VesselIQ
Privacy PolicyTerms of Service
Security

Built for the maritime industry's security requirements

VesselIQ is designed to support operators, managers, and DPAs in meeting IMO MSC-428(98) cyber risk management obligations. Here's how we protect your vessel data.

IMO MSC-428(98) Compliance Statement

Download our full compliance statement showing how VesselIQ maps to the five IMO cyber risk management functional elements — suitable for ISM audits and DPA review.

Download PDF

Security controls

A summary of the technical and organisational measures in place.

Access Control & Authentication

  • Multi-factor authentication (TOTP) enforced on all accounts
  • Brute force protection with automatic lockout after 5 failed attempts
  • Automatic session timeout after 60 minutes of inactivity
  • Minimum 12-character passwords with complexity requirements
  • Role-based access control per vessel

Infrastructure & Encryption

  • All data encrypted in transit via TLS 1.2+
  • Database encrypted at rest (AES-256)
  • File storage encrypted at rest with Row-Level Security policies
  • Hosted on Vercel (SOC 2 Type II) and Supabase (SOC 2 Type II)
  • Global edge network with DDoS protection via Cloudflare

Audit Logging & Monitoring

  • Immutable audit log — all actions are permanently recorded and cannot be altered
  • Every action attributed to individual user accounts with IP address and timestamp
  • Full trail of document imports, media uploads, and system changes

Resilience & Recovery

  • Automated daily database backups via Supabase
  • Instant deployment rollback via Vercel
  • Automated dependency vulnerability scanning via GitHub Dependabot
  • DKIM, SPF, and DMARC email authentication

Infrastructure & sub-processors

VesselIQ is built on industry-leading certified infrastructure providers.

ProviderRoleCertification
SupabaseDatabase & AuthenticationSOC 2 Type II
VercelApplication Hosting & CDNSOC 2 Type II
AnthropicAI Features (Claude API)SOC 2 Type II
ResendTransactional EmailSOC 2 in progress
CloudflareDNS, DDoS & Email RoutingISO 27001, SOC 2

Responsible disclosure

If you've discovered a security vulnerability in VesselIQ, we'd like to know about it. Please contact us before public disclosure so we can investigate and remediate promptly. We take all reports seriously and aim to respond within 48 hours.

security@vesseliq.app