Enterprise-Grade Security, Built Into Every Layer
Fleetbase is designed with security and compliance at its core. From end-to-end encryption and granular access control to full audit logging and self-hosting options, your data is protected at every layer — and you remain in full control.
Security at Every Layer
Fleetbase implements defense-in-depth security across infrastructure, application, and data layers to protect your operations and your customers.
End-to-End Encryption
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Sensitive fields receive additional application-layer encryption.
Role-Based Access Control
Granular RBAC with custom roles and per-module permissions. Enforce least-privilege access across your entire organisation.
Multi-Factor Authentication
MFA support for all user accounts. Enforce MFA organisation-wide to prevent unauthorised access.
Comprehensive Audit Logs
Every action taken in the platform is logged with timestamp, user, IP address, and full context for compliance and forensic review.
API Security
Scoped API keys with expiry dates, HMAC webhook signature verification, and rate limiting on all endpoints.
Self-Hosting Option
Deploy Fleetbase on your own infrastructure for complete data sovereignty. No data ever leaves your environment.
Your Data is Yours. Always.
Fleetbase gives you complete control over your data. Whether you choose Fleetbase Cloud or self-host on your own infrastructure, you decide where your data lives, how long it is retained, and who can access it. We never sell or share your data with third parties.
Granular Access Control for Every Team
Fleetbase's role-based access control system lets you define exactly what each team member can see and do. Create custom roles with per-module, per-resource permissions and enforce least-privilege access across your entire organisation.
Custom Roles
Create unlimited custom roles tailored to your organisational structure and workflows.
Granular Permissions
Control access at the module, resource, and action level — read, create, update, delete.
Multi-Factor Authentication
Enforce MFA for all users or specific roles to prevent unauthorised account access.
Session Management
View and revoke active sessions. Set session timeout policies for sensitive environments.
Complete Audit Trail for Every Action
Every action taken in Fleetbase is logged with a full audit trail — who did what, when, from where, and what changed. This gives you the visibility needed for compliance audits, security investigations, and operational accountability.
Compliance Coverage
Fleetbase is designed to help you meet your regulatory and compliance obligations across major frameworks.
GDPR
CompliantFull data subject rights, DPAs available, configurable retention policies
SOC 2 Type II
In ProgressControls designed to meet Trust Service Criteria; certification in progress
ISO 27001
InfrastructureHosted on ISO 27001-certified infrastructure with certified cloud providers
PCI DSS
ScopedPayment processing delegated to PCI-certified payment gateways; no card data stored
CCPA
CompliantCalifornia Consumer Privacy Act compliance with data access and deletion support
HIPAA
On RequestBAAs available for healthcare logistics customers on Enterprise plans
Enterprise customers can request detailed compliance documentation and security questionnaire responses.
Maximum Security Through Self-Hosting
For organisations with strict data residency, regulatory, or security requirements, Fleetbase can be deployed entirely on your own infrastructure. As a fully open-source platform, you can audit every line of code and ensure your data never leaves your environment.
Responsible Disclosure
We take security seriously and welcome responsible disclosure of vulnerabilities. If you discover a security issue in Fleetbase, please report it to our security team. We commit to acknowledging reports within 24 hours and providing regular updates on remediation progress.
Our Security Response Process
Frequently Asked Questions
Common questions about Fleetbase security and compliance.