SECURITY & COMPLIANCE
Carriyo is built for businesses that cannot afford downtime, data loss, or compliance gaps. Our platform runs on a resilient, globally distributed architecture with zero unplanned downtime in six years -- processing billions of dollars in shipments for some of the world's most demanding brands.
99.99%
Uptime SLA
6+ Years
Zero unplanned downtime
$5B+
In goods shipped securely
50M+
Shipments processed
CERTIFICATIONS & COMPLIANCE
Carriyo is ISO 27001:2022 certified. Our Information Security Management System (ISMS) covers all aspects of the platform, from infrastructure and code to people and processes.
Our security practices are aligned with SOC 2 Trust Service Criteria across security, availability, and confidentiality. Audit reports are available under NDA.
Carriyo processes personal data in compliance with GDPR. We offer Data Processing Agreements (DPAs), support data subject requests, and maintain records of processing activities.
Carriyo does not store, process, or transmit cardholder data. Our architecture is designed to remain outside PCI scope while integrating with payment-aware systems.
INFRASTRUCTURE
Deployed across multiple availability zones with automatic failover. Operations continue uninterrupted even when entire cloud regions experience outages.
Active-active disaster recovery across geographically separated regions. RPO measured in seconds, RTO measured in minutes. Tested quarterly with full failover drills.
Auto-scaling architecture handles peak season surges without manual intervention. From Black Friday to Ramadan -- the platform scales with demand while maintaining consistent performance.
All data encrypted at rest (AES-256) and in transit (TLS 1.2+). Database-level encryption, encrypted backups, and secure key management through cloud-native KMS.
Web application firewalls, DDoS protection, intrusion detection systems, and IP-based access controls. All API traffic authenticated and rate-limited.
24/7 infrastructure monitoring with automated alerting. Defined incident response procedures with escalation paths, post-incident reviews, and customer communication protocols.
ACCESS & IDENTITY
POLICIES & DOCUMENTATION
Our comprehensive security policy covering data protection, access controls, and incident response.
Read policy →How we collect, use, and protect personal data in compliance with GDPR and regional regulations.
Read policy →Our terms of service governing the use of the Carriyo platform and related services.
Read policy →We are happy to walk through our security architecture, share audit reports under NDA, or complete your vendor security assessment.