Security

How we safeguard your data across infrastructure, application, and operations.

Overview

Voyage Risk (a Voyage Manager service) is built with security by design. We follow defense-in-depth practices across hosting, encryption, identity, monitoring, and incident response.

Last updated: 2025-11-14 (UTC)

Hosting & Network

  • Data hosted in reputable cloud providers with regional redundancy.
  • Network segmentation, restricted ingress, and WAF for public endpoints.
  • Automated patching pipeline for OS, runtimes, and container images.

Encryption

  • In transit: TLS 1.2+ for all customer-facing and inter-service traffic.
  • At rest: provider-managed encryption for databases, storage, and backups.
  • Key management via cloud KMS with role-scoped access.

Identity & Access

  • Least-privilege, role-based access for staff; MFA enforced for privileged roles.
  • Production access via audited break-glass procedures only.
  • Customer SSO/SAML/OIDC available on request (roadmap for self-serve).

Data Protection & Backups

  • Automated daily backups with point-in-time restore windows.
  • Data retention aligned to contract and lawful bases (see Privacy Policy).
  • DR procedures tested periodically.

Monitoring & Incident Response

  • Centralized logging, alerting, and anomaly detection.
  • Documented incident playbooks and on-call escalation.
  • Customer notification for notifiable incidents in line with applicable law.

Vulnerability Disclosure

If you believe you’ve found a security vulnerability, please contact us at security@voyagemanager.com. We’ll acknowledge receipt and work with you to resolve the issue. Please avoid public disclosure until we’ve confirmed a fix.

Subprocessors

We use select, security-vetted subprocessors for hosting, email delivery, and telemetry. A current list is available on request and will be published on this page.

Questions

Questions about security? Contact us and our team will respond promptly.