Security

Architecture & isolation

The SHIP web application talks to a dedicated Ship API over HTTPS. Data is organized per tenant, and application logic is designed so queries and mutations stay scoped to the authenticated user's tenant context.

Authentication & sessions

Users sign in through standard OAuth flows. Session material for calling the API is handled with HttpOnly cookies and server-side routes where applicable, reducing exposure of bearer tokens to client-side scripts. We do not log raw credentials or session secrets.

Encryption & secrets

Traffic between browsers, the Ship API, and integrated services uses TLS in transit. Tenant-provided API keys and similar secrets are stored encrypted at rest using platform-managed keys (bring-your-own-key flows use additional envelope encryption; master encryption material lives only in managed secret stores, never in source control, with separate keys per environment).

Integrations

Connectors are built for least privilege and, where a vendor supports it, read-only access. OAuth tokens and integration credentials are treated as secrets and are not returned or logged in plaintext.

AI providers

Certain features rely on large language model APIs (for example Anthropic). Prompts and responses travel over TLS to the provider under their terms. For how personal data may be involved, see our Privacy Policy.

Audit logging & retention

Security-sensitive actions are recorded in an append-oriented audit trail for tenant accountability and incident review. Retention periods are configurable to balance forensic needs with storage and compliance goals; automated purge jobs apply policies consistently without exposing sensitive payloads in operational logs.

Application hardening

The SHIP web app sends standard security HTTP headers (for example protections against MIME sniffing, cross-origin referrer leakage, and embedding in foreign frames) plus a Content Security Policy in report-only mode while integrations and auth flows are validated—so violations surface without blocking users during rollout. User-visible rich content from untrusted sources is sanitized before rendering.

Secure development

Dependencies are monitored with automated vulnerability scanning in CI. API errors return stable, safe messages to clients rather than raw upstream responses that might leak implementation detail.

Contact

For security disclosures or questions about this overview, email security@shipplatform.ai. For privacy rights and personal data requests, see Privacy Policy or write to privacy@shipplatform.ai.

Enterprise diligence packs (subprocessors, retention summaries, and incident response contacts) can be provided under NDA—reach out via shipplatform.ai.