Technical Trust

High-Level Infrastructure Security

A robust, resilient architecture engineered for enterprise compliance, legal audit readiness, and continuous offline operations.

WasteSync architecture showing local app capture, encrypted local offline vault, and automatic cloud sync.
Encrypted local storage before cloud sync.

1. Data Protection & Encryption

  • Secure Local Vault: During outages, all ticket metadata sits encrypted in browser-isolated IndexedDB storage using AES-GCM (256-bit keys) derived via PBKDF2.
  • PII Masking: Driver names, license plates, and carrier credentials are encrypted at rest locally and masked on-screen by default.
  • Transit Security: All API traffic to government endpoints uses TLS 1.3 with strict Certificate Pinning.

2. Hosting & Data Residency

  • UK Data Residency: WasteSync infrastructure and backups are hosted in UK-based AWS and Google Cloud data centres (London regions only) to satisfy strict regulatory residency rules.
  • Direct Submissions: Queued tickets upload directly to Defra and SEPA API end points without third-party intermediary servers.

3. Audit Integrity & Logs

  • Tamper-Proof Audit: Every ticket entry generates a local cryptographic hash (SHA-256) chained to the preceding entry. Any post-hoc database manipulation breaks the hash chain, signaling an immediate audit warning.
  • Signed Logs: Every submission request is cryptographically signed by the local weighbridge terminal certificate, establishing non-repudiation.

4. Access & Device Handling

  • Shared Device Security: Kiosk profiles automatically wipe UI sessions after 5 minutes of operator inactivity. Encrypted local storage remains intact.
  • Device Loss Mitigation: Terminals are configured with unique hardware-based tokens. In case of tablet loss, admin consoles can instantly revoke device API keys.

Establish Enterprise Trust

Evaluate our local offline vault and security architecture in a 14-day shadow pilot.

Start Shadow Pilot