Your Security is Our Priority

BoatSaga employs enterprise-grade security measures and maintains SOC 2 Type II compliance to protect your data and ensure safe transactions.

SOC 2 Type II CompliantGDPR CompliantPCI DSS via Stripe

End-to-End Encryption

TLS 1.3 encryption

All data in transit is encrypted using the latest TLS protocol

AES-256 at rest

Database encrypted with military-grade encryption

Secure password hashing

Bcrypt with cost factor 12 for all passwords

Secure Infrastructure

Vercel Edge Network

SOC 2 Type II certified hosting platform

DDoS Protection

Cloudflare protection against attacks

99.9% Uptime SLA

Redundant systems and automatic failover

Access Control

Multi-Factor Authentication

Optional MFA for enhanced account security

Role-Based Access Control

Granular permissions for different user types

Session Management

Secure, httpOnly cookies with automatic expiration

Continuous Monitoring

24/7 Security Monitoring

Real-time alerts for suspicious activity

Audit Logging

All security events logged and retained for 7 years

Vulnerability Scanning

Automated scans on every deployment

Data Protection & Privacy

Data Minimization

We only collect data necessary for providing our services. No excessive data collection.

User Rights

Export, update, or delete your data at any time. Full GDPR compliance.

Data Retention

30-day grace period for deleted accounts. Permanent deletion thereafter.

Security Practices

Development Security

Code reviews required for all changes
Automated security testing in CI/CD pipeline
Dependency vulnerability scanning with every build
Secrets never committed to version control

Operational Security

Encrypted environment variables via Vercel
API rate limiting to prevent abuse
Regular security updates and patches
Incident response plan with defined procedures

Third-Party Security

We partner only with SOC 2 certified vendors and industry leaders:

SOC 2 Type II

Vercel

Hosting & Edge Network

SOC 2 Type II

Supabase

Database & Storage

PCI DSS Level 1

Stripe

Payment Processing

SOC 2 Type II

Cloudflare

Security & DDoS Protection

Your Data Rights

Access & Export

Download all your data in JSON format at any time from your account settings.

Right to Deletion

Permanently delete your account and all associated data with one click.

Data Transparency

Clear information about what data we collect and how we use it.

Security Features

Bot Protection

Cloudflare Turnstile prevents automated attacks and spam while maintaining user privacy.

Rate Limiting

API rate limits prevent abuse and ensure fair resource allocation for all users.

Content Security Policy

Strict CSP headers prevent XSS attacks and unauthorized script execution.

Audit Logging

All security-relevant events are logged for compliance and forensic analysis.

Protect Your Account

• Use a strong, unique password (minimum 8 characters with mixed case and numbers)
• Never share your password or login credentials
• Enable two-factor authentication if available
• Log out from shared devices
• Report suspicious activity immediately to security@boatsaga.com
• Verify URLs before entering sensitive information

Report Security Issues

We take security seriously. If you discover a security vulnerability, please report it responsibly:

Email:

security@boatsaga.com

What to Include:

Description of the vulnerability
Steps to reproduce
Potential impact assessment
Your contact information for follow-up

Our Commitment:

Response within 24 hours
Regular updates on remediation progress
Credit for responsible disclosure (if desired)
No legal action against good-faith researchers

Certifications & Audits

SOC 2 Type II Compliance

Our systems and processes undergo regular independent audits to maintain SOC 2 Type II certification. This ensures we meet the highest standards for security, availability, processing integrity, confidentiality, and privacy.

Third-Party Audits

Annual penetration testing and security assessments by independent cybersecurity firms. Regular compliance audits by certified auditors.

Continuous Compliance

Quarterly internal security reviews, weekly dependency updates, and daily automated security scans.

Security Contact

For security-related inquiries, vulnerability reports, or compliance questions:

Security Team

security@boatsaga.com

Privacy Officer

privacy@boatsaga.com

Business Hours: 09:00-17:00 CET/CEST (Mon-Fri) Emergency Security Issues: Monitored 24/7

This security information is provided for transparency and user confidence. For detailed technical documentation, please contact our security team.