โ† Back to Security
๐ŸŒŠ sea.devSecurity ยท Whitepaper

Security whitepaper

Deployment, data protection, governance and compliance at Sea.dev.

Last updated: July 2026


Sea.dev provides AI for lending teams, automating document processing, financial spreading and underwriting support. Our customers are regulated lenders and financial institutions. This paper sets out how we deploy, protect and govern their data.

1. Our role

Sea.dev acts as a processor of the data you submit; you remain the controller. The platform runs inside your environment, lending decisions stay with your team, and we work to remove any dependency that moves data outside it.

Three principles apply to every deployment: on-premises with no data egress, a route off commercial models, and human review of every output.

2. Deployment models

We offer three deployment models:

A typical engagement begins with a single-tenant environment in your cloud account, which we then help you move fully in-house; alternatively, we deploy on-premises from the start. You own the infrastructure, the keys and the audit trail throughout.

3. Data egress

On-premises and self-hosted deployments run with no data egress. In cloud pilots, inference currently runs on OpenAI, which does not train on data sent through its API. We treat this as a dependency to remove:

4. Data protection and encryption

5. Identity and access

6. Governance

Sea.dev does not make lending decisions. It reads submitted documents, extracts the key information, checks it across sources to flag inconsistencies, and presents the results and any exceptions to an analyst to review and accept. Every correction and rejection is logged.

RNHB, a specialist real-estate lender in the Netherlands, embedded Sea.dev in its origination workflow. The system was tuned on RNHB's historical data and met an agreed accuracy threshold before go-live; in production, every analyst correction is logged and the credit decision stays with an RNHB employee.

7. Compliance and legal

8. Testing and assurance

9. Sub-processors

We keep a current list of sub-processors, with their function and location, on our Trust Center, and give advance notice of changes. Each sub-processor is bound by terms at least equivalent to those we commit to you.

10. Contact

For a security review, questionnaire, or copies of reports under NDA, contact security@sea.dev. Live status and documentation are on our Vanta Trust Center.

seadotdev Limited, registered in England & Wales โ€” 5th Floor, 1 Dover Place, Ashford, Kent, TN23 1FB, UK ยท US parent company with UK subsidiary. Questions: security@sea.dev. Live status and reports: Vanta Trust Center.