Security overview
How Sea.dev protects data for regulated lenders and financial institutions.
Last updated: July 2026
Sea.dev embeds AI into lending workflows. We run inside your environment and keep decisions with your team. On-premises there is no data egress, and we are on a path to the same in the cloud.
Deployment
- Secure cloud (AWS), or
- Single-tenant in your Azure, GCP or AWS account, or
- Fully on-premises
- Single-tenant environments are penetration-tested before go-live
Zero egress
On-premises, no data leaves your environment. In cloud pilots, inference runs on OpenAI, which does not train on data sent through its API; our roadmap is a fully self-hosted deployment with no egress.
Data protection
- AES-256 at rest, TLS 1.3 in transit
- Key management with AWS KMS
- Isolated, encrypted storage per organisation
- Your data is never used for model training
Access & audit
- SSO (Microsoft Azure, SAML 2.0)
- Multi-factor authentication
- Role-based access control & API key management
- Full audit logging of activity
Governance
The system surfaces extractions and exceptions for review; lending decisions always stay with your team. Every correction and rejection is logged, so workflows remain reviewable, measurable and governed.
Compliance & legal
- Processor role; you remain the controller
- GDPR & UK GDPR; EU SCCs and UK IDTA for transfers
- SOC 2 Type I underway (Type II planned)
- DPA available; breach notification without undue delay
Testing & assurance
Independent third-party penetration testing every 3โ6 months, covering cloud and container security (most recent assessment Q2 2026). Certificate available under NDA.
Transparency
Live security posture, policies, sub-processor list and monitoring status are published on our Vanta Trust Center, with SOC 2 and audit reports available under NDA.
Trusted in regulated lending
RNHB, a specialist real-estate lender in the Netherlands, embedded Sea.dev directly into its origination workflow โ grounded in its historical data, cleared against an agreed accuracy threshold before go-live, with every analyst correction logged and the credit decision always staying with an RNHB employee.