Security
Chain-of-custody documentation only works if the chain is unbroken. Here's how we protect it.
All traffic encrypted in transit via TLS 1.3. No exceptions — from first login to PDF download.
All data stored encrypted via Supabase (AES-256). Photos, shipment data, and user records.
Admins, handlers, viewers — each sees only what they need. Enforced at the database level.
64-character random tokens. Expiry and revocation supported. No login required, no sensitive data exposed.
GDPR-compliant. All data stored in EU data centers (Supabase EU region). No data leaves the EU.
Every action logged with timestamp, user, and context. Immutable once recorded.
Principle
Once a shipment is marked complete, the chain of custody is permanently locked. No step can be edited, deleted, or backdated. Every record shows the exact timestamp it was created — not when it was approved.
This is intentional. The value of chain-of-custody documentation comes from its inability to be altered after the fact.
Compliance
ArtShipLink is operated by LUXEE Tech OÜ, an Estonian company. All data is stored in EU data centers and processed under GDPR. You control your data — request export or deletion at any time.