How GoodShip Protects Your Freight Data
%20.png)
GoodShip is independently audited and SOC 2 Type II certified. We've built enterprise-grade security into every part of our platform.
Freight procurement involves some of the most sensitive operational data a company holds — carrier pricing, shipping volumes, lane strategies, and supplier relationships. When you run an RFP or optimize procurement through a third-party platform, you're trusting that platform with information that could materially affect your business if it were exposed.
This post explains exactly how GoodShip handles that responsibility.
We are SOC 2 Type II certified
.png)
GoodShip has completed an independent SOC 2 Type II examination, audited by Advantage Partners (Seattle, WA). The audit returned an unqualified opinion with no exceptions noted.
SOC 2 Type II is the most rigorous of the SOC certifications. Unlike Type I — which evaluates whether controls are designed correctly at a single point in time — Type II tests whether those controls actually operated effectively over a sustained period. An unqualified opinion means our auditors found no gaps.
The full report is available to customers and prospective customers on request.
What we protect
GoodShip handles four categories of data, each with defined handling requirements:
Customer data — the freight data, operating data, and any PII you share with us for processing. This is held to the highest standards of integrity, confidentiality, and availability.
Company data — internal operational data including contracts and employee information.
Internal data — approved for internal use only, protected from external access.
Public data — information we've deliberately made available, like this post.
Customer data never crosses into any other category. Access is strictly controlled, logged, and reviewed.
How we protect it
1. Encryption everywhere
2. Access control and authentication
3. Continuous monitoring and intrusion detection
4. Vulnerability management
5. Network segmentation
6. Change management
How to verify this
You don't have to take our word for it. The complete SOC 2 Type II report — including the full auditor's report, description of controls, and testing results — is available upon request to customers, prospective customers, and business partners.
