Data security at EcoFreight
How we handle and protect your data.
Encryption
All API traffic is encrypted with TLS 1.3. We do not support unencrypted HTTP connections. Data at rest is encrypted using AES-256.
Authentication
API access requires a Bearer token. Tokens are scoped per project and can be rotated or revoked from your dashboard at any time. We support Google OAuth for account authentication.
Data handling
We collect only the data needed to calculate emissions: origin, destination, weight, and transport mode. We do not store shipment data beyond what is needed to return your calculation results.
Calculation history is retained for 30 days for authenticated users and is automatically deleted after that. You can delete your history at any time from the dashboard.
We do not sell, share, or provide your data to third parties.
Access controls
API keys are rate-limited per plan. All API requests are logged for abuse detection. We use reCAPTCHA v3 on the public calculator to prevent automated abuse.
Privacy compliance
We comply with GDPR and respect data subject rights including access, deletion, and portability. See our privacy policy for full details.
Infrastructure
The API runs on cloud infrastructure with automated deployments and health checks. Current uptime and incident history are available on our status page.
If you have security concerns or need to report a vulnerability, email security@ecofreight.co.