Security & data handling.

Vessel operates on US-region cloud infrastructure with TLS in transit, encryption at rest, and role-based access throughout the platform. Passwords are stored as bcrypt hashes. Sessions are signed JWTs with short lifetimes.

Every meaningful record action — logger import, shipment release, hold, or reject — is captured in a tamper-evident audit log, attributable to the acting user. Customer data is logically isolated per organization.

Vessel is on a SOC 2 Type II readiness program. We are happy to share our latest security questionnaire and validation package on request under NDA.

Last updated: 2026 — this page is a summary, not a contract. Customer agreements govern actual obligations.