Security and compliance

Your customs information is sensitive. That's why security is not an extra feature — it's the foundation of the entire platform.

SOC 2 Type II CertifiedActive

Compliance

Certifications and standards

We comply with the most demanding industry standards to protect your data.

Certified

SOC 2 Type II

Audited by an independent firm under the AICPA security, availability, and confidentiality principles.

Compliant

CCPA / State Privacy Laws

We comply with the California Consumer Privacy Act (CCPA) and applicable US state privacy laws.

Aligned

OWASP Top 10

Secure development aligned with OWASP Top 10. Regular vulnerability scans and penetration testing.

Protection

Security at every layer

Bank-grade encryption

TLS 1.3 for data in transit. AES-256 for data at rest. Encryption keys automatically rotated.

Access control (RBAC)

Granular role-based permissions: administrator, operator, auditor, client. Each user only accesses what they need.

Audit logs

Immutable record of every action: who did what, when, and from where. Exportable for external audits and SOC 2.

Data isolation

Each organization has its data completely isolated at the database level. No data crossover between accounts.

Automatic backups

Daily backups with 30-day retention. Incremental backups every hour. Restoration available in less than 4 hours.

Secure authentication

MFA available for all users. Sessions with automatic expiration. Lockout after failed attempts.

Data

Responsible data handling

Your customs data is confidential. Here's how we protect it.

Data residency

Data stored in AWS US East with failover in Mexico. We comply with data residency requirements for customs operations.

Retention and deletion

Data retained for the duration of the contract plus the regulatory period. Verifiable secure deletion at the end of service.

Incident response

Documented incident response plan. Client notification within 72 hours. Public post-mortem for major incidents.

Commitment

Our guarantees

We never sell, share, or use your data to train AI models without your explicit consent.

Your customs documents (invoices, customs entries, value declarations) are confidential and encrypted at all times.

Every Camtom employee signs a confidentiality agreement and undergoes background checks.

We conduct annual penetration testing with independent security firms.

We publish an annual transparency report with incident and uptime statistics.

Any security incident is reported to affected clients within 72 hours.

Infrastructure

Powered by AWS

Infrastructure designed for high availability, scalability, and resilience.

Cloud providerAmazon Web Services (AWS)

Active regionsUS East (Virginia) + Mexico (failover)

Uptime SLA99.9% guaranteed

Monitoring24/7 with automatic alerts

WAFAWS WAF + rate limiting + geo-blocking

DDoSAWS Shield Standard

Security scansAutomated + annual pentesting

Encryption at restAES-256 (AWS KMS)

Encryption in transitTLS 1.3 (HSTS enabled)

BackupsDaily + incremental every hour

Found a vulnerability?

If you identify a security issue on our platform, please report it responsibly. We respond within 24 hours.

seguridad@camtomx.com

Questions about security?

Our team is available to answer any questions about your data protection and our SOC 2 compliance.

Schedule a call→