Wove Security & Trust Center
At Wove, security, privacy, and reliability are foundational to our mission. We build AI-powered automation for freight forwarders, customs brokers, and 3PLs — and we protect the sensitive logistics and trade data our customers entrust to us with industry-leading security practices.
Platform Overview
Wove is an AI-driven automation platform that integrates directly with systems like CargoWise to streamline document processing, quoting workflows, and operational data entry.
We process a wide range of logistics and trade documentation, including:
Data Protection
Encryption
We use industry-standard encryption across the entire platform:
- •Data at rest: AES-256 encryption (AWS KMS)
- •Application-layer encryption: AES-256 with unique IVs per record
- •Data in transit: TLS 1.3 enforced for all communications
- •Backup encryption: AES-256 encrypted backups managed through AWS KMS
Data Residency
- •Hosted in AWS us-east-2 (Ohio, USA)
- •Customer data is logically isolated with tenant-specific keys
- •No cross-border transfers unless contractually required
- •Customer data deletion available upon request
Infrastructure Security
Cloud Architecture
Wove is built on top of AWS's SOC 2 Type II certified infrastructure, using:
- •Amazon Aurora PostgreSQL 16.8
- •Multi-AZ regional clusters for high availability
- •Private VPC networking with strict Security Groups and ACLs
- •Cloudflare WAF, DDoS protection, and CDN
Threat Detection & Monitoring
- •AWS GuardDuty for continuous threat detection
- •Performance Insights & Enhanced Monitoring
- •Centralized audit logging with real-time alerts
Application Security
- •Secure code review for all deployments
- •Automated security scanning in CI/CD
- •Dependency vulnerability scanning
- •Credentials stored exclusively in AWS Secrets Manager
- •Extensive audit logging for application and system events
Access Control
Authentication
- •SSO via Microsoft Entra ID (Azure AD) and Google Workspace
- •OAuth 2.0 secure authentication
- •Support for customer-enforced MFA, conditional access, and identity governance
- •No shared credentials
Authorization
- •Granular Role-Based Access Control (RBAC)
- •Strict least-privilege access
- •Full auditability of user actions and permission changes
CargoWise Integration Security
We integrate with CargoWise via eAdaptor and protect customer credentials and data through:
- •AES-256 encrypted credential storage (AWS Secrets Manager)
- •TLS 1.2+ secure connections
- •Minimal-permission design
- •Support for credential rotation without downtime
- •Logging of all CargoWise API activity
AI & Data Privacy
- •Customer data is never used to train Wove's AI models
- •Only required data fields are processed (data minimization)
- •Zero-retention agreements with AI providers
- •Fully transparent documentation of AI data flows
Compliance
| Framework | Status |
|---|---|
| SOC 2 Type I | In progress (Q1 2026 target via Vanta) |
| SOC 2 Type II | Planned after Type I |
| GDPR | Supported with DPAs |
| CCPA | Supported |
| C-TPAT | Architecture designed to support requirements |
Business Continuity & Disaster Recovery
- •Multi-AZ high-availability architecture
- •Automatic failover across AWS zones
- •Daily encrypted backups (30-day retention)
- •RTO < 4 hours, RPO < 1 hour
- •Documented incident response procedures
- •99.9% uptime target
Subprocessors & Key Vendors
| Vendor | Purpose | Certifications |
|---|---|---|
| Cloudflare | WAF, CDN, DDoS protection | SOC 2 Type II, ISO 27001 |
| Amazon Web Services | Cloud hosting | SOC 2, ISO 27001, FedRAMP |
| Anthropic | AI document processing | SOC 2 Type II |
| Microsoft Azure | Identity & OAuth SSO | SOC 2, ISO 27001 |
Security Contact
Security questions, vendor questionnaires, or disclosures:
Email: security@wove.com
Website: www.wove.com
We are happy to provide additional documentation upon request, including security questionnaires and architectural details.