Double-brokering is rampant. Fake carriers answer real check calls. So when a vendor asks for keys to your inbox and your TMS, you should grill them. This page is every answer, written down before you ask — what we read, what we write, what we can never touch, and the log that proves it.
If an answer below ever stops being true, we update this page before we update the sales deck.
| Question | The plain answer |
|---|---|
| WHAT THE AGENTS READ | Your quote inbox (one mailbox, filtered to quote traffic). Your TMS lane history — lanes, dates, rates, load statuses. Your rate feed (DAT or Greenscreens) through your own credentials. That's the whole list. |
| WHAT THE AGENTS WRITE | Draft replies into a rep approval queue. Status updates and quote logs into your TMS. Their own append-only audit log. Nothing else, anywhere else. |
| WHAT THEY NEVER TOUCH | Accounting, payments, carrier settlements, payroll, customer master data, anyone else's mailbox. The scopes physically don't exist on the keys — see the access model below. |
| WHERE DATA LIVES | US-region cloud infrastructure only. Encrypted at rest (AES-256) and in transit (TLS 1.2+). No copies on laptops, no exports to spreadsheets. |
| HOW LONG WE KEEP IT | While you're a client: long enough to run and regression-test your agents. If you leave: you get a full export, then our copies are deleted within 30 days. The audit log of agent actions is kept for both parties' protection. |
| MODEL TRAINING | Your emails, lanes, and rates never train anyone's models. Not ours, not a model vendor's — we use zero-retention API terms with model providers. What your corrections improve is your agent's own config: prompts, margin rules, test cases. That config belongs to your account and walks out the door with you. |
| WHO AT DEADHEADDESK CAN SEE IT | Named engineers on your account, under MFA, with access reviewed quarterly and revoked on offboarding day one. No "the whole team can see everything." |
The agents don't get an admin login and a promise to behave. Each integration gets its own credential with the narrowest scopes the job allows — and the denied list is enforced by the platform, not by policy.
Granted
Explicitly denied
Granted
Explicitly denied
Granted
Explicitly denied
SUPPORTED: ALJEX · TAI · McLEOD · TURVO · ASCEND · DAT · GREENSCREENS. SCOPES ARE REVIEWED WITH YOU AT SETUP AND PRINTED IN THE SERVICE AGREEMENT — YOU CAN REVOKE ANY KEY YOURSELF, ANY TIME, FROM YOUR OWN ADMIN PANEL.
Day one, your reps approve everything. Months later — if the numbers earn it and you say so — routine lanes can auto-send, and you can pull that privilege back with one click. Either way, every single agent action lands in an append-only log you can read. Here's a sample morning.
| Time | Actor | Action | Reversible? | ||
|---|---|---|---|---|---|
| + | 05:58:04 | HARNESS | Nightly regression — 412 sample emails replayed, 412 passed | N/A — read-only | |
|
Entry DD-AUD-58291 · scope: test corpus only Every parser and pricing rule replayed against the frozen corpus of real (anonymized, client-graded) freight emails. Output diffs checked against approved answers. Zero writes to your systems. If a test had failed: the affected lane is marked DEGRADED, any earned auto-send is suspended there, and Jacob gets paged — before your reps clock in. | |||||
| + | 06:02:11 | QUOTE-AGENT | Read inbound email #4821 — classified QUOTE REQUEST (conf 0.99) | N/A — read-only | |
|
Entry DD-AUD-58292 · scope: EMAIL.READ (quotes@ mailbox only) Inputs: one message. Writes: none. Classification confidence below 0.90 routes the email straight to a human with no further processing — the agent doesn't guess its way into your pipeline. | |||||
| + | 06:02:14 | QUOTE-AGENT | Read TMS lane history CHI→ATL (14 records) + rate-feed snapshot | N/A — read-only | |
|
Entry DD-AUD-58293 · scopes: TMS.READ.LANES + RATEFEED.READ Record IDs touched are listed in the full log entry. Rate lookup ran on your own DAT/Greenscreens credentials. No write scope was available to this step even if the code had a bug — the key can't do it. | |||||
| + | 06:02:19 | QUOTE-AGENT | Created draft reply — $2,140 all-in — placed in approval queue | YES — delete draft | |
|
Entry DD-AUD-58294 · scope: EMAIL.DRAFT The draft sits in your rep's queue. Nothing has left the building. Margin rules applied: floor 12%, target 15%, both satisfied. Reversal: one click deletes the draft; drafts that age out unapproved expire automatically rather than going stale in front of a customer. | |||||
| + | 06:41:37 | REP-04 (HUMAN) | Approved draft #4821 — reply sent to shipper | NO — sent mail is sent | |
|
Entry DD-AUD-58295 · this row is the gate The agent cannot perform this step. The send happens under the rep's identity, with a review record: who approved, when, and what they changed (here: nothing — $2,140 went out as drafted). Sent mail can't be unsent, which is exactly why a human owns this row on day one — and why auto-send is earned lane by lane, months in, only if you turn it on. | |||||
| + | 06:41:39 | QUOTE-AGENT | Logged quote Q-7731 to TMS — lane, rate, customer, timestamp | YES — field-level revert | |
|
Entry DD-AUD-58296 · scope: TMS.WRITE.QUOTES New record, so there's no prior value — but the revert path still exists: one click removes the record and logs the removal as its own entry. Nothing the agent writes to your TMS is ever the only copy of the truth. | |||||
| + | 09:15:02 | T&T-AGENT | Parsed carrier check-in (load #10421) — wrote status IN TRANSIT, CARTERSVILLE GA, ETA ON TIME | YES — prior value retained | |
|
Entry DD-AUD-58301 · scope: TMS.WRITE.STATUS Identity check passed: the reply came from the dispatch number on the carrier-of-record file. Parse confidence 0.97 — below 0.85 the agent asks the carrier to confirm instead of writing. Prior status is stored with the entry; revert is one click and is itself logged. | |||||
| + | 09:47:55 | T&T-AGENT | RED FLAG — check-in reply from unknown number on load #10433 — NO WRITE, escalated | N/A — nothing written | |
|
Entry DD-AUD-58307 · fraud posture, working as intended The reply number matched neither the carrier-of-record dispatch line nor the driver contact from onboarding. Possible re-brokered load. The TMS was not touched. Your dispatcher got a side-by-side: number on file vs. number replying, the MC record, and the raw message. A human decides what happens next — the agent's job was to notice and refuse to write. | |||||
SAMPLE DATA — ILLUSTRATIVE OF THE PRODUCTION LOG FORMAT. IN PRODUCTION, EVERY ENTRY IS APPEND-ONLY, TIMESTAMPED, EXPORTABLE, AND YOURS TO READ AT ANY TIME.
