Skip to main content

Data Security & Privacy Overview

At shipshape.vc, the security, privacy, and integrity of your data are our highest priorities. We leverage best-in-class infrastructure, encryption, access control, and operational practices to ensure your data is safe at every stage of its lifecycle.

1. Infrastructure & Data Hosting

We host all application data exclusively on Amazon Web Services (AWS) in the eu-west-2 (London) region.
AWS provides enterprise-grade physical and network security, with data centers certified under international standards including ISO 27001, SOC 2, and GDPR.

For internal document storage — such as user contracts — we use Google Workspace (Google for Business). These documents are stored securely in the cloud. We do not use any additional cloud environments or local storage for customer data.

2. Data Protection & Encryption

All data transmitted through our app is encrypted in transit. We use Cloudflare to secure external traffic, defend against DDoS attacks, and ensure encrypted communication between users and our infrastructure.

The connection between Cloudflare and AWS is also fully encrypted, maintaining protection across the entire data path.

3. Credential & Secrets Management

Sensitive credentials — including database passwords, API keys, and internal service tokens — are securely stored in AWS Secrets Manager. These secrets are:

  • Encrypted at rest using AWS Key Management Service (KMS)
  • Accessed programmatically at runtime only by authorized services
  • Protected by fine-grained IAM policies and auditing

We also use a secure password and secret manager to manage credentials that require manual access. Credentials stored are:

  • Accessible only to authorized users on a need-to-know basis
  • Shared through secure vault permissions
  • Protected by Multi-Factor Authentication (MFA)

This approach eliminates the use of hardcoded secrets and ensures robust credential hygiene.

4. Network Security & Internal Access

Internal access to infrastructure and development tools is restricted through a WireGuard-based VPN, secured with:

  • Single Sign-On (SSO)
  • Multi-Factor Authentication (MFA)
  • Device authentication and zero-trust access policies

All internal traffic is end-to-end encrypted, and access is fully auditable via VPN, AWS, and internal system logs.

5. Monitoring, Backups & Resilience

We operate a continuously monitored environment with:

  • Automated alerts
  • Periodic vulnerability scanning

To ensure data durability and recoverability, we:

  • Maintain automated backups
  • Retain system logs

We also have a formalized incident response plan to ensure rapid detection, communication, and remediation in the event of a security incident.

6. Development & Release Management

All application code and infrastructure migrations are managed through version control, enabling full traceability and rollback, using automated CI/CD pipelines.

7. User Privacy & Data Requests

We are committed to transparency and user control. Users may request disclosure of any third-party entities with whom their data has been shared.

By choosing shipshape.vc, you gain access to the same security infrastructure trusted by leading organizations worldwide, along with resilient performance and peace of mind.