Security at Yacht Cloud

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security). We enforce HTTPS across our entire website to ensure your information is protected in transit.

Personal data at rest is encrypted using AES-256 encryption. Database backups are encrypted and stored securely with restricted access.

We follow the principle of data minimisation — we only collect and store the data we need to fulfil your charter enquiry and provide our services.

Access to personal data is restricted to authorised personnel on a need-to-know basis. All team members with data access undergo security awareness training.

We implement role-based access controls (RBAC) to ensure that staff can only access the data necessary for their role. Multi-factor authentication (MFA) is required for all administrative access.

Access logs are maintained and regularly reviewed to detect any unauthorised access attempts.

Our website is hosted on enterprise-grade infrastructure with built-in DDoS protection, automated failover, and 99.9% uptime SLAs.

We use a Web Application Firewall (WAF) to protect against common web threats including SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities.

Regular vulnerability scans and security patches are applied promptly to keep our systems up to date.

We are fully committed to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Your data is never sold to third parties. We only share information with charter partners when necessary to fulfil your enquiry, and always with your explicit consent.

We maintain a data processing register and conduct regular Data Protection Impact Assessments (DPIAs) for new processing activities. For full details, please read our Privacy Policy.

Our website is built using modern frameworks with security-first principles. All form inputs are validated and sanitised on both the client and server side to prevent injection attacks.

We implement Content Security Policy (CSP) headers, HTTP Strict Transport Security (HSTS), and other security headers to protect against common browser-based attacks.

Dependencies are regularly audited for known vulnerabilities, and security updates are applied as part of our continuous deployment pipeline.