Trust Center

Security, compliance, and privacy at ShipScience

Protecting your data is foundational. ShipScience is SOC-2 compliant, provides SSO/RBAC, encryption in transit and at rest, audit trails, and governed retention.

Visit Trust Center Privacy Policy

A collection of flat, colorful icons including a shield with a checkmark, padlock, globe, scales, document, bar chart, arrows, dots, and geometric shapes, all on a light background.

Security-Related Documents

Master Service Agreement (MSA)

DPA & SCCs (available upon request)

Subprocessors (available upon request)

SOC-2 Certification (available upon request)

Answers to common questions.

Do you support SSO?

Yes—We support SSO with common authentication applications.

What encryption standards do you use?

TLS for data in transit; AES‑256 for data at rest. Key management is managed by AWS KMS, all credentials are automatically provisioned within AWS KMS.

Where is data stored?

Data is stored in AWS: us-west-2 and us-east-1.

What’s your SOC 2 status?

ShipScience is SOC-2 Compliant. For a copy of our certification (including details, audit dates and certification types), please contact us.

How do you handle data retention and deletion?

Data retention is managed automatically based on our data retention policy (available upon request), and can be adjusted per client request. Data deletion requests can be made by contacting security@shipscience.com.

Can we get audit logs into our SIEM?

Yes—export is supported; we can schedule regular deliveries.

Do you run third‑party pen tests?

Yes—independent assessments with summarized results available (under NDA).

How do we report a security incident or vulnerability?

Email security@shipscience.com or use the contact form; we’ll respond per our incident SLAs.

Need the full Trust Pack?

Request our DPA, subprocessor list, pen‑test letter, and uptime history.