Loading SeaPillar
SeaPillar is designed for regulated maritime operations. Tenant isolation, RBAC, and audit trails are not optional features — they are foundational.
Security is enforced at the database, API, and UI layers. Every action is attributable. Every boundary is validated.
Every query is scoped to your organization at the database layer. Data from one tenant cannot reach another — enforced at the query level, not just the application layer.
Eight roles across operations, owner, and captain portals: Agency Admin, Operator, Customs Officer, Warehouse, Viewer, Vessel Owner, Captain, plus Super Admin for platform-level support. Permissions are enforced server-side on every request.
Every status change, approval, and update is logged with the acting user, timestamp, and a record of what changed. Logs cannot be altered or deleted.
Data is encrypted in transit (TLS 1.3) and at rest. Credentials are never stored in plain text. File uploads are validated for MIME type and content before storage.
HSTS, CSP, X-Frame-Options, and Permissions-Policy are enforced on every response. Input is sanitized at all trust boundaries before reaching the database.
Generate audit packs, custody chain exports, and GDNs with integrity hashes on demand. Structured for P&I club submissions and customs authority review.
We pursue third-party validation to give your compliance team confidence beyond our own assertions.
We are actively working toward SOC 2 Type II certification covering security, availability, and confidentiality. The current readiness package — including our Trust Service Criteria mapping and remediation roadmap — is available on request during vendor evaluation.
Application and infrastructure penetration testing is part of our security programme. The executive summary of the most recent test is available on request under NDA for vendor evaluations.
Our incident response procedure includes a commitment to notify affected customers within 24 hours of a confirmed security incident, with a follow-up post-mortem within 10 business days.
SeaPillar is built and operated for EU maritime operators. GDPR compliance is treated as a baseline requirement, not an afterthought.
All data is stored and processed within the European Union. No transfers to third countries without adequate safeguards.
A GDPR-compliant DPA is available for all customers. Contact us to request one before or during onboarding.
SeaPillar collects operational data required for the custody function. Personal data (captain identity, operator attribution) is limited to what is necessary for the audit trail.
Custody records are retained for the contractual period. Data deletion requests are processed in accordance with GDPR Article 17 and applicable maritime record-keeping requirements.
We provide detailed security documentation and architecture overviews for operators doing formal vendor evaluation. Contact us before or during your review process.