shipshape.vc Data Security & Privacy Overview
At shipshape.vc, the security, privacy, and integrity of your data are our highest priorities. We leverage best-in-class infrastructure, encryption, access control, and operational practices to ensure your data is safe at every stage of its lifecycle.
1. Infrastructure & Data Hosting
We host all application data exclusively on Amazon Web Services (AWS) in the eu-west-2 (London) region.
AWS provides enterprise-grade physical and network security, with data centers certified under international standards including ISO 27001, SOC 2, and GDPR.
For internal document storage — such as user contracts — we use Google Workspace (Google for Business). These documents are stored securely in the cloud. We do not use any additional cloud environments or local storage for customer data.
2. Data Protection & Encryption
All data transmitted through our app is encrypted in transit. We use Cloudflare to secure external traffic, defend against DDoS attacks, and ensure encrypted communication between users and our infrastructure.
The connection between Cloudflare and AWS is also fully encrypted, maintaining protection across the entire data path.
3. Credential & Secrets Management
Sensitive credentials — including database passwords, API keys, and internal service tokens — are securely stored in AWS Secrets Manager. These secrets are:
- Encrypted at rest using AWS Key Management Service (KMS)
- Accessed programmatically at runtime only by authorized services
- Protected by fine-grained IAM policies and auditing
We also use a secure password and secret manager to manage credentials that require manual access. Credentials stored are:
- Accessible only to authorized users on a need-to-know basis
- Shared through secure vault permissions
- Protected by Multi-Factor Authentication (MFA)
This approach eliminates the use of hardcoded secrets and ensures robust credential hygiene.
4. Network Security & Internal Access
Internal access to infrastructure and development tools is restricted through a WireGuard-based VPN, secured with:
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- Device authentication and zero-trust access policies
All internal traffic is end-to-end encrypted, and access is fully auditable via VPN, AWS, and internal system logs.
5. Monitoring, Backups & Resilience
We operate a continuously monitored environment with:
- Automated alerts
- Periodic vulnerability scanning
To ensure data durability and recoverability, we:
- Maintain automated backups
- Retain system logs
We also have a formalized incident response plan to ensure rapid detection, communication, and remediation in the event of a security incident.
6. Development & Release Management
All application code and infrastructure migrations are managed through version control, enabling full traceability and rollback, using automated CI/CD pipelines.
7. User Privacy & Data Requests
We are committed to transparency and user control. Users may request disclosure of any third-party entities with whom their data has been shared.
By choosing shipshape.vc, you gain access to the same security infrastructure trusted by leading organizations worldwide, along with resilient performance and peace of mind.