Most freight fraud doesn't beat smart people — it beats busy ones. A rep juggling forty loads at 4:50 PM doesn't cross-reference a dispatch number against the carrier file. The agent does. On every single check-in, at any hour, without ever getting bored of it.
Identity check on every check-in
Every inbound reply — email or SMS — is matched against the carrier-of-record contacts from your onboarding packet and registry data before the agent will touch your TMS. A mismatch doesn't get "probably fine." It gets a frozen status, an escalation, and a side-by-side comparison in front of your dispatcher.
And because the agent sees every check-in across every load, it catches patterns no single rushed rep can: the same unknown number answering for two different carriers, a driver who "switched trucks" twice in one week, locations that don't add up across a route.
HONEST LIMIT: THIS IS A TIRELESS FIRST FILTER, NOT A FRAUD GUARANTEE. THE AGENT FLAGS AND FREEZES — YOUR PEOPLE DECIDE.
ANY FLAG = STATUS FROZEN · NO TMS WRITE · HUMAN ESCALATION WITH FULL CONTEXT · LOGGED
Carriers change email formats. TMS vendors ship breaking API changes. Models drift. We assume all of it — the harness exists because "it worked in the demo" is not an operating plan.
01 · Watch
Nightly regression on a corpus of real freight emails. Parse-confidence distributions, draft volume vs. baseline, TMS write success rates, rate-feed staleness, email-format drift alarms.
02 · Page
Jacob, not you. Silent-failure alerting pages us when the agent stops behaving — including the failure mode where it's confidently wrong, not just down.
03 · Contain
Every TMS write keeps its prior value — field-level revert, one click. Drafts delete cleanly. One switch pauses an agent entirely, and your inbox is exactly what it was before we existed.
04 · Report
A plain-English incident note, same day: what broke, what it touched, what was rolled back, what changed so it doesn't repeat. It also shows up in your weekly dollar-denominated report.
"No silent failures" is in the service agreement, not the marketing. If an agent degrades and you find out from a customer before you hear it from us, that's a breach on our side — in writing.
We're pre-launch and we're not going to pretend otherwise. Here's what's running today versus what's on the roadmap — and nothing gets a logo on this site until there's a report behind it you can actually read.
| Control | Status |
|---|---|
| Encryption in transit (TLS 1.2+) | NOW |
| Encryption at rest (AES-256, US region) | NOW |
| Least-privilege scopes per integration | NOW |
| Append-only audit log of every agent action | NOW |
| MFA on all internal systems | NOW |
| Quarterly access reviews & same-day offboarding | NOW |
| Vendor security questionnaires | NOW |
| Third-party penetration test | ROADMAP |
| SOC 2 Type I | ROADMAP |
| SOC 2 Type II | ROADMAP |
FIELD TIP: WHEN ANY VENDOR SHOWS YOU A SOC 2 LOGO, ASK FOR THE REPORT. IF THEY STALL, YOU'VE LEARNED SOMETHING.
Security reports and vendor questionnaires go straight to me — no ticket queue, no "your concern is important to us." If you report a real vulnerability, you'll get a real answer and a fix timeline, and credit if you want it.
SECURITY@DEADHEADDESK.COM
GOES LIVE WITH THE DOMAIN. UNTIL THEN: BROKERJACOBMORGAN@GMAIL.COM — IT'S ME EITHER WAY.
— JACOB MORGAN, FOUNDER · THE WHOLE STORY
30 days, one inbox, every action gated and logged. Bring your security questionnaire to the first call. Hard before/after metrics decide — not a sales deck.
PILOT FEE CREDITS AGAINST THE $7,500 SETUP. $2,000/MO INCL. 500 ITEMS · $1.50/ITEM AFTER.