Your shipments move fast. Your data moves secured.

Separate admin & customer authentication

Admin sessions and customer sessions use independent JWT secrets and cookie namespaces. A compromised customer account cannot see admin data.

Token-version revocation (no Redis dependency)

Every admin JWT carries a token_version claim. Force-logout or auto-revoke increments the claim → all existing tokens (access + refresh) fail on next request.

Impossible-travel detection

Sign-ins from different countries within 60 minutes trigger automatic session revocation and admin-wide email alert. Private/reserved IPs skipped to avoid false positives.

Device fingerprint history

Last 20 admin sessions per staff member with User-Agent parser output: browser, OS, device type, IP, timestamp. Surfaced in the admin panel for senior review.

Password rotation & strength policy

Admins forced to change passwords every 120 days. bcrypt hashing with work factor 12. Reset tokens are single-use, expire in 1 hour, and rate-limited per IP.

Audit log for all financial changes

Every change to markup, zone rates, discounts, or airline freight is logged with the admin's identity, the previous & new values, and an optional reason.

Encrypted off-site backups

Nightly gzipped JSON dump of every non-excluded MongoDB collection, encrypted and replicated to S3. Backup history visible in admin panel with status, size, and duration.

Real-time anomaly detection on funnel metrics

Statistical outliers in quote conversion, payment success rate, or user velocity automatically alert admins. Separates 'the data is weird' from 'something is broken'.