Go Logistics Inc – Data Security Policy

Effective Date: August 15, 2025
Last Updated: August 15, 2025
 

Company Information:
Go Logistics Inc
2770 Plymouth Dr
Oakville, Ontario, Canada
Website: gologistics.net
Phone: +1 (905) 813-2188

1. Purpose

Go Logistics Inc is committed to safeguarding the confidentiality, integrity, and availability of all data entrusted to us. This policy outlines the measures we take to protect personal information, operational data, and sensitive client records in accordance with:

  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • Canada’s Anti-Spam Legislation (CASL)
  • Applicable provincial privacy laws
  • International regulations for clients outside Canada, such as GDPR

As a logistics solutions provider, we understand the importance of protecting shipment data, customer records, and operational tracking information against loss, misuse, and unauthorized access.

 

2. Scope

This policy applies to all Go Logistics Inc employees, contractors, systems, applications, and third-party service providers that store, process, or transmit company, client, or employee data.

Covered data types include:

  • Personal Information (as defined by PIPEDA)
  • Shipment and Delivery Records
  • Operational and Tracking Data
  • Employee and Contractor Information

3. Data Hosting and Storage

  • All company data is hosted on Microsoft Azure cloud infrastructure in the United States, with data centers certified to ISO 27001, SOC 1/2/3, and FedRAMP standards.
  • Azure facilities implement multi-layered physical security, including biometric access, CCTV surveillance, and on-site security staff.
  • No operational or customer data is stored on personal devices or unapproved systems.
  • Data collection follows data minimization principles — we only collect what is necessary for operations.

4. Backup and Monitoring

  • Full backups: weekly
  • Differential backups: every 12–24 hours
  • Transaction log backups: approximately every 10 minutes
  • Backups are encrypted and stored in geographically redundant locations.
  • Audit logs track all activity on production systems.
  • Continuous system and security monitoring is conducted by internal teams.

5. Failover and Disaster Recovery

  • Redundant infrastructure ensures service continuity in case of a system failure.
  • A Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) are in place and tested annually.
  • Critical logistics operations are prioritized for rapid restoration in the event of an incident.

6. Access Management

  • Principle of Least Privilege (PoLP) applied to all accounts.
  • Only authorized database administrators can access production customer data.
  • Access rights are reviewed quarterly and revoked immediately when no longer required.
  • All privileged access is logged and monitored.

7. Secure Software Development

  • All code changes undergo security and privacy assessments prior to deployment.
  • Code is maintained in secure version control and tested in a staging environment before release.
  • Peer code reviews are mandatory.
  • Development follows OWASP best practices to prevent vulnerabilities.

8. Data Encryption

  • In Transit: Data transmissions use TLS 1.2+ encryption.
  • At Rest: Stored data is encrypted using AES-256 encryption.
  • Encryption keys are managed securely and rotated regularly.

9. Authentication and Access Controls

  • Two-Factor Authentication (2FA) is required for all privileged accounts.
  • Single Sign-On (SSO) is available for enterprise-level integrations.
  • Passwords meet complexity standards and are stored using secure hashing algorithms (bcrypt/argon2).

     

10. Employee Training and Awareness

  • All employees complete annual data security and privacy training.
  • Special training is required for staff with elevated access privileges.
  • Employees sign confidentiality and acceptable use agreements on hire and annually thereafter.

11. Third-Party Data Sharing

  • Data is shared only when necessary for service delivery and under Data Processing Agreements (DPAs).
  • All third-party providers must meet Go Logistics Inc’s security standards.
  • No customer data is sold or shared for advertising purposes.

 

12. Data Retention and Deletion

  • Data is retained only as long as necessary for operational or legal purposes.
  • Upon written request, customer data will be securely deleted from all systems within 5 business days, unless retention is legally required.
  • Data destruction follows DoD 5220.22-M or equivalent secure erasure standards.

     

13. Incident Response and Breach Notification

  • All suspected or confirmed security incidents must be reported immediately to the Vice President of Information Technology (VP of IT).
  • Security notifications should be sent to [email protected] and [email protected].
  • Go Logistics Inc maintains an Incident Response Plan to investigate, contain, and resolve breaches.
  • If a breach involving personal information occurs, affected individuals and the Office of the Privacy Commissioner of Canada will be notified in compliance with PIPEDA breach reporting requirements.

     

14. Compliance and Review

    • This policy is reviewed annually or when significant changes occur to operations, regulations, or systems.
    • Internal and external audits may be conducted to verify compliance.

       

15. Contact Information

Vice President of Information Technology – Go Logistics Inc
2770 Plymouth Dr, Oakville, Ontario, Canada
Website: gologistics.net
Email (Security Notifications): [email protected], [email protected]
Phone: +1 (905) 813-2188