Standard security practices designed to protect your listings while keeping operations simple and costs reasonable.
Security doesn't have to be complicated. Here's what we do to protect your data and keep your listings accessible when you need them.
Our infrastructure is designed for reliable availability. When you need to publish or update listings, the API responds. We target 99.9% uptime measured monthly.
API access requires authentication and can be restricted to specific IP addresses. You decide who can access your listings and from where.
Daily automated backups with 30-day retention. In the event of data loss, we can restore from the most recent backup (typically within 24 hours).
These are the standard security practices we've implemented. No technology is 100% secure, but these measures reduce risk to acceptable levels for most yacht brokerage businesses.
What it means: Data sent between your system and ours is encrypted using TLS 1.2+. Data stored in our databases is encrypted using AES-256. This makes it difficult for unauthorized parties to read intercepted or stolen data.
Limitation: Encryption protects data in transit and storage, but doesn't prevent access by someone with valid credentials. Protect your API keys accordingly.
What it means: All API access requires a valid token. Optionally, you can restrict access to specific IP addresses only. This prevents unauthorized systems from connecting to your account.
Your responsibility: Keep your API tokens confidential. If a token is compromised, regenerate it immediately via your dashboard. IP whitelisting is optional but recommended.
What it means: Listing data and account information are backed up daily. Backups are retained for 30 days. If data is lost due to system failure, we can restore from backup.
Limitation: Backups are not real-time. You may lose up to 24 hours of changes. We recommend maintaining your own copies of critical listing data.
What it means: API requests are logged for 90 days. This helps us identify unusual access patterns or unauthorized attempts. Logs are available to you via your dashboard.
Your responsibility: Review your API logs periodically. If you see requests from unfamiliar IP addresses or unusual activity, contact support immediately.
What it means: We use Cloudflare to help protect against distributed denial-of-service (DDoS) attacks. Rate limiting prevents any single source from overwhelming the API.
Limitation: Rate limits apply to all users. If you accidentally exceed them, you'll receive HTTP 429 errors. Contact support if you need higher limits.
Industry ownership means different incentives than commercial platforms.
Because GYBN is industry-owned (not venture-backed), we don't have investor pressure to monetize your data. The broker governance committee can audit data usage at any time.
View current third-party platforms: See the full list of approved platforms receiving listing data at any time via your dashboard.
We follow established security and data protection frameworks.
What this means: We comply with data protection regulations for processing personal data of EU and UK residents.
Your obligation: As the data controller, you must obtain proper consent from vessel owners before submitting their personal information. We provide a Data Processing Addendum (DPA) outlining our responsibilities.
Current status: We use industry-standard security practices and infrastructure.
Planned certifications: SOC 2 Type II audit scheduled for consideration in 2026. Third-party security assessments planned to begin Q1 2026.
We'll update this page as certifications are completed and verified.
No system is perfect. Here's what to expect if security incidents occur.
Our commitment: We'll notify you within 72 hours if we discover unauthorized access to your listing data or account information.
What we'll tell you: What data was affected, when the breach was discovered, what steps we're taking, and what you should do.
Contact for breach reporting: security@globalyachtbrokers.net
Uptime target: 99.9% measured monthly (allows for approximately 45 minutes of downtime per month).
Notification: Status updates planned at status.globalyachtbrokers.net. Scheduled maintenance announced 72 hours in advance.
Service credits: If we fail to meet 99.9% uptime, you're eligible for credits ranging from 10% to 50% of your monthly fee. See SLA for details.
Backup recovery: Daily backups retained for 30 days. Recovery time typically within 24 hours of incident report.
Limitation: You may lose up to 24 hours of changes between the last backup and the incident.
Best practice: Maintain your own backup copies of critical listing data. Don't rely solely on our backups.
We're here to answer questions about our security practices and help you protect your account.
For questions about our security measures, compliance, or data handling:
security@globalyachtbrokers.net
Response time: 1-2 business days
If you've discovered a vulnerability or suspect unauthorized access:
security@globalyachtbrokers.net
Security reports reviewed daily