Service: maxpack.com.au — freight packing SaaS (parcel, container, ERP API).
Operator: Isbel Pty Ltd · ABN 20 138 742 720
Hosting: Australia (IONOS VPS) · Application path /var/www/maxpack
Contact: sales@maxpack.com.au
Authentication
- Customer portal: session cookie (HttpOnly, Secure, SameSite=Lax), 8-hour idle timeout
- ERP API:
X-Api-Keyper customer (bcrypt-hashed at rest); master key in server env - Packer display: signed station URL token
- Optional email OTP for pilot accounts (
MAXPACK_PORTAL_EMAIL_2FA)
Transport & headers
- HTTPS with HSTS
- X-Content-Type-Options, X-Frame-Options, Referrer-Policy
- CSP (report-only) on production pages
Rate limiting & audit
- Login and API rate limits per IP / API key
- Append-only audit log: login, API auth, key rotation
Data
- JSON files under
data/on application server (orders, packs, customer registry) - No payment card data processed
- Deletion on written request within 30 days (see DPA)
Subprocessors
IONOS (hosting), Plausible (analytics, EU option available). See full list in procurement pack.