Built for enterprise trust.
Dragonfly moves high-value cargo for regulated industries β pharmacies, healthcare, corporate catering, government contracts. Here's how we protect every stakeholder on the platform.
$5M commercial insurance per delivery
Every order is covered from pickup to delivery against loss, theft, and damage. Coverage includes auto, cargo, and general liability. Certificate of insurance available to enterprise clients on request.
HIPAA-aware pharmacy & medical delivery
Chain-of-custody tracking, tamper-evident packaging protocols, delivery-to-patient-only options, and signed-receipt confirmation. We don't store PHI β the tracking metadata stays with the pharmacy's own system.
Stripe-grade payment infrastructure
PCI-DSS Level 1 processing via Stripe and Coinflow. We never touch raw card data β tokenized at the browser. Driver payouts run through Coinflow's KYB-verified rails with bank-grade encryption.
Vetted, trained, professional drivers
Every driver passes a Checkr background check (MVR + criminal). Onboarding includes white-glove delivery training, photo-verified uniform, and signed independent contractor agreement. Drivers rated every delivery β underperformers removed.
Audit-ready delivery logs
Every order has a complete trail: pickup timestamp, GPS route, delivery timestamp, recipient photo/signature. Exportable via dashboard for audit, reconciliation, or compliance review. Retained 7 years.
US data residency
All production data lives in US-based Supabase/Postgres clusters. Our stack (Vercel, Stripe, Supabase, Coinflow) is US-hosted. No cross-border data transfers by default. EU/CA residency available for enterprise tenants.
SOC 2 Type II on the roadmap
Dragonfly is actively preparing for SOC 2 Type II certification in 2026. Vanta-style continuous monitoring covering security, availability, and confidentiality. Target audit window: Q4 2026. Contact us for current controls mapping.
Government-ready
Dragonfly is SAM.gov registered and actively tracks 656 federal contracts. We're bidding on USPS Surface Transport ($5M) and DOD catering packages. Cage code and DUNS on request.
Compliance & certifications
At-a-glance status for regulated buyers and procurement teams.
| Control / Standard | Status | Notes |
|---|---|---|
| PCI DSS Level 1 (payments) | Compliant | Via Stripe + Coinflow; Dragonfly never handles raw card data |
| HIPAA-aware delivery | Compliant | Operational controls; BAA available for enterprise pharmacy clients |
| SOC 2 Type II | In progress Β· 2026 | Audit window Q4 2026. Trust report available under NDA |
| GDPR / CCPA | Compliant | Privacy policy + data-subject request flow live |
| COI / Cargo insurance | Active Β· $5M/delivery | Certificate on request via Enterprise Sales |
| SAM.gov / Federal | Active registration | CAGE code + DUNS on request |
| Driver background checks | Every driver, pre-activation | Checkr-powered MVR + criminal history |
| Bug bounty / responsible disclosure | Email-based Β· 2026 roadmap | [email protected] |
Security questionnaire or COI?
Enterprise buyers: we respond to vendor-risk questionnaires, DPA requests, and COI requests within 2 business days.
Report a security issue: [email protected]