Logo

security

What we actually do to protect your data, not what we've put on a slide.

Last reviewed: May 2026

Our risk profile

Pumpd holds names, emails, boat names, and booking history for berth holders and visiting boaters, nothing else. We do not hold special-category data (health, religion, biometrics) and we do not store payment card details. Card data is captured directly by Stripe; we only ever see the booking and the transaction ID. This is a deliberately small data footprint.

Infrastructure

  • EU-hosted, application on Vercel, database on Neon, both with EU-region defaults. No data leaves the UK / EEA unless covered by Standard Contractual Clauses (e.g. Stripe US for payment processing).
  • Encryption in transit. TLS 1.2+ on every connection. HSTS headers prevent downgrade attacks. Certificates auto-renewed via Let's Encrypt.
  • Encryption at rest, database storage is AES-256 encrypted by our infrastructure provider.
  • Daily backups, automated point-in-time recovery on the database, with retention sufficient to recover from any single-day loss.

Application security

  • Passwords stored as bcrypt hashes (cost factor 12). We cannot read your password; password resets generate a fresh token and never reveal the existing one.
  • Two-factor authentication mandatory for platform admins (TOTP, via an authenticator app). Optional for other roles, encouraged for everyone.
  • Rate limiting on sign-in, password reset, and account creation to prevent brute-force and credential-stuffing attacks. Per-IP and per-email lockouts.
  • CSRF / XSS protection via httpOnly + sameSite cookies, strict Content-Security-Policy headers, and React's automatic output escaping.
  • SQL injection protection via parameterised queries (Prisma ORM). No raw query strings constructed from user input.
  • Audit log of every privileged action (booking creation, cancellation, refund, admin sign-in-as, data export, deletion request). Tamper-resistant and queryable by marina operators for their own site.

Payments & PCI

All visitor payments are processed by Stripe, a PCI Level 1 service provider. Pumpd never sees, stores, or transmits payment card numbers, the card form is rendered directly by Stripe's hosted checkout page.

For our customers (marinas), funds settle directly to the marina's bank account via Stripe Connect; Pumpd does not hold or route visitor money.

Access & operations

  • Least privilege, every role (resident, staff, orgadmin, superadmin) sees only what they need. Tenant-scoped queries prevent cross-customer data leakage.
  • Soft-delete by default, residents can be deactivated without losing audit history; full erasure available on request.
  • Support impersonation is logged, when Pumpd staff sign in as a customer to troubleshoot, a sticky red banner is visible to everyone and every action is recorded in the audit log.
  • Error logging with PII scrubbing. We capture stack traces but strip personal identifiers before storage.

Compliance & documentation

  • UK GDPR / Data Protection Act 2018. Berth Living Ltd is registered with the UK Information Commissioner's Office as a data controller.
  • Data Processing Agreement, available on request, included as a schedule of every customer's Master Service Agreement.
  • Sub-processor list, published on our privacy policy. We notify customers before adding new sub-processors.
  • Right of erasure, actioned within 30 days. Berth holders can self-request via their dashboard; marinas can request via support.
  • Data portability, marina operators can export every record we hold for their site as a CSV bundle, on-demand from Settings.

Responsible disclosure

If you find a vulnerability, please report it to hello@pumpd.uk. We respond within two working days, work with you on a fix, and credit responsible reporters in our changelog (with permission).

Want more detail?

For a security questionnaire, DPA, sub-processor list, or anything else not covered here, email hello@pumpd.uk and we'll get back to you within one working day.