Security

Enterprise-grade security built in, not bolted on

Greenlights WMS is designed from the ground up to protect your warehouse data. From encrypted connections to role-based access control, every layer of the platform is built with security as a first-class requirement.

256-bit

AES encryption

5

Role-based access levels

99.9%

Uptime SLA

24/7

Monitoring

How Greenlights protects your warehouse

A detailed look at the security controls embedded in every layer of the platform \u2014 from authentication to infrastructure.

Authentication & Identity

Every request to Greenlights is authenticated using industry-standard JSON Web Tokens (JWT) with automatic expiry. Passwords are never stored in plain text — we use bcrypt hashing with 12 computational rounds, making brute-force attacks computationally infeasible.

  • JWT-based session tokens with 8-hour automatic expiry
  • Bcrypt password hashing (12 rounds) — industry gold standard
  • Forced password change on first login for new accounts
  • Ambiguous error messages prevent username enumeration
  • Last-login tracking for anomaly detection

Role-Based Access Control (RBAC)

Greenlights enforces the principle of least privilege with a five-tier role hierarchy. Each API endpoint and WebSocket channel is protected by middleware that verifies both authentication and authorization before any data is returned.

  • Five granular roles: Admin, Warehouse Manager, Supervisor, Operator, Viewer
  • Endpoint-level permission enforcement on every API call
  • Room-based WebSocket access — operators only see their own tasks
  • Admin accounts protected from accidental deletion
  • Account deactivation instantly revokes all access

Data Protection & Encryption

Your warehouse data is protected at every layer. All connections are encrypted in transit using TLS 1.2+, and sensitive fields are cryptographically secured at rest. Database access is strictly parameterized to eliminate injection vulnerabilities.

  • TLS 1.2+ encryption for all data in transit
  • 100% parameterized SQL queries — zero string concatenation
  • Sensitive credentials stored as environment secrets, never in code
  • Password hashes excluded from all API responses
  • Foreign key constraints and CHECK rules enforce data integrity

API & Integration Security

Greenlights supports multiple secure integration methods for connecting your ERP, e-commerce, and logistics systems. Every inbound webhook is authenticated, and all integration events are logged for full traceability.

  • Four authentication methods: API Key, Basic Auth, OAuth 2.0, JWT
  • OAuth 2.0 Client Credentials flow with short-lived access tokens
  • Authenticated outbound webhooks with configurable headers
  • Full event audit trail for every inbound and outbound message
  • UUID and enum validation on all inputs prevents malformed data

Cloud Infrastructure & Network Isolation

Greenlights runs on containerized infrastructure with strict network segmentation. Internal services like the database and message queue are never exposed to the public internet, and each microservice operates in its own isolated process.

  • Docker containerization with isolated internal network
  • Database and Redis accessible only from internal services
  • Reverse proxy (Nginx) as the single public entry point
  • Health checks ensure service availability before routing traffic
  • Graceful shutdown handlers prevent data loss during deployments

Audit Logging & Traceability

Every significant action in Greenlights is recorded. Task status changes, operator assignments, integration events, and user modifications all generate immutable audit records, giving you full visibility into warehouse operations.

  • Task status audit logs with operator attribution and timestamps
  • Integration event logging with success/failure tracking
  • Automatic updated_at timestamps via database triggers
  • Optimistic locking (version field) prevents silent data overwrites
  • User last-login tracking for security monitoring

Concurrency & Data Integrity

Warehouse environments involve many simultaneous users updating tasks and inventory. Greenlights uses optimistic locking and database-level constraints to ensure that concurrent operations never result in lost updates or corrupted data.

  • Version-based optimistic locking on task status transitions
  • Database transactions with automatic rollback on failure
  • Strict state machine for task lifecycle (no invalid transitions)
  • CHECK constraints enforce non-negative inventory quantities
  • Unique constraints prevent duplicate records

Why a cloud-based WMS is more secure

On-premise servers require constant patching, monitoring, and physical security. A cloud WMS shifts that burden to specialized infrastructure \u2014 so your team can focus on running the warehouse.

Automatic Updates

Security patches and feature updates are deployed without downtime, so your warehouse is always running the latest protected version.

Geographic Redundancy

Data is replicated across availability zones, ensuring your warehouse operations continue even if an entire data center goes offline.

Scalable Performance

Cloud infrastructure scales with your operations. Whether you run one warehouse or twenty, performance stays consistent under peak loads.

Disaster Recovery

Automated database backups and point-in-time recovery mean your data can be restored to any moment, minimizing risk from outages or errors.

No On-Premise Maintenance

Eliminate the cost and complexity of managing servers, firewalls, and VPNs. Your IT team can focus on operations instead of infrastructure.

Compliance-Ready

Cloud hosting on SOC 2-aligned infrastructure provides the foundation for meeting regulatory requirements in warehousing and logistics.

Security FAQ

Common questions about how Greenlights keeps your warehouse data safe.

Where is my warehouse data stored?
Your data is stored in a PostgreSQL 16 database running on secure cloud infrastructure. All connections are encrypted, and the database is isolated from the public internet behind multiple network layers.
How are passwords protected?
Passwords are hashed using bcrypt with 12 computational rounds before storage. We never store plain-text passwords. Even our own team cannot retrieve your password — only reset it.
Can I control who sees what in the system?
Yes. Greenlights has five role levels (Admin, Warehouse Manager, Supervisor, Operator, Viewer), each with different permissions. Operators only see their assigned tasks, while managers get the full operational picture.
How do you protect against SQL injection?
Every database query uses parameterized statements. We never construct SQL through string concatenation, eliminating the most common class of web application vulnerabilities.
What happens if two people update the same task?
Greenlights uses optimistic locking with version numbers. If two users try to update the same task simultaneously, the second update is rejected and the user is prompted to refresh, preventing data conflicts.
How are third-party integrations secured?
We support four authentication methods for integrations: API Key, Basic Auth, OAuth 2.0, and JWT. Every integration event is logged with full audit trails, and credentials are stored as encrypted environment secrets.

Ready to secure your warehouse operations?

See how Greenlights keeps your inventory, tasks, and team data protected \u2014 without slowing down your operations.

Request a Demo