Trust & Privacy – How We Keep Your Shipment Data Private

// Data residency

WHERE THE DATA LIVES

Marapone is based in Toronto and Rome. We do the build work from those offices. The system itself runs wherever you want it: on your laptop, on a server in your office, or in your cloud tenant.

CANADA

Toronto residency

Default for Canadian brokers. PIPEDA-aligned defaults.

EU

Rome / EU residency

Default for European clients. GDPR-resident processing.

YOUR PREMISES

On-prem / private cloud

Documents never leave your infrastructure. Air-gap supported.

// What never happens to your docs

FOUR THINGS WE WILL NOT DO.

NEVER 01

No third-party LLM API calls

Your invoices, BOLs, and customs declarations never get sent to OpenAI, Anthropic, Google, or any external LLM provider. The models run locally on hardware you control.

NEVER 02

No model training on your data

If we fine-tune an extractor for your carrier mix, the resulting weights belong to you and stay on your hardware. We don't aggregate them into a shared model.

NEVER 03

No cloud data lake

There is no Marapone "central database" of your shipments. We don't have a tenant we put you in. We hand over the system; the system runs in your environment.

NEVER 04

No cross-client data sharing

What we learned building for one broker never shows up in another broker's system. Each build is a separate codebase, separate weights, separate everything.

// Compliance posture

THE PAPERWORK SIDE

NDAs standard

Mutual NDA on the first call if you'd like one. Customer-data-specific NDAs available before any build starts.

Audit trail

Every model query, every document touched, every response is logged with a timestamp and the user. Searchable. Exportable.

Retention policy

You set the retention windows per document class — invoices 7 years for tax, customs entries by your jurisdiction's rules. We don't.

Deletion on demand

A single command (or UI button) wipes a shipper or carrier's documents, embeddings, and any client-specific fine-tuned weights from the system.

// Logistics-specific

GDPR & CUSTOMS DATA HANDLING

EU-resident processing

For European clients, the entire stack runs in the EU — typically your existing AWS Frankfurt or Azure West Europe tenant, or our Rome data residency option. No personal data crosses to non-adequate jurisdictions.

Customs data per CBSA / CBP / EU rules

CBSA CARM data, CBP ACE entries, and EU NCTS declarations are processed in compliance with each agency's data-handling expectations. We don't file on your behalf — we read what you've already filed and help you reason about it.

Multi-jurisdictional considerations

Trans-Atlantic brokers commonly need data segmented by jurisdiction. We support per-region namespacing in the vector store so EU shipments stay on the EU node and North-American shipments stay on the NA node, with no cross-replication unless you ask for it.

// Deployment security defaults

WHAT'S ON BY DEFAULT, PER DEPLOYMENT

	Laptop	On-prem server	Your cloud
Encryption at rest	FileVault / LUKS	LUKS / BitLocker	AWS KMS / Azure Disk
Network exposure	localhost only	LAN + VPN	Private VPC
Access control	OS user	SSO + role	SSO + IAM + role
Outbound calls	None	None	None

// Your side of the line

CUSTOMER RESPONSIBILITY CHECKLIST

We secure the system as we ship it. The following stay on your side:

01Patch the host OS on the same cadence you patch your other servers.
02Manage user provisioning + de-provisioning through your existing identity provider.
03Maintain backups according to your data-retention policy (we ship a backup runbook).
04Restrict physical access to the on-prem server (if applicable).
05Tell us if you change identity providers or move clouds — we'll help you migrate.

// Need a security review pack?

SEND IT TO YOUR IT TEAM
BEFORE WE START.

We have a one-page security overview, an architecture diagram, and a draft NDA ready to send. No fluff, no marketing — your CISO and DPO will thank you.

Request the Security Pack → See the Architecture

HOW WE KEEP YOURDOCUMENTS PRIVATE.