Security Policy
Document overview
This document describes Sea-Flux’s security policy and the measures in place to protect the personal information of our users. It covers Sea-Flux’s approach to data collection, transmission, and storage, including the technology platforms and hosting infrastructure used, authentication controls, encryption standards, backup procedures, and the industry certifications held by Sea-Flux’s cloud service providers. The document also outlines the responsibilities of users when accessing the Sea-Flux application, and the steps Sea-Flux will take in the event of a suspected security breach.
Sea-Flux Application
Our commitment to your information security
We maintain a secure process for the collection, transmission, and storage of your personal information.
Sea-Flux suggests that all users keep their browsers up to date to ensure a high level of security is maintained. Old browsers could make it difficult to use modern websites, or could allow malicious websites to read your files, steal passwords, and infect your computer.
Protecting personal information
The Sea-Flux application is designed to hold some personal information, both of registered users, and individuals such as crew (should these modules of Sea-Flux be used by you).
This information, when collected, is held securely using Google Cloud Platform. Cloud based architecture generally offers better redundancy, availability, and scalability.
What platforms are Sea-Flux available on?
- Web, iOS app, Android app for both tablet and mobile.
What Hosting service does Sea-Flux use?
- The web client (which is just static HTML5), is hosted using EAS.
What technology is Sea-Flux built with?
- The code base is written in typescript using the React Native using Expo application services as a build toolset for iOS, Android and the web. Server side functions are built using Google’s Firebase Cloud Platform.
How often is the data backed up?
- Data is backed up at 3am every day.
How is the Authentication and data managed?
- User Authentication is handled using Firebase Authentication. The only method allowed is email and password. Passwords are stored in the Sea-Flux database, but are not accessible by Sea-Flux.
- Data is managed using Cloud Firestore.
To access or change data in Sea-Flux, the user must be authenticated and have the appropriate credentials such as being part of the Licensee account in question and having the specific user permissions required.
Where is the database located?
Sea-Flux data is primarily handled by Google’s data centre in Southeast Australia (Sydney).
- Files and data are stored using Google Cloud Storage.
- Other functions such as regularly scheduled jobs, functions triggered from data changes and a few other specialised requests are handled by Cloud Functions for Firebase.
All four of these services provided have been certified under major privacy and security standards including:
ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3. Please email support@sea-flux.com to request access to these certs & docs.
All requests to load or save data are made over secure connections (HTTPS). In addition to this, the four services listed above also encrypt their data at rest.
For more information see: https://firebase.google.com/support/privacy and https://cloud.google.com/terms/cloud-privacy-notice
Logging In
You can save your login details on your browser, only if your computer is secure, and only ever used by you, and you alone. If this is not the case you MUST use your unique login details that have been provided to you by Sea-Flux, or your allocated administrator – each time you log into the Sea-Flux application.
Security enforcement
You must tell us immediately about any unauthorized access or use of the Sea-Flux application or information collected and maintained by us.
We will investigate any violation of the security of your personal information that we’re told about and if necessary, take action to prevent any further violations.
In the unlikely event that we believe the security of your personal information in our possession or control may have been compromised, we will immediately do all things necessary to contain and manage the potential breach.
Personal Devices
Use of personal devices such as tablets and mobile phones used to access the Sea-Flux application are the responsibility of the customer, and use thereof is governed by the security policies of that organisation.
Contact us
If you are concerned that this information security policy may have been breached or the security of your personal information has been compromised, please email us immediately at support@sea-flux.com.
More information about our policies for protecting your personal information can be found in our terms and conditions and our privacy policy available on our www.sea-flux.com
Review
| Updated | Changes made | Changes made by |
|---|---|---|
| V1 – 13.10.23 | General review, updated Google links | Tai |
| V2 – 07.02.24 | Full review and minor edits including, update to third party software providers. | Tai |
| V3 – 14.10.24 | Update links for Google Firebase | Tai |
| V4 – 18.10.24 | Update link for Sea-Flux website. | Tai |
| V5 – 10.07.25 | Branding update | Tai |
| V6 – 25.07.25 | ISO & SOC information updated for Google | Tai |
| V8 – 30.03.26 | Full review | Tai & Matt |