GDPR-compliant delivery tracking with enterprise security. Progressive disclosure protects customer data while providing real-time visibility.
Secure, time-limited access tokens with automatic cleanup.
For testing and demos
Proof of delivery access
Customer can view confirmation
No data retained
Enterprise-grade security with privacy by design.
256-bit entropy tokens (43 characters) using secrets.token_urlsafe(32). Practically impossible to guess or enumerate.
Two-factor protection: URL token + delivery postcode. Postcode is bcrypt hashed in database (not stored in plain text). Even if database is compromised, postcodes cannot be reversed.
Maximum 5 verification attempts per token. After 5 failures, token is locked for 1 hour. Rate limiting: 60 req/min per token, 5 verification attempts/min per IP.
Before verification: Only area code (e.g., "SW1A") and status shown. Full address, driver details, and exact ETA hidden until verified. No customer account required.
| Data | Before Verify | After Verify |
|---|---|---|
| Delivery area | SW1A | SW1A 2AA |
| Full address | Hidden | Visible |
| ETA | Range only | Exact time |
| Driver name | Hidden | Configurable |
| Live map | Hidden | When ETA ≤ 15min |
All tracking access logged with timestamp, IP address (hashed), and action type. Supports GDPR Article 30 record-keeping requirements.
Each workspace can customize the tracking page appearance.
Deliver a seamless branded experience to your customers while maintaining full GDPR compliance and security.
The tracking page automatically adjusts refresh rate based on delivery proximity.
Intelligent polling reduces server load during long waits while providing real-time updates as delivery approaches.
See how OmnioIQ Track & Trace delivers security and transparency.
Get a Demo