Legal · Updated July 2026

Security

Offshore Analytics is a security-conscious platform serving industrial operators, financiers and regulators. This page describes controls currently enabled on the Service. It is maintained by Offshore Analytics and is not an independent certification.

Authentication and access

  • Email + password with strong-password enforcement, plus optional Google sign-in.
  • Password reset via time-limited, single-use recovery links.
  • Role-based access control (admin, analyst, viewer) enforced server-side.
  • Administrative actions are recorded to a tamper-resistant audit log accessible only to workspace admins.

Data protection

  • All data in transit is encrypted with TLS 1.2 or higher.
  • Application data is stored in encrypted Postgres databases.
  • Row-level security policies scope reads and writes to the owning user or authorized role — enforced at the database layer, not just the application.
  • Server-only credentials (service role, third-party API keys) are stored in a managed secrets vault and never exposed to browser code.

Application hardening

  • Input validation on every server function using schema-based parsers.
  • Per-user rate limits on expensive endpoints (report generation, briefing export).
  • Automatic dependency and security scanning on every build.

Reliability

  • Serverless runtime with automatic scaling and DDoS mitigation.
  • Point-in-time database backups.
  • Error monitoring with alerting for regressions.

Responsible disclosure

If you believe you have found a security vulnerability, please email security@offshoreanalytics.io. We will acknowledge receipt within 2 business days and coordinate a fix. Please do not publicly disclose the issue until we have had a reasonable window to remediate.

Compliance roadmap

We are actively working toward SOC 2 Type II. Customer-specific security questionnaires and our current subprocessor list are available on request under NDA.

© 2026 Offshore Analytics · Back to home