AES-256-GCM
Authenticated encryption for sensitive crew profile fields at rest
Security is not a feature. It is the foundation
Fleet operators trust WaterTight with crew personal data, safety records, contracts, and compliance evidence. We treat that responsibility seriously. Security is designed into the platform from day one with encryption, authentication, and controlled rank-based permissions, and we review it continuously as new modules ship.
Encryption & security standards
TLS / HTTPS
All web and API traffic encrypted in transit
bcrypt
Passwords hashed with industry-standard bcrypt (12 rounds)
MFA & passkeys
TOTP, email OTP, WebAuthn, and backup codes
Rank permissions
Per-module none, read, or write, scoped to rank and vessel
Tenant isolation
Strict company scoping. No cross-organisation data access
Security across every module
WaterTight is a full fleet operations platform, not a single database with one login. Each feature area has its own permission key so you can give people exactly the access their rank requires.
Crew & personal data
The most sensitive information on the platform. Access is tightly gated by rank.
- Crew profiles Encrypted names, contact details, DOB, address, next-of-kin, and identity documents. Only authorised ranks can view
- Certificates & training Qualification records and expiry monitoring with separate permissions for requests vs administration
- HR, leave & conduct Crew see their own record; HR administration permission required for fleet-wide records
- Contracts & SEAs Employment agreements and e-signatures limited to ranks with contracts access
- Availability & overtime Scheduling and callback records scoped to permitted ranks and assigned vessels
Safety & compliance
Separate who can report, who can review, and who can configure the safety system.
- Incidents Authorised ranks can report; a dedicated review permission is required to triage and close fleet-wide
- Drills & exercises Record completion onboard; configuration permission for drill types, schedules, and templates
- SMS documents & checklists Read access to complete checklists; separate manage permission to edit SMS and checklist structure
- Safety suggestions Vessel safety officers triage onboard; fleet superintendents handle escalations
- PTW, risk & inspections Operational safety workflows inherit rank and vessel scoping throughout
Logbooks, work-rest & port documentation
Official records with separate write and lock permissions.
- Deck & engine logbooks Watchkeepers enter readings; lock permission reserved for Master or Chief Engineer to seal days
- Work & rest hours STCW/MLC compliance data visible only to authorised ranks on assigned vessels
- Port documentation & FAL Crew manifest data drawn from encrypted profiles under strict access control
- Daily reports & familiarisation Vessel-scoped operational records with separate oversight permissions
Maintenance, stores & technical
Technical data and inventory separated from general crew access.
- Planned maintenance Engineers execute jobs; manage permission for creation and approval; ad-hoc permission for one-off work
- LOLER & lifting equipment Dedicated permission for register and inspection records
- Medical, paint & inventory Vessel stores access separate from administration and period locks
- Fuel & equipment register Technical modules gated behind maintenance and vessel permissions
Procurement, cargo & commercial
Financial and commercial workflows use approval tiers.
- Procurement Crew raise requisitions; approve permission for sign-off; manage permission for full administration
- Cargo operations Separate permissions for voyages, IMSBC/IMDG compliance, and configuration
- Catering & galley Daily operations vs manage permission for budgets, period locks, and corrections
Fleet administration & communications
Configuration and messaging powers limited to office and senior ranks.
- Ranks & permissions Only authorised ranks can view or edit the permission matrix for other roles
- Company profile & retention Retention policies control how long operational and HR records are kept
- Fleet management gate Cross-vessel navigation and oversight modules require explicit fleet permission
- Messaging & fleet notices Departmental threads with separate manage permission for routing and configuration
- Vessels & port contacts Vessel configuration and port directory administration separated from everyday access
Why security matters to us
Maritime software sits at the intersection of personal data, commercial operations, and regulatory evidence. A breach or leak does not just inconvenience IT; it can affect crew welfare, contractual disputes, and port-state inspections. We build WaterTight assuming adversarial networks, shared devices on board, and high turnover in crew accounts. Every design decision is weighed against: who can see this, how is it protected, and what happens if a device is lost at sea.
Controlled rank-based permissions
Every dashboard module (more than fifty distinct permission keys) is controlled per crew rank at none, read, or write level. A cadet, AB, DPA, and company admin do not see the same platform: each rank’s permission profile defines exactly which menus appear and which API calls succeed. Permissions are enforced on every request, not just hidden in the user interface. Company-wide ranks can access all vessels; team-scoped ranks are limited to assigned vessels when on duty. Off-duty accounts cannot pull vessel data. When someone covers a position, on-duty rank can temporarily elevate permissions. Sensitive actions (approving purchases, closing incidents, locking logbooks, or editing permissions) each require their own explicit grant.
Encryption at rest
Sensitive crew profile data (names, contact details, dates of birth, addresses, next-of-kin, identity documents, and similar fields) is encrypted before it is written to the database using AES-256-GCM with a unique initialization vector per value. Encryption keys are held outside the application in a dedicated secrets vault and are required in production. Email lookups use one-way SHA-256 hashing so plaintext emails are not stored for indexing.
Encryption in transit
All access to the WaterTight dashboard and API is over HTTPS with modern TLS. Production traffic is terminated at our edge with hardened HTTP security headers including HSTS and frame protection. Certificate and document uploads use signed, time-limited URLs to secure object storage rather than exposing raw file paths.
Authentication & account protection
User passwords are never stored in plaintext; they are hashed with bcrypt at 12 salt rounds. Multi-factor authentication is supported via authenticator apps (TOTP), email one-time codes, WebAuthn passkeys, and one-time backup codes. MFA secrets are encrypted at rest. Companies can require MFA by role so masters, DPAs, and office admins can be held to a higher bar than read-only accounts.
Infrastructure & operational security
Production runs on enterprise-grade Google Cloud infrastructure in the EU. Application secrets and encryption keys are stored in a dedicated secrets vault, never embedded in application code or container images. Database backups are encrypted and retained in secure object storage. We minimise attack surface with a single controlled API entry point, staged deployments, and production hardening that avoids leaking internal detail in error responses.
How we work day to day
Security is part of every release, not a yearly checkbox. We use dependency scanning, staged deployments before production, separate staging and production environments, and internal validation tooling to catch regressions. If you have specific requirements (MFA enforcement, data residency questions, or security questionnaires for procurement), contact us at hello@watertight.app and we will respond with detail appropriate to your fleet.
Questions about our security?
We are happy to answer procurement questionnaires, DPA reviews, and technical security enquiries.