Skip to main content
X3
X3 COMPASS
AI Safety Director
Sign in★ Start free →
Documentation · Reference

Integrations

Compass runs on a deliberately small stack. Every integration below is wired today — not "coming soon." For each one: what data flows, what consent is required, what the customer-facing surface looks like.

Integration philosophy

Three rules drive how we choose + wire vendors:

  • Customer data stays in our tenant. Vendors get the minimum they need to do their job and no more. Stripe sees payment data; it never sees driver compliance records.
  • Webhook signatures are verified. Every inbound webhook checks HMAC before any state change. Spoofed events are rejected with HTTP 401 and logged.
  • One-click revocation. Removing a vendor doesn't require an engineer. The integrations page in /app/settings handles disconnect + data cleanup.

Stripe — billing

What flows: Subscription state, payment method (Stripe holds it; we hold a Customer ID), invoices, payment events.
What we never see: Card numbers, full bank details, CVV. Stripe Checkout + Customer Portal handle every PCI-scope surface.

Setup

Nothing for the carrier to do. Stripe Checkout fires when you pick a plan during signup. Update payment method any time from /app/settings/billing.

Webhook

Stripe sends events to /api/stripe/webhook (HMAC-SHA256 verified with STRIPE_WEBHOOK_SECRET). Handlers idempotent on event ID. State changes go to the compass_carriers table.

Checkr — background checks

What flows: Candidate name + DOB + SSN go from your driver to Checkr (never through Compass — the Checkr Embeds widget POSTs directly to Checkr). Compass receives the resulting candidate_id and report_id for status tracking.
What we never see: SSN, full report contents. We display the Checkr-hosted report viewer inside Compass via their embed.

FCRA compliance

The disclosure + consent surface is the Checkr-audited Embed. Adverse-action timing is built into our workflow (7-day pre-adverse window, mailed notice to driver, then final-adverse) — see /security.

Flow

  1. Carrier orders a check from /app/background-checks → driver receives invite email
  2. Driver completes disclosure + consent + identity in the Checkr Embed
  3. Checkr returns webhook updates as the report progresses
  4. Carrier reviews completed report via the embedded ReportsOverview widget
  5. If adverse — workflow surfaces the pre-adverse letter template + 7-day timer

Anthropic — the AI brain

What flows:The literal text the user types into Ask Compass. Plus the system prompt (which contains the X3 Compass voice, the CFR-citation rules, and zero customer data). That's it — no carrier records, no driver names, no PHI.
What we never share: Anything from the compass_* tables unless the user pastes it into the prompt themselves.

Per Anthropic's API terms, API traffic is not used to train models. We log every call to compass_prompt_eval for our own quality measurement — that data stays in our Supabase tenant.

Citation verification: every CFR section in a Claude response is round-tripped against ecfr.gov live before the response returns to the customer. Read the methodology in the CFR accuracy baseline post.

Supabase — data + auth

What flows: All carrier compliance data — drivers, vehicles, inspections, D&A tests, MVRs, training records, accidents, DQ documents.
Tenant isolation: Postgres Row-Level Security on every compass_* table. The policy looks like this:

(See /security § 02 for the exact policy text.)

Authentication

Supabase Auth handles password + magic link sign-in. JWT stored in HTTP-only cookies. Service-role keys never leave server-side env vars.

Storage

Documents (med certs, CDL copies, MVRs) go to Supabase Storage with the same RLS policy as the metadata tables. Signed URLs expire in 15 minutes by default.

Cloudflare — hosting + WAF

What runs here: Static marketing site, Pages Functions (the /api/* endpoints), R2 object storage for audit-export ZIPs, the WAF, and DDoS protection on every request.
What we never store on CF: Customer credentials or payment data.

R2 audit ZIPs

Generated audit ZIPs land in R2 at r2://x3compass-uploads/audits/{carrier_id}/{timestamp}.zip. URLs are signed with a 24-hour expiry. The R2 binding never appears in client code — only the Pages Function that generates the ZIP can write to the bucket.

Resend — transactional email

What flows: Sign-up confirmation, magic-link emails, password resets, the daily compliance digest, FCRA adverse-action notices.
What we never send: Marketing emails. No newsletter. No tracking pixels in transactional mail.

Outbound from [email protected] for system mail, [email protected] for founder reply-able mail. DKIM + SPF + DMARC configured on the x3compass.com zone.

Twilio — SMS notifications

What flows: Daily-digest SMS (opt-in), driver-side OTP for sign-in, FCRA-required SMS notices to drivers during background checks.
STOP handling: Driver replies STOP → Twilio updates opt-out → next outbound is blocked at the Twilio side AND we mark the row in compass_drivers.sms_opt_in = false.

Integration roadmap

  • Motive, Samsara, Geotab — ELD ingest for hours-of-service real-time. Target Q3 2026.
  • SambaSafety — continuous MVR monitoring (today: annual one-shot pulls). Target Q3 2026.
  • Quest Diagnostics — D&A test ordering + result ingest. Target Q4 2026.
  • CarrierOk — live CSA / SMS percentile feed. Decision pending; sample audit assumes this is wired.
  • FMCSA Clearinghouse — direct query API (today: manual logging). Awaiting FMCSA-published API.

Need an integration that's not on this list? Email [email protected] — customer demand drives priority.