95% faster month-end spreading for SME Capital
Read more
Security

Security for regulated
lending.

Sea.dev runs inside your environment and keeps decisions with your team. On-premises there is no data egress — and we are on a path to the same in the cloud.

SOC 2 Type I (in progress) · GDPR & UK GDPR · Independent pen testing

Built for teams where data control comes first

Three principles shape how we deploy for lenders and financial institutions.

1) On-prem, zero egress

No data leaves your environment

Deployed on-premises or self-hosted, no data leaves your environment. The platform is built to run inside your own infrastructure — you keep the keys and the audit trail.

2) A path off commercial models

From OpenAI today to self-hosted

In cloud pilots, inference runs on OpenAI, which does not train on data sent through its API. Our roadmap is a fully self-hosted deployment, so cloud runs with no egress either.

3) Human-in-the-loop

Decisions stay with your team

Sea.dev surfaces extractions and exceptions for review; it does not make lending decisions. Every correction and rejection is logged, so workflows stay reviewable and governed.

Compliance and assurance

  • Processor role — you remain the controller
  • GDPR & UK GDPR; EU SCCs and UK IDTA for transfers
  • AES-256 at rest, TLS 1.3 in transit, keys in AWS KMS
  • SSO (Azure, SAML 2.0), MFA, role-based access, audit logs
  • Your data is never used for model training
  • DPA available; breach notification without undue delay

RNHB, a specialist real-estate lender in the Netherlands, runs Sea.dev inside its origination workflow — grounded in its historical data and cleared against an agreed accuracy threshold before go-live, with the credit decision staying with an RNHB employee.

Deployment

  • Cloud, in our secure AWS environment
  • Single-tenant in your Azure, GCP, or AWS
  • Fully on-premises

Testing

Independent third-party penetration testing every 3–6 months, covering cloud and container security. Most recent assessment Q2 2026; certificate available under NDA.

Trust Center

SOC 2 Type I is underway (Type II to follow). Live posture, policies, and our sub-processor list are on our Vanta Trust Center, with reports under NDA.

For your security review

Read on this site or download as a PDF for security and procurement teams.

Security one-pager

A single-page summary of our posture, deployment models, and compliance.

Security whitepaper

A detailed overview of deployment, data protection, legal, compliance, and testing.

Run it in your environment

We'll walk your security and procurement teams through deployment, data control, and the path to self-hosting.