Platform · Security
Security & compliance posture
Procurement-grade answers to the questions enterprise security teams ask first. For specific contractual asks (DPA, SCC, SOC 2 audit reports, customer-managed keys), contact us directly.
Data handling
- Customer footage
- Stored in Google Cloud Storage in EU regions. Bucket-per-tenant for enterprise customers; multi-tenant with row-level isolation for self-serve.
- Passport JSON
- Persisted to Firestore (Google Cloud, EU). tenant_id-keyed; access controlled per tenant scope.
- Encryption at rest
- GCS + Firestore default encryption (Google-managed keys). Customer-managed keys (CMEK) available on enterprise tier.
- Encryption in transit
- TLS 1.2+ for all API + UI traffic. Vercel-managed HTTPS certificates auto-rotated.
- Retention
- Footage retained for processing duration; raw video deleted after analysis unless customer opts to retain. Passports retained per customer-configured policy.
AI / model handling
- Model provider
- Anthropic Claude + Google Vertex AI as primary VLMs. Inference happens on customer's behalf via authenticated API calls; no model weights distributed.
- Training on customer data
- Anthropic Claude API: customer data not used for training per Anthropic's commercial terms. Google Vertex AI: data not used to train Google's foundation models per Vertex enterprise terms.
- Model versioning
- Every passport tags ai_model_version. Model card URI per passport for reproducibility.
- Failure mode
- Hullproof never fabricates a passport on VLM failure. Errors surface explicitly — no silent degradation.
Authentication & authorization
- User auth
- Firebase Auth (Google Identity Platform). Email + password + Google OAuth. SSO via OIDC available on enterprise tier.
- API auth
- Tenant-scoped API keys (rolling rollout). Bearer tokens via Firebase ID tokens.
- Tier enforcement
- feature_tier decorator at the service boundary. Self-serve, enterprise_api, compliance_bundle, platform tiers enforced server-side.
- Admin access
- Separated admin auth surface. ADMIN_PASSWORD-gated admin endpoints; ADMIN_UID-gated UI surface.
EU AI Act + GDPR posture
- EU AI Act classification
- Hullproof analyses used for safety-critical compliance (EU ETS, CII, port-state inspection) classified as high-risk AI systems per the AI Act. Per-passport eu_ai_act_class tag.
- GDPR data minimization
- No PII in passports by default. Operator IDs are pseudonymous; vessel/asset IDs are operator-controlled. Source frames retained only as long as needed for audit.
- Right to access / delete
- Tenant-scoped data export + deletion endpoints available. SLA-bound response times on enterprise tier.
- Data Processing Agreement
- Standard DPA available on request. CCPA + UK-GDPR addendums on request.
Audit & lineage
- Append-only history
- Every passport carries history[] — immutable record of changes (passport_version, timestamp, change_summary, changed_by). Schema-enforced.
- Source-frame references
- Every finding has source_frames[]. A verifier can replay the analysis against the same frame set.
- Output hash trail
- Audit log captures inputHash + outputHash per analysis. SHA-256-signed verification pages for evidence sharing.
- Logging
- Structured server-side logs via structlog-equivalent. Sentry for error capture (DSN per environment, no PII in events).
Infrastructure
- Hosting
- Vercel (web + serverless functions). Firebase / Google Cloud (Firestore + GCS + Vertex AI). Region: EU primary; per-customer pinning available on enterprise tier.
- CDN
- Vercel Edge Network — global delivery for public pages; private/auth-gated routes always hit origin.
- Backups
- Firestore continuous PITR backups (7-day window default; longer windows on enterprise).
- Monitoring
- Vercel Observability + Sentry for application errors. Uptime monitoring per the platform incident-response runbook.
Compliance certifications
- SOC 2
- Cloud-provider-inherited (Vercel + Google Cloud + Firebase). Hullproof-specific SOC 2 readiness in progress.
- ISO 27001
- Cloud-provider-inherited; Hullproof-specific scope on the roadmap for enterprise contracts.
- NORSOK / DNV / IMO
- Hullproof passports align with NORSOK + DNV-RP + IMO MEPC standards per the domain registry. See /api/mcp/asset-types for per-domain coverage.
Reference links
Procurement contact
For DPA, SCC, security questionnaires, or audit-report requests, contact us directly. We respond within one business day.