โ† Back to Security
๐ŸŒŠ sea.devSecurity ยท One-pager

Security overview

How Sea.dev protects data for regulated lenders and financial institutions.

Last updated: July 2026


Sea.dev embeds AI into lending workflows. We run inside your environment and keep decisions with your team. On-premises there is no data egress, and we are on a path to the same in the cloud.

On-prem, zero egress Human-in-the-loop GDPR & UK GDPR SOC 2 Type I (in progress) Independent pen testing

Deployment

  • Secure cloud (AWS), or
  • Single-tenant in your Azure, GCP or AWS account, or
  • Fully on-premises
  • Single-tenant environments are penetration-tested before go-live

Zero egress

On-premises, no data leaves your environment. In cloud pilots, inference runs on OpenAI, which does not train on data sent through its API; our roadmap is a fully self-hosted deployment with no egress.

Data protection

  • AES-256 at rest, TLS 1.3 in transit
  • Key management with AWS KMS
  • Isolated, encrypted storage per organisation
  • Your data is never used for model training

Access & audit

  • SSO (Microsoft Azure, SAML 2.0)
  • Multi-factor authentication
  • Role-based access control & API key management
  • Full audit logging of activity

Governance

The system surfaces extractions and exceptions for review; lending decisions always stay with your team. Every correction and rejection is logged, so workflows remain reviewable, measurable and governed.

Compliance & legal

  • Processor role; you remain the controller
  • GDPR & UK GDPR; EU SCCs and UK IDTA for transfers
  • SOC 2 Type I underway (Type II planned)
  • DPA available; breach notification without undue delay

Testing & assurance

Independent third-party penetration testing every 3โ€“6 months, covering cloud and container security (most recent assessment Q2 2026). Certificate available under NDA.

Transparency

Live security posture, policies, sub-processor list and monitoring status are published on our Vanta Trust Center, with SOC 2 and audit reports available under NDA.

Trusted in regulated lending

RNHB, a specialist real-estate lender in the Netherlands, embedded Sea.dev directly into its origination workflow โ€” grounded in its historical data, cleared against an agreed accuracy threshold before go-live, with every analyst correction logged and the credit decision always staying with an RNHB employee.

seadotdev Limited, registered in England & Wales โ€” 5th Floor, 1 Dover Place, Ashford, Kent, TN23 1FB, UK ยท US parent company with UK subsidiary. Questions: security@sea.dev. Live status and reports: Vanta Trust Center.