Back to Home

    Security

    At MarinerMind, security is foundational to our product — not an afterthought. This page describes our security posture openly, because the maritime operators we serve deserve full transparency about how their crew data is protected.

    Data Protection

    What We Collect

    Data TypePurposeRetention
    Incident observations, cause, action takenISM safety reportingDuration of contract + 3 years
    Vessel name, position at time of incidentReport contextDuration of contract + 3 years
    User email address and name (via Clerk)Authentication, invitationUntil account deletion
    Push notification device tokensMobile alert deliveryUntil device de-registration
    IP addresses (rate limiting)Abuse preventionMaximum 24 hours in memory

    What We Do NOT Collect

    • Continuous crew location or tracking data
    • Biometric data
    • Financial information
    • Non-safety-related personal communications

    Encryption

    • In transit: All data transmitted over TLS 1.2+. HTTPS enforced on all endpoints. HSTS enabled with a 1-year max-age.
    • At rest: PostgreSQL hosted on Render (Frankfurt, EU). AES-256 encryption by the hosting provider.
    • Backups: Automated daily backups with point-in-time recovery, stored encrypted in the same region.

    Data Residency: All production data is stored in Frankfurt, Germany (EU), supporting GDPR compliance requirements for European maritime operators.

    Authentication & Access Control

    MarinerMind uses Clerk as its identity provider — a SOC 2 Type II certified authentication platform. We do not store passwords. Authentication options include email + password (bcrypt-hashed by Clerk), Google OAuth SSO, and TOTP/SMS multi-factor authentication (recommended for all admin accounts).

    Role-Based Access Control

    RoleAccess Level
    SeafarerCreate and view own safety reports only
    Fleet ManagerRead-only access to reports and analytics for assigned vessels
    AdministratorFull platform management — users, vessels, fleets, invitations

    Role assignments are stored in Clerk's verified user metadata and enforced on every API request server-side. Roles cannot be self-assigned or escalated by end users.

    Session Management

    • Session tokens managed exclusively by Clerk (short-lived JWTs, 1-hour expiry with refresh)
    • Sessions revoked immediately upon password change or admin-initiated logout
    • All protected routes validated server-side on every request — client-side role checks are decorative only

    Admin Access

    • Admin accounts require multi-factor authentication
    • Admin users are invited via time-limited cryptographic tokens (256-bit random)
    • All admin actions are logged with timestamp and user ID

    Incident Reporting Privacy

    Protecting the identity of seafarers who report safety incidents is the most critical privacy feature of the MarinerMind platform.

    • Reports are submitted via the crew mobile app and stored with the submitting user's Clerk ID
    • Shore-side managers see vessel-level data only — ship name, report type, and incident details, but not the individual crew member's identity by default
    • The dashboard surfaces patterns and trends, not individual reporters

    Note: Administrators with database access can technically correlate clerkId to a user profile. We document this clearly to enterprise customers and recommend role separation between fleet managers and system administrators.

    Future Anonymisation Roadmap

    • Opt-in full anonymity mode (reports without user identifier, accepted by vessel PIN)
    • Aggregated-only views for fleet managers
    • Automatic redaction of identifying details from report text after 90 days

    Vulnerability Disclosure Policy

    We welcome responsible disclosure of security vulnerabilities.

    How to Report

    Email: team@marinermind.com
    PGP Key: Available on request
    Acknowledge SLA: 48 hours
    Assessment SLA: 7 days

    In Scope

    • marinermind.com and all subdomains
    • MarinerMind mobile app (iOS / Android)
    • API endpoints

    Out of Scope

    • Denial-of-service attacks
    • Social engineering of staff
    • Physical security
    • Third-party services (Clerk, Render, Resend)

    Safe Harbour: Security research conducted in good faith following this policy will not result in legal action from MarinerMind. We will not take legal action against researchers acting in good faith and will acknowledge impactful findings in our changelog (with permission).

    Compliance & Standards

    GDPR (EU 2016/679)

    • Legal basis: Legitimate interest (occupational safety reporting) and performance of contract
    • Data subject rights handled within 30 days (access, rectification, erasure, portability)
    • Data Processing Agreement (DPA) available for enterprise customers on request
    • EU data residency (Frankfurt, Germany)
    • Third-country transfers only via Clerk and Resend (SCCs in place)

    ISM Code (International Safety Management Code)

    • Purpose-built to support ISM Code Chapter 9 compliance (Near-Miss and Incident categories)
    • Report records maintained for ISM-mandated retention period
    • Aggregated trend analytics for management review
    • Audit export functionality for port state control or classification society inspection

    TMSA (Tanker Management and Self-Assessment)

    Supports TMSA 3 Element 7 (Incident Investigation and Analysis) via systematic near-miss capture, cross-vessel trend analysis, and closed/open status tracking per report.

    SOC 2

    We are preparing for SOC 2 Type I certification. Key infrastructure providers hold SOC 2 Type II:

    • Clerk (identity): SOC 2 Type II
    • Render (hosting/database): SOC 2 Type II
    • Resend (email): SOC 2 Type II

    Third-Party Services

    ProviderPurposeData SharedCertifications
    ClerkAuthentication, user managementEmail, name, roleSOC 2 Type II
    RenderPostgreSQL hosting, web hostingAll application dataSOC 2 Type II
    ResendTransactional emailEmail address, invitation contentSOC 2
    ExpoMobile push notificationsDevice push tokens

    We do not use third-party analytics tools that track individual user behaviour. No data is sold to or shared with advertising networks.

    Security Controls Summary

    HTTPS everywhere — enforced
    HSTS — enabled (1-year max-age)
    Authentication via Clerk (SOC 2 Type II)
    Role-based access control — server-side
    MFA support — available for all accounts
    Input validation & sanitization — all endpoints
    Rate limiting — all sensitive endpoints
    SQL injection protection (Prisma ORM)
    Security headers (CSP, X-Frame-Options, HSTS)
    Clerk webhook signature verification (Svix)
    Dependency vulnerability scanning — weekly
    Data encrypted at rest (AES-256, Render)
    Data encrypted in transit (TLS 1.2+)
    EU data residency (Frankfurt)
    GDPR DPA available on request

    Last Security Audit

    Date
    May 2026
    Conducted by
    Internal engineering team with automated tooling
    Scope
    Full codebase — Next.js web application, REST API layer, PostgreSQL schema, Clerk integration, Expo mobile push integration
    Methodology
    Automated multi-agent static analysis + manual code review covering authentication, authorisation, API security, database schema, dependency CVEs, secrets management, and frontend security

    We perform security reviews on every major release and whenever critical dependencies receive security updates.

    For security questions or to request our full security documentation and DPA, contact: team@marinermind.com