Last Updated: January 2026
At SalesAssist (“SA”), the security of our users, dealer clients, and platform infrastructure is a top priority. This Security Policy describes the safeguards we have implemented to protect the data entrusted to us, prevent unauthorized access, and ensure the integrity and availability of our systems. This Security Policy applies to our website, applications, products, and services (collectively, the “SA Offerings”). As used in this Security Policy, “SA,” “us,” and “we” refer to the SalesAssist Offerings developed by Shipload, Inc. and its affiliate.
By using SA Offerings, you acknowledge and agree to the practices described in this Security Policy. Our security posture is designed not only to protect the information of our users and clients but also to project the level of trust necessary for our partners who may grant us access to their systems and APIs.
SA uses appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of the data we collect, process, and store.
All data transmitted between users and our servers is encrypted using industry-standard Transport Layer Security (TLS). Internal service communications are additionally secured where applicable with mutual TLS (mTLS) protocols. Customer data stored at rest within our databases is encrypted using Advanced Encryption Standard (AES) with 256-bit keys, and encryption keys are managed securely using cloud-native Key Management Services (KMS) with strict access controls and regular key rotations.
We enforce strong authentication practices across our systems. Administrative access requires Multi-Factor Authentication (MFA) and is limited to authorized personnel based on the Principle of Least Privilege (PoLP). We encourage customers to adopt MFA and maintain strong password hygiene as part of their access controls.
Our platform follows a logical segregation of customer data to prevent unauthorized cross-tenant access. Data is segmented at the application and database layers to ensure customer environments remain distinct.
SalesAssist is hosted on leading cloud service providers that maintain recognized security certifications, including but not limited to SOC 2 Type II, ISO 27001, and PCI-DSS. Our cloud providers offer comprehensive physical security at their data centers, including multi-factor access control systems, 24/7 surveillance, and redundant disaster recovery infrastructure.
We employ network segmentation, virtual private cloud (VPC) architectures, and firewall rules to minimize exposure to the public internet. Access to production environments is granted on a need-to-know basis only, requires MFA, and is logged for auditability.
Monitoring of infrastructure and applications is conducted continuously using automated alerting and real-time threat detection mechanisms. All critical system events, access logs, and security-related activities are collected centrally and retained in immutable logs for auditing and incident investigation.
All employee devices accessing production or sensitive environments are required to meet strict endpoint protection standards, including full-disk encryption, current patching, endpoint detection and response (EDR) capabilities, and access controls.
At SA, security is embedded into our Software Development Lifecycle (SDLC) through a Secure Software Development Lifecycle (SSDLC) framework. Our engineers adhere to secure coding practices based on industry standards such as OWASP Top 10 and regularly undergo security training.
Code changes are subjected to peer reviews, static application security testing (SAST), dynamic application security testing (DAST), and third-party dependency scanning for vulnerabilities. We conduct regular penetration tests, both internally and through independent third-party firms, to proactively identify and remediate potential security issues.
Our APIs are secured through token-based authentication, OAuth 2.0, and access scoping. Any external integrations with dealer CRM systems, DMS platforms, or third-party services are established through secure, auditable APIs with minimum privilege access configurations.
We maintain a comprehensive Incident Response Plan (IRP) designed to detect, assess, respond to, and recover from security incidents swiftly and effectively. The IRP establishes escalation procedures, roles and responsibilities, communication guidelines, and post-incident review protocols.
In the event of a security breach involving customer information, we will notify affected clients in accordance with applicable data breach notification laws. Notifications will include a description of the nature of the breach, the types of data impacted, mitigation measures taken, and any recommended client actions.
We continuously review and test our incident response capabilities to ensure readiness and resilience in a dynamic threat landscape.
We are committed to protecting personal and organizational data in compliance with applicable laws and standards. SA complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data privacy regulations where applicable.
Privacy by Design principles are incorporated into the development and operation of our products and services. We only process customer data as instructed by our clients and pursuant to applicable agreements and data processing addenda (DPAs).
Customers maintain the ability to access, correct, delete, or export their data, subject to applicable legal requirements and the provisions of our contractual agreements.
SalesAssist maintains comprehensive Business Continuity and Disaster Recovery (BC/DR) plans to ensure resilience and service availability. Our systems are architected for high availability, incorporating redundant infrastructure, automatic failover mechanisms, and geo-distributed backups.
Critical customer and platform data are backed up daily, encrypted in transit and at rest, and stored across multiple secure locations. Backup integrity tests are conducted periodically to ensure recoverability in the event of an incident.
In the case of major service disruptions, our DR plans enable the recovery of critical business operations within targeted recovery time objectives (RTOs) and recovery point objectives (RPOs).
We assess the security posture of all vendors and third-party service providers who may have access to customer or platform data prior to engagement. Contracts with such parties require compliance with confidentiality, security, and data protection obligations.
Periodic reviews of critical vendors are conducted to monitor ongoing compliance. Third-party security certifications, audit reports, and practices are evaluated as part of our vendor management program.
Security is not a static goal at SA — it is a continuous commitment. Our security practices are reviewed and updated on an ongoing basis to align with evolving industry standards, technological advancements, emerging threats, and regulatory changes.
We invest in regular employee training programs to build a culture of security awareness across all teams. Independent third-party audits and assessments are conducted periodically to validate our security controls and identify opportunities for enhancement.
While SalesAssist takes security seriously, customers also play a role in protecting their data. We encourage all users to:
If you have any questions about this Security Policy, would like more information about our security practices, or need to report a security concern, please contact us at: help@salesassist.io