Compliance
Regulatory work.
A load-bearing feature.
Every cargo class we move carries its own compliance contract. The Compliance Agent reviews every dispatch candidate; failures emit signed events that auditors can replay.
Regulatory work.
Eight frameworks
Every framework anyone has asked us about.
From the rideshare frameworks every carrier expects to the industry-specific ones (DSCSA for prescriptions, FSMA for perishable food) — we treat each as a contract, not a checkbox.
SOC 2 Type II
Audit in flightDrata-managed continuous evidence collection through 2026-Q4 audit period. Auditor: Prescient Assurance. Report available to enterprise tenants under NDA.
PCI DSS 4.0
Tokenization scopeWe never touch PAN. Payments flow through Garden + Stripe; we hold a tenantRef + paymentRef only. SAQ A applies.
GDPR + UK-GDPR
CompliantData minimization at the SDK + service layer. 30-day deletion SLA. DPIA on file. EU + UK operations via Cloudflare regional data residency.
CCPA / CPRA
Compliant'Do Not Sell' honored at the platform layer (we don't sell). Right-to-know + right-to-delete via privacy@l1fe.ai.
PIPL
CompliantSeparate Cloudflare CN cluster + Chinese-resident data localization for CN cities (on launch).
HIPAA
BAA availablePrescription cargo class triggers HIPAA-eligible flow: chain-of-custody signatures, encrypted-at-rest with separate keys per tenant.
DSCSA
Compliant for RxTI / TS / TH chain-of-custody on every prescription delivery; custody-break event triggers SEV-1 if the chain is broken.
FSMA 204
Compliant for foodCold-chain temperature logs signed every 60s during transit; lot-event traceability surfaced on every food delivery receipt.
Seven years of receipts
Every event,
archived in order.
The audit chain is yours to walk. Pull any envelope by ID, replay any incident hour by hour. We don't summarize — we hand you the bytes.
How compliance plugs into dispatch
Eligibility resolved before assignment.
The Compliance Agent evaluates every candidate (driver, vehicle, cargo, city) before assignment. It checks driver record, vehicle inspection + insurance expiry, cargo and temperature class, city permits, and active pauses.
A rejection surfaces to the tenant as COMPLIANCE_BLOCKED (HTTP 422) with the rule that tripped — never PII about the driver or vehicle. The dispatch engine never sees identifying details for a rejected candidate.
Contact compliance@l1fe.ai or use the form on /contact.
Audits + reports
The reports auditors actually need.
Enterprise tenants can request our SOC 2 Type II report (under NDA), the DSCSA chain for any prescription, the FSMA lot-event chain for any food delivery, and the HIPAA BAA template for medical-courier integrations.