Built to survive scrutiny,
not just an installation.
Enterprise buyers, insurers, and EACOP EPC contractors ask hard questions before they connect telemetry to a live fuel asset. Here is exactly how KINGSHIP protects your data and equipment — encryption, network architecture, physical tamper detection, and what we do when something goes wrong.
Encryption, end to end.
Fuel volume and delivery data is commercially sensitive. It's encrypted the moment it leaves the tank probe and stays encrypted everywhere it's stored.
AES-256, everywhere data rests
All stored telemetry — tank readings, delivery events, audit logs — is encrypted at rest with AES-256.
TLS 1.3 in transit
Every edge node ships readings to our cloud over TLS 1.3. There is no plain-text data path, from tank probe to dashboard.
Cryptographically signed logs
Every reading, alert, and delivery event is signed and timestamped at the point of capture — so a record can't be silently altered after the fact.
Network segmentation, by design and by guidance.
Our hardware is architected to minimize what it exposes on your network — and we tell you how to segment the rest.
Cellular-first, outbound-only
Edge nodes connect out over dual-SIM LTE (MTN + Airtel) directly to our cloud. They do not join your station Wi-Fi or corporate LAN, and they don't require any inbound firewall rule — removing an entire class of network exposure by design.
Physically isolated ATG interface
The RS-485 link between our edge node and your existing ATG probe (Veeder-Root, Franklin Fueling, OPW) is a point-to-point serial connection, not an IP interface — it cannot be reached or scanned from any network.
Recommended segmentation for your site
We advise keeping POS, back-office, and guest Wi-Fi on separate VLANs from any operational technology, and disabling default credentials on any network gear at the station. Because our hardware never needs to sit on that network, a compromised guest or POS segment cannot reach the telemetry path.
Tamper detection, not tamper trust.
Every enclosure, hatch, and valve seal we monitor is built to make interference visible immediately, not discoverable at the next manual check.
Sealed, rated enclosures
IP54 forecourt gateways, IP67 pipeline RTUs — dust and water ingress that could mask physical interference is designed out.
Electronic hatch & valve seals
Tanker units monitor hatch and valve seal state continuously. Breaking a seal fires a custody-seal alert in real time, not at next inspection.
Vibration & motion sensing
Pipeline RTUs carry an onboard accelerometer that flags unauthorized physical interference with the node itself.
Tamper-evident, geofenced logging
Seal and enclosure events are cryptographically signed and geofenced, producing an audit trail that shows what happened, where, and when — not just that something changed.
When something goes wrong, you hear it from us first.
We'd rather over-communicate a confirmed issue than let you find out from a bad delivery reconciliation.
Continuous automated monitoring
Edge nodes and cloud infrastructure are monitored 24/7 with automated failover; alert latency end-to-end is under 60 seconds.
Detect, contain, assess
A confirmed security event triggers an internal escalation: the affected component is isolated, scope is assessed, and root cause is investigated before any remediation ships.
Customer notification
If an incident affects your data or equipment, we tell you directly — what happened, what we know, and what we're doing about it — not just a status-page update.
Post-incident review
Every confirmed incident gets a written post-mortem and, where relevant, a fix that ships back into the platform for every customer, not just the one who was affected.
Found a vulnerability? Tell us.
If you're a customer, partner, or independent researcher and believe you've found a security issue in our hardware, platform, or infrastructure, we want to hear about it before anyone else does.
partners@kingshiptelemetry.comSecurity, answered.
Is our fuel and delivery data encrypted?
Yes. Telemetry is encrypted in transit over TLS 1.3 from the edge node to our cloud, and encrypted at rest with AES-256. Every reading, alert, and delivery event is also cryptographically signed and timestamped.
Does your hardware need access to our network?
No. Edge nodes connect outbound over dual-SIM cellular LTE (MTN + Airtel) directly to our cloud — they don't join your station Wi-Fi or corporate LAN, and no inbound firewall rule is required. The RS-485 link to your existing ATG probe is a physical, point-to-point serial connection, not an IP interface, so it isn't reachable from any network.
How would we know if a tank, hatch, or valve was tampered with?
Continuously, not at the next manual check. Hatch and valve seal state is monitored in real time, enclosures are IP54/IP67-rated, pipeline nodes carry vibration sensing, and every tamper or seal-break event is cryptographically signed, timestamped, and geofenced.
What happens if you have a security incident?
Infrastructure is monitored 24/7 with under-60-second alert latency. A confirmed incident is contained and scoped before remediation ships, we notify directly affected customers with what happened and what we're doing about it, and every confirmed incident gets a written post-incident review.
Who do we contact to report a vulnerability?
Email partners@kingshiptelemetry.com. We take reports from customers, partners, and independent researchers seriously and will acknowledge receipt and work with you on responsible disclosure.