Loading...
VAOS logoVAOS logo
LoginLogin
  • VAOS App
  • Screenshots
  • Pricing
  • Security
  • Contact
Login Login Start 7-Day Free Trial Start 7-Day Free Trial

Security Measures

Last updated: 01/MAY/2026

Effective date: 01/MAY/2026

This page summarises the technical and organisational measures used by VAOS to protect the platform, customer data and personal data.

This page is intended to provide transparency to users, customers and vendor onboarding teams. It does not disclose sensitive internal security details that could compromise security.

1. Security Approach

VAOS is designed as a professional SaaS platform for maritime audit workflows.

Our security approach focuses on:

  • protecting customer data;
  • preventing unauthorised access;
  • maintaining platform availability and integrity;
  • applying least-privilege principles;
  • monitoring errors and security-relevant events;
  • supporting compliance with GDPR and business customer requirements.

2. Access Control

VAOS applies access control measures such as:

  • user authentication;
  • account-based access;
  • role or permission-based controls, where available;
  • least-privilege access for administrative functions;
  • restricted access to production systems;
  • password protection or secure authentication mechanisms;
  • session management controls.

Users are responsible for keeping credentials confidential and promptly reporting suspected compromise.

3. Infrastructure Security

VAOS may use third-party cloud infrastructure and hosting providers.

Infrastructure security measures may include:

  • managed hosting environments;
  • secure configuration of deployment environments;
  • separation of development and production environments where applicable;
  • environment variable management;
  • restricted access to production credentials;
  • provider-level physical and network security controls.

Specific providers are listed in the Subprocessors page where they process personal data.

4. Encryption

VAOS uses encryption in transit where applicable, including HTTPS/TLS for web traffic.

Encryption at rest depends on the database, storage and infrastructure providers used by VAOS and will be configured according to provider capabilities and business requirements.

5. Logging and Monitoring

VAOS may use logging, monitoring and error tracking tools to:

  • detect errors;
  • troubleshoot issues;
  • monitor availability;
  • investigate suspicious activity;
  • maintain security and reliability.

Logs may include technical identifiers such as IP address, device information, timestamps and error metadata.

Access to logs is restricted to authorised personnel or service providers.

6. Backups and Recovery

VAOS may maintain backups or rely on managed provider backup mechanisms to support recovery from accidental loss, corruption or service disruption.

Backup retention and recovery capabilities depend on the selected infrastructure and database configuration.

Backups are protected through provider security controls and restricted access.

7. Application Security

VAOS aims to apply secure development practices, including:

  • dependency updates;
  • input validation where appropriate;
  • authentication and authorisation checks;
  • protection of sensitive environment variables;
  • secure handling of errors;
  • review of security-relevant code changes;
  • separation of public and protected routes.

8. Data Minimisation

VAOS encourages customers and users to upload only data that is necessary for their audit workflows.

Users should avoid uploading unnecessary personal data, sensitive data or confidential third-party materials unless required for legitimate professional purposes and permitted by law.

9. Personnel and Confidentiality

Access to customer data is limited to authorised persons who need access to provide, secure or support the Services.

Personnel and contractors with access to confidential information are expected to be subject to confidentiality obligations.

10. Incident Response

If VAOS becomes aware of a security incident affecting customer data or personal data, we will investigate and take appropriate steps to contain, mitigate and remediate the issue.

Where legally required, we will notify affected customers or competent authorities in accordance with applicable law and contractual obligations.

Security incidents may be reported to:

vaos@vaos.es

11. Customer Responsibilities

Customers and users are responsible for:

  • using strong and unique passwords;
  • protecting login credentials;
  • limiting access to authorised users;
  • promptly removing users who no longer need access;
  • verifying audit data before relying on it;
  • ensuring uploaded content is lawful and appropriate;
  • reporting suspected security issues.

12. Limitations

No online service can guarantee absolute security.

VAOS continuously aims to improve security, but customers should maintain their own internal controls, backups, review processes and professional verification procedures.

13. Contact

For security questions or reports:

DEEP BRIDGE MARITIME CONSULTING
Email: vaos@vaos.es
Website: https://vaos.es
VAOS logo

A professional workspace for maritime auditors, superintendents and vetting teams.

Subscribe to VAOS updates

Receive important product updates, early access news and maritime audit workflow insights.

Verification loads only after you start filling out the form.

No spam. Unsubscribe anytime.

Copyright © 2026 Deep Bridge Maritime Consulting.

  • Legal Center
  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Contact