Security Overview
Last reviewed: 14 July 2026.
Purpose
This page provides a high-level overview of how Parcel Pilot helps protect customer information and operates the service securely.
It is intended to explain our approach in plain English for customers, prospective customers, reviewers, and partners. Security practices continue to evolve, no control eliminates all risk, and this page is a general overview rather than a contractual service-level commitment or certification statement.
Security principles
Parcel Pilot is designed and operated around a set of practical security principles, including:
- authenticated access to application features
- role-based permissions and application-level access checks
- tenant and client separation within a multi-tenant platform
- audit logging for important authentication, administrative, and operational actions
- protected storage for application-managed secrets
- privacy, retention, and deletion workflows that support customer and legal obligations
These controls are intended to support secure day-to-day operation of the service while helping customers manage their own compliance and operational responsibilities.
Shared responsibility model
Parcel Pilot is responsible for the security of the platform, including core application controls such as authentication, access control, tenant-aware scoping, audit logging, secret protection, and retention tooling.
Customers remain responsible for the users they authorise, the permissions they assign, the data they submit, the lawful use of that data, the connected services they choose to enable, and the review of their own operational, fulfilment, billing, shipping, and integration outcomes.
Authentication
Parcel Pilot uses authenticated access for administrative and operational routes.
Current authentication controls include:
- password-based authentication
- password reset flows
- email verification where applicable
- temporary login throttling after repeated failed sign-in attempts
- authenticated access requirements on protected routes such as admin, billing, and operational pages
Parcel Pilot also records selected authentication events, including successful and failed sign-ins, sign-outs, and temporary login lockouts.
Role-based access and tenant isolation
Parcel Pilot uses role-based permissions and application-level access checks.
Access to administrative and protected functions is limited by the current user's role and, where relevant, by tenant or client context.
Parcel Pilot is a multi-tenant platform. Access to operational data is scoped by tenant and, where relevant, by client. In practice, this helps limit users to the organisations and customer accounts they are authorised to access.
Where appropriate, users can also be locked to a specific client context.
Encryption in transit
Parcel Pilot's public service is delivered over HTTPS to help protect information transmitted between users, Parcel Pilot, and connected services.
Session and consent-related cookies are configured to support secure browser handling, including HTTP-only protections where appropriate and same-site controls intended to reduce cross-site abuse.
Like any internet-connected service, no method of transmission or network storage is completely risk-free.
Encryption at rest and secret management
Parcel Pilot protects several categories of application-managed secrets at rest where they need to remain recoverable by the application.
This includes:
- encrypted ecommerce and marketplace integration credentials
- encrypted accounting integration credentials and refresh-token fields
- encrypted carrier credential payloads
- encrypted outbound webhook secrets
- encrypted public-access token material where a separate lookup value is used
- hashed user passwords
Ecommerce, marketplace, accounting, and carrier credentials managed by Parcel Pilot are encrypted at rest where they need to remain recoverable by the application. User passwords are hashed rather than encrypted.
Where secure lookup is required, Parcel Pilot uses patterns such as hashing or separating lookup identifiers from protected secret values.
This overview does not claim that every database field, file, or infrastructure disk is encrypted at rest in every environment.
Password security
User passwords are hashed at rest.
Password rules enforced by the application require:
- a minimum length of 12 characters
- mixed case
- numbers
- symbols
- compromised-password screening through Laravel's password rule support
Login attempts are rate limited to reduce repeated password-guessing attempts.
Parcel Pilot does not currently require multi-factor authentication for every user account, and it does not universally enforce password expiry or scheduled password rotation.
Audit logging
Parcel Pilot includes structured audit logging for selected authentication, administrative, and operational events.
Audit records can include tenant, client, actor, request, IP, and user-agent metadata where relevant to the event being recorded.
Secret-bearing fields are redacted before data is written to the audit trail.
Integration activity is also tracked separately for inbound and outbound processing. These records store metadata and payload hashes rather than full raw payload copies by default.
File and document security
Client Discovery documents are stored outside the publicly accessible web directory and are delivered through controlled application routes.
Backups and recovery
Parcel Pilot maintains backup and recovery procedures intended to support service restoration and continuity.
Backup retention and recovery arrangements may vary by environment and service configuration.
This overview does not publish exact backup frequencies, restore-time targets, recovery-point targets, or service continuity guarantees.
Data retention and deletion
Parcel Pilot includes retention and deletion support for different data types and workflows.
Examples include:
- order anonymisation workflows
- scheduled deletion workflows
- targeted redaction for retained Amazon recipient personal data
- consent-cookie expiry controls
- protected lookup patterns for selected public-access workflows
Retention periods and deletion timing can vary depending on the feature, customer workflow, legal obligations, and service configuration.
Customers remain responsible for applying appropriate retention policies to the data they place into the platform and for meeting their own legal obligations.
Privacy and data protection
Parcel Pilot supports privacy-related workflows and customer data-management processes across the service.
This includes:
- controller and processor responsibilities depending on the service context
- Shopify GDPR webhook handling
- retention and deletion support for relevant workflows
- consent-gated public analytics on marketing and other public layouts
- tokenised public workflows that use protected lookup patterns
For more detail, see our Privacy Policy and Cookie Policy.
Infrastructure and hosting
Parcel Pilot's primary production application is currently hosted on dedicated infrastructure in the United Kingdom.
Some specialist service providers and customer-selected integrations may process information in other locations where required to provide their services or where chosen by the customer.
While our current production hosting is UK-based, we do not guarantee that every present or future deployment or every third-party provider will process data exclusively within the United Kingdom.
Third-party providers
Parcel Pilot uses selected third-party providers to support areas such as hosting, billing, email delivery, analytics, and integration connectivity.
These providers are distinct from customer-selected connected services that a customer may choose to enable as part of their own commerce, carrier, accounting, or operational workflows.
For more detail, see our Subprocessors page.
Responsible disclosure
Security concerns can currently be reported to support@parcelpilot.co.uk. We review credible reports and take appropriate action based on their nature and severity.
Security contact
Security questions or reports can be sent to support@parcelpilot.co.uk.
Document information
- Document: Security Overview
- Owner: InsideOut Ideas Limited
- Applies to: Parcel Pilot website and software platform
- Jurisdiction: England and Wales
- Last reviewed: 14 July 2026