Security
Source files require a controlled intake path.
Trade Recovery Data does not request real import/export source files until the paid-screen scope, authorized contact, and secure intake route are confirmed.
Current controls
- Public site uses Cloudflare Pages with security headers.
- Email authentication is enforced on Trade Recovery Data mail through Google MX, SPF, DMARC, and DKIM.
- Initial form submissions are limited to non-confidential fit information.
- Payment collection follows a confirmed fit call and written scope confirmation.
Intake-handling commitments
- No source files before secure-intake instructions are confirmed. The public form is for non-confidential fit information only.
- Source files require a controlled intake path with the confirmed channel, storage location, access owner, and scope recorded before transfer.
- Encrypted transfer is expected for any real import entries, broker exports, invoices, SKU files, BOMs, or shipment records.
- File access should be limited to the confirmed screen owner and any separately confirmed licensed specialist.
- No credentials, portal passwords, shared inbox passwords, or broker-login details should be sent through the public form or ordinary email.
File-handling rule
Do not send source files through open email before receiving confirmed secure-intake instructions. Initial fit checks should discuss only data availability, data owners, source systems, date ranges, and matching keys.
Security contact
Report file-handling or security concerns through the intake page or by routing to intake@traderecoverydata.com with no source-file attachments.