Data protection
Carriyo encrypts all tenant data at rest and in transit. Keys are managed by the cloud provider's key management service.
Encryption in transit
All public endpoints accept TLS only. See Network for the supported TLS configuration.
Encryption at rest
All tenant data is encrypted at rest using industry-standard symmetric encryption. Keys are managed by the cloud provider's key management service. Access to those keys is tightly scoped and audited.
Backups
Carriyo maintains regular automated backups of all tenant data. Backups are encrypted in transit and at rest, retained for a defined period, and tested periodically to confirm they can be restored.
Data retention
| Data type | Retention |
|---|---|
| Tenant operational data | Retained for the duration of the active customer relationship. |
| Audit logs | Retained in accordance with regulatory and contractual requirements. |
| Webhook delivery records | Retained for a bounded operational window. |
Data residency
Carriyo's primary production environment runs in AWS Ireland (eu-west-1), with multi-AZ deployment for resilience and high availability. All tenant data stays within that region. Per-tenant region pinning is not available; the EU boundary is a platform-wide commitment, not a per-account configuration. Customers who need multi-region resilience for disaster-recovery purposes can enable a global DR deployment, contact your account team to discuss.
Data deletion
On tenant offboarding, Carriyo runs a defined deletion process covering tenant operational data, derived artifacts, and tenant-scoped records. Carriyo confirms completion when the process finishes.
For per-customer anonymization in response to a GDPR right-to-erasure request, see Data redaction, a surgical operation on a single order rather than a tenant-level deletion.