Security
Built for data
people answer for.
Decklog holds a newbuild's technical correspondence — the kind of record a yard, an owner and class society rely on years later. Here is how we protect it, stated plainly. We describe what is true today and don't claim certifications we don't yet hold.
Data stays in the EU
Project data and the event record are stored in the European Union (Neon Postgres, eu-central-1), and application functions run in the EU (fra1). Your correspondence does not leave EU jurisdiction in the course of normal operation.
Tenant separation
Every read and write is scoped to your organisation and project: the application opens each database transaction bound to the requesting organisation and filters explicitly by project on every query. The organisation a request can touch is derived from the verified session, never from anything the client or the AI sends. We are also rolling out database-enforced row-level isolation as a second, independent layer; until that layer is live, separation is enforced in the application tier as described.
A tamper-evident record
The event log is append-only — corrections are new events, never edits — and hash-chained per project: each entry carries the hash of the one before it. Altering or removing an entry breaks the chain, and the chain check surfaces the break in your console. The audit trail is the product, so its integrity is a first-class concern.
Access & authentication
- Sign-in is by one-time link to a work email — there are no passwords for us to store or for an attacker to steal.
- Access to project data requires membership of the owning organisation.
- Data is encrypted in transit (TLS) between you, our functions and the database.
AI handling
Decklog uses Anthropic and Voyage AI to read, structure and answer questions about your record. Content sent to these APIs is processed only to provide the service and is not used to train their models under their API terms. AI output is always a draft with its sources shown; anything that leaves your organisation requires a named human to approve it.
Sub-processors
We run on a small, named set of vendors (Neon, Vercel, Anthropic, Voyage AI, AWS SES, Stripe), each processing only what its role requires. The current list and a Data Processing Agreement are in our privacy policy and available to customers on request.
What we don't claim
We are a young product and we hold no formal certifications (SOC 2, ISO 27001) yet. We won't imply otherwise. As our security programme matures — independent audits, the database-enforced isolation layer, formal certifications — we'll say so here, with dates.
Reporting a vulnerability
Found something? Email security@decklog.eu. We read every report, respond quickly, and won't pursue good-faith research that respects our users' data.
This page describes our posture in good faith and is reviewed as the product evolves. For contractual security commitments, see your order form and DPA.