How Your Data Is Protected

Testing records are sensitive and regulated. Here is how Random Pool Manager secures your data, keeps it confidential, and makes your program defensible.

Encrypted in transit Tenant isolation §40.321 confidentiality
Security

How the platform is secured

Encryption in transit

All traffic is served over HTTPS/TLS. Passwords are stored only as one-way bcrypt hashes.

Tenant isolation

Every database query is scoped to your workspace, so one account can never see another’s data.

Role-based access

Owner / admin / staff / viewer roles control who can see and change what inside your workspace.

Multi-factor authentication

Optional MFA (TOTP) adds a second factor to protect account access.

Audit logging

Draws, results, notifications, and record changes are logged with who and when — tamper-evident by design.

Encrypted backups

Data is backed up on a regular schedule with encrypted, off-site copies for disaster recovery.

Confidentiality

Records, retention & confidentiality

49 CFR §40.321

Confidential by rule

Test information is access-controlled and released only to authorized parties, consistent with the Part 40 confidentiality rule.

§382.401

Retention

Keep records for the retention periods your DOT mode requires; your data stays retrievable on request.

Your data

You own it

Customer Data is yours to export at any time; if you close your account it is retained at least 30 days first.

Reproducible

Defensible

Because each draw stores its method and pool snapshot, a selection can be reconstructed and defended in an audit.

Shared responsibility

Your part

Random Pool Manager secures the platform and gives you the tools and records to run a compliant program — but you, as the employer or service agent, remain responsible for compliance with the DOT rules that apply to your operation: controlling access within your workspace, disclosing results only to authorized parties, and meeting your retention obligations.

Disclaimer: Random Pool Manager is an independent compliance tool, not affiliated with or endorsed by the U.S. DOT or any federal agency, and does not replace professional judgment. See our privacy policy and terms.

Compliance you can defend

Secure, isolated, audit-logged — with reproducible draws and records that hold up under review.

See Random Pool Manager