Security

Our Security Commitment

Selmorth AI handles sensitive operational data for global shipping organizations. Security is embedded into our platform architecture, development lifecycle, and organizational practices — not added as an afterthought.

Infrastructure Security

Our platform is hosted on enterprise cloud infrastructure with geographically distributed data centers. All environments employ network segmentation, Web Application Firewalls (WAF), DDoS mitigation, and intrusion detection systems. Production and development environments are strictly isolated.

Encryption

• In transit: All data transmitted between clients and our platform uses TLS 1.3 encryption. API endpoints enforce HTTPS with HSTS.
• At rest: Database volumes, backups, and object storage are encrypted using AES-256. Encryption keys are managed through dedicated key management services with automatic rotation.

Access Control

Role-based access control (RBAC) governs platform permissions at the organization, team, and individual level. Multi-factor authentication (MFA) is required for all administrative accounts and available for all user tiers. API access uses scoped tokens with configurable expiration and rate limiting.

Application Security

Our engineering team follows secure development practices including code review, static analysis, dependency scanning, and regular penetration testing by independent third-party assessors. Vulnerabilities are triaged and remediated according to severity-based SLAs.

Monitoring and Incident Response

24/7 security monitoring covers infrastructure logs, application events, and anomalous access patterns. We maintain a documented incident response plan with defined escalation procedures. Enterprise clients receive notification of security incidents affecting their data within 72 hours.

Compliance and Certifications

Selmorth AI maintains compliance with:

• ISO 27001 — Information Security Management
• SOC 2 Type II — Security, Availability, and Confidentiality
• GDPR — General Data Protection Regulation (EU/UK)
• Industry-specific maritime data handling standards

Compliance reports and audit documentation are available to enterprise clients under NDA upon request.

Data Isolation

Multi-tenant architecture ensures strict logical separation between client datasets. Enterprise deployments may opt for dedicated infrastructure with single-tenant isolation for enhanced data sovereignty requirements.

Business Continuity

Automated backups are performed daily with geo-redundant storage. Disaster recovery procedures are tested quarterly with a recovery time objective (RTO) of under 4 hours and recovery point objective (RPO) of under 1 hour for production environments.

Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. Report findings to security@selmorth-ai.com. We commit to acknowledging reports within 48 hours and providing status updates throughout remediation.

Contact

For security inquiries, compliance documentation requests, or to report a concern, contact security@selmorth-ai.com.