Security

Last updated: 31 May 2026

Encryption

All connections to HullBook use TLS 1.2 or higher. Your data is encrypted at rest in the database using AES-256.

Authentication

Passwords are hashed with bcrypt. Account access requires email verification. Optional two-factor authentication via authenticator app is available in settings.

Payment data

HullBook never stores credit card numbers. Card details are handled directly by Stripe, a PCI-DSS Level 1 certified processor.

Infrastructure

Hosted on Vercel (SOC 2 Type II) with database on Supabase (SOC 2 Type II). Both providers maintain ISO 27001 certified infrastructure.

Backups

The database is backed up daily with point-in-time recovery. Backups are retained for 7 days.

Responsible disclosure

If you discover a security issue, please email security@hullbook.com. We do not pursue legal action against researchers who follow responsible disclosure (give us 90 days to fix before publishing).