CelesteOS Engineering & maintenance software for superyachts

Trust

Credibility belongs in verifiable proof, not claims. This page maps how CelesteOS earns trust at audit, where data lives, and why the product sits alongside your class-approved PMS rather than replacing it.

(a) Cryptographic proof

Every PMS produces records. Few produce proof.

CelesteOS seals every action, every fault, every handover, every signature into a cryptographic receipt. The receipt is independently verifiable by anyone, anywhere, without trusting us. The verifier is open at verifier.celeste7.ai.

Why this matters: ISM Code external audits require objective evidence that the safety management system actually works on board (IMO MSC-MEPC.4/Circ.4). PSC inspectors check planned maintenance records during inspection. Records that can be independently proven authentic remove the question of whether logs were assembled under pressure.

Verify a sample receipt ↗
(b) SOC-2 alignment

Controls aligned. Attestation pending.

CelesteOS operates to SOC-2 control principles: access controls, encryption at rest and in transit, audit logging, vendor due diligence, change management, and incident response.

We have not yet engaged a Type 1 or Type 2 auditor. Independent attestation will follow once pilot operations stabilise and the customer cohort warrants the cost of audit. We do not claim certification we do not hold.

Where a buyer requires specific control evidence before pilot signature, we will share our internal control register and supporting documentation under NDA on request to contact@celeste7.ai.

(c) GDPR + data residency

US-region processing. EU lawful transfer.

CelesteOS data is processed by Supabase Inc. (US region). International data transfer is governed by Standard Contractual Clauses (EU SCCs for EU customers) and the UK International Data Transfer Addendum (for UK customers). All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.

Backups follow Supabase Pro-tier defaults: point-in-time recovery with a seven-day rolling window. Production secrets and signing keys are held outside the application database.

A signed Data Processing Agreement (DPA) listing all sub-processors is available on request to contact@celeste7.ai before pilot signature. EU-region residency, where data must remain inside the EU, is available on request and provisioned on a per-tenant basis (Supabase EU region).

For the full disclosure of categories processed, legal bases, retention periods, and your statutory rights, see the privacy policy.

(d) Maritime regulatory mapping

What CelesteOS provides audit evidence for.

CelesteOS produces audit evidence aligned with the following codes and resolutions:

ISM Code, Section 10 (Maintenance of the Ship and Equipment). Every maintenance record, work order, and defect log is timestamped, attributable, and cryptographically sealed.
ISM Code, Section 11 (Documentation). Append-only ledger means no record can be silently modified after the fact.
MLC 2006, Regulation 2.3 (Hours of Rest). Where hours of rest are recorded in CelesteOS, the