Security Policy
How we secure the platform, the controls in place, and how to disclose vulnerabilities responsibly.
Five built-in roles scoped per fleet workspace. SAML SSO and SCIM provisioning available on Enterprise.
Append-only event log for every operator action, system event and rule decision. Exportable as signed CSV / JSON.
Documents and extracted fields encrypted at rest with AES-256 and in transit with TLS 1.3. Per-tenant segregation. BYOK on Enterprise.
No automatic approvals on warn or fail outcomes. Configurable approval thresholds and two-person review available.
Default 7-year WORM retention aligned with IMO record-keeping. Configurable per fleet and per document class.
Single-tenant VPC deployment in EU and SG regions. On-premise reference architecture available to qualified Enterprise customers.
Attestations
SOC 2 Type II — report Q1 2026. ISO 27001 implementation in progress. GDPR compliant with DPA available on request. Aligned with IMO MEPC.320(74) record-keeping requirements.
Responsible disclosure
We welcome security research. Email security@nautives.com with findings. We acknowledge reports within two business days and do not pursue legal action against good-faith research.
Incident notification
Confirmed incidents affecting customer data are reported to affected customers within 72 hours, in line with GDPR Article 33.
Contact
Security inquiries: security@nautives.com.