We never see or store full card numbers, CVCs, or bank credentials — Stripe collects them directly through their hosted checkout. AI DriverPay only stores Stripe customer and subscription IDs.
Infrastructure security
- Hosted on SOC 2 Type II compliant cloud infrastructure.
- Least-privilege access for production systems with audit logging.
- Automated dependency vulnerability scanning on every deploy.
- Regular database backups with point-in-time recovery.
Responsible disclosure
If you believe you have discovered a security vulnerability in AI DriverPay, please report it privately so we can fix it before it is publicly disclosed. We will acknowledge your report within 2 business days and keep you informed as we investigate.
Do not access data that is not yours, perform denial-of-service tests, or test against accounts you do not own.
Contact
Security reports: security@aidriverpay.com