Security Policy

Executive Summary

This document outlines the security measures and policies implemented for the Safecube
platform (https://app.safecube.ai) to ensure data integrity, confidentiality, and availability.
Our approach is designed to safeguard our clients' data and maintain compliance with
industry standards.

Architecture Security Overview

The Safecube platform is hosted on Google Cloud Platform (GCP), utilizing Cloudflare for
enhanced security. The architecture includes multiple Kubernetes clusters, ensuring
redundancy and high availability. Access to the platform is restricted to specific entry points,
ensuring only authorized users can gain access.

Data Protection Measures

Data is stored in relational and no-sql databases on GCP (Europe), with daily backups to
ensure data integrity and recovery. Databases are not publicly exposed and are only
accessible from the company’s private network. Sensitive data is encrypted both in transit and
at rest using industry-standard encryption protocols. The platform does not store any
confidential client data, aligning with GDPR requirements.

Access Controls and Authentication

The Safecube platform is deployed on a managed Kubernetes cluster within a private, fully
isolated Google Cloud network, accessible only through Cloudflare. Access to the platform
is controlled via Cloudflare’s OIDC authentication integrated with Keycloak, ensuring that
only authenticated and authorized users can access the system. The development
environment is protected behind Cloudflare’s firewall and is only accessible internally to
authorized developers.

Network Security

The platform is isolated within a private Google Cloud network, with external access managed
through Cloudflare’s Argo Tunnel. Strict firewall rules are applied to control incoming and
outgoing traffic. SSH access is not exposed publicly and is only available through a single
managed entry point provided by GCP, using a secured API/proxy channel controlled by IAM
(Identity and Access Management).

Compliance and Certifications

The Safecube platform complies with relevant data protection regulations, including GDPR.
Regular audits and assessments are conducted to ensure compliance with industry standards
and best practices. The platform adheres to ISO27001 standards for information security
management.

Incident Response Procedures

In the event of a security incident, predefined procedures are in place to quickly identify,
contain, and mitigate threats. Logs are monitored continuously, and anomalies trigger
immediate alerts to the security team.

Regular Security Assessments

The platform undergoes regular security assessments and penetration testing to identify and
address vulnerabilities. Security patches and updates are applied promptly to maintain a
secure environment.
This security policy reflects our commitment to providing a secure and reliable platform for
our clients, ensuring the protection of their data and the integrity of our systems.

Privacy Policy

1. Introduction

SINAY SAS, headquartered at 14 Rue Alfred Kastler, 14000 Caen, France, collects and
processes information, including personal data, in the course of its activities.
Personal data is processed lawfully, fairly, and for explicit and legitimate purposes, with
strict confidentiality and appropriate security measures.

2. Scope and Sources of Data

This policy applies to the websites https://sinay.ai, https://safecube.ai, and all
marketing sites owned by SINAY SAS.

Personal data is obtained from:

• Data provided directly by individuals via contact or sign-up forms.
• Data collected automatically via cookies and similar technologies (subject to
consent where required)

2.1 Data Provided Directly

When a contact or demo request is submitted, or when contact occurs by email, the
following mandatory fields are collected and processed: first name, last name, and
email address. Additional information voluntarily provided may also be processed as
necessary to handle the request.

2.2 Data Collected Automatically

Subject to prior consent, web analytics data relating to browsing activity can be
collected, including pages viewed, session duration, anonymized IP address, and
browser type and version. Cookies and similar technologies enable this collection.

3. Purposes of Processing

Personal data is processed for the following purposes:
• Handling and responding to requests (contact, demo, support).
• Conducting communications by email or telephone related to submitted requests
or relevant services, where appropriate.
• Measuring and improving website performance, detecting errors, and enhancing
user experience (via anonymized analytics).
Processing for purposes incompatible with those stated above is not undertaken.

4. Legal Bases

Processing relies on one or more of the following legal bases:
• Consent (e.g., for non-essential cookies and certain communications).
• Legitimate interests (e.g., responding to inquiries and improving services), where
appropriate and balanced.
• Compliance with legal obligations, where relevant.
Where consent is required, it is obtained via clear affirmative action (e.g., buttons and
checkboxes) and may be withdrawn at any time without affecting the lawfulness of
prior processing.

5. Recipients and Transfers

SINAY SAS acts as data controller. Personal data is processed by SINAY SAS and by
service providers acting under documented instructions.
Personal data is not sold. Personal data is not shared with third parties for purposes
other than those specified in this policy or as required by law.

6. Retention Periods

Personal data is retained only for as long as necessary for the purposes for which it is
processed:
• Contact and prospect data: up to 3 years from the last interaction or as required
by applicable law.
• Cookie and analytics data: retained for the duration necessary to fulfill the stated
purposes and within storage periods configured in the consent management and
analytics tools.
Legal retention obligations may require longer storage.

7. Cookies and Consent Management

To operate the websites and measure their performance, cookies are used. Valid
consent for the use and storage of cookies is obtained and documented via a consent
management platform provided by Digital Data Solutions BV (CookieFirst), Plantage
Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands (https://cookiefirst.com).

Upon visiting the website, a connection is established with CookieFirst’s servers to
record consent preferences. CookieFirst stores a cookie in the browser to apply choices
and document consent. Data is retained until the configured storage period expires or
until deletion is requested, subject to mandatory legal retention.

The legal basis for cookie consent management is Article 6(1)(c) GDPR (compliance
with a legal obligation).

8. Data Processing Agreement

A data processing agreement has been concluded with CookieFirst. This agreement
requires CookieFirst to process personal data solely in accordance with documented
instructions and in compliance with the GDPR.

9. Server Log Files

The website and CookieFirst may automatically collect and store server log data
transmitted by browsers. This may include:
• Consent status and consent withdrawals.
• Anonymized IP address.
• Browser and device information.
• Date and time of visit.
• URL of the page where consent preferences were saved or updated.
• Approximate location of the user saving consent preferences.
• A universally unique identifier (UUID) associated with the visitor who interacted
with the cookie banner.

10. Cookies Used

• Google Analytics: audience measurement and website performance analytics (with
anonymized IP addresses).
• Polylang: language preference management.
Where required, non-essential cookies are activated only after consent.

11. Data Subject Rights

Under applicable data protection laws, data subjects have the following rights, subject to conditions and limitations:
• Right of access to personal data.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure.
• Right to restriction of processing.
• Right to object to processing, including profiling, where applicable.
• Right to data portability, where applicable.
• Right to withdraw consent at any time for processing based on consent.
• Right to lodge a complaint with a competent supervisory authority.
Rights and unsubscribe requests can be addressed to:
• Email: [email protected]
For requests concerning personal data or this policy, the Data Protection Officer can be
contacted at:

• Contact: Yanis SOUAMI, CEO, SINAY

• Email: [email protected]

• Phone: +33 (0)2 50 01 15 50

Responses are provided within statutory time limits.

12. Security

Appropriate technical and organizational measures are implemented to protect
personal data against unauthorized access, alteration, disclosure, or destruction,
proportionate to the risks.

Make your Maritime Activities Smarter and More Sustainable.

© 2024 SINAY SAS - All Right Reserved

Containers
Container TrackingPredictive Analytics Carrier CoverageAlert IntelligenceCollaborative Features
Port & Vessel
Vessel TrackingDemurrage & Detention CalculatorLoad & Stuffing CalculatorPort Intelligence
Platform
PricingLoginSign-upTerms Of ServicesSecurity PolicyContactRoadmap
Head office – Caen, France:
14 rue Alfred Kastler, 14 000 CAEN
Copyright © 2025 Sinay SAS
+33 (0)2 50 01 15 50
[email protected]