Chain-of-custody documentation only works if the chain is unbroken. Here's how we protect it.
All traffic encrypted in transit via TLS 1.3. No exceptions ā from first login to PDF download.
All data stored encrypted via Supabase (AES-256). Photos, shipment data, and user records.
Admins, handlers, viewers ā each role sees only what it needs. Enforced at the database level with row-level security.
64-character random tokens. Expiry and revocation supported. No login required for viewers, no sensitive data exposed.
GDPR-compliant. All data stored in EU data centers (Supabase EU region). No data leaves the EU.
Every action logged with timestamp, user, and context. Immutable once recorded. Available for insurance and legal use.
Once a project is marked complete, the chain of custody is permanently locked. No step can be edited, deleted, or backdated. Every record shows the exact timestamp it was created ā not when it was approved.
This is intentional. The value of chain-of-custody documentation comes from its inability to be altered after the fact.
ArtShipLink is operated by LUXEE Tech OĆ, an Estonian company. All data is stored in EU data centers and processed under GDPR. You control your data ā request export or deletion at any time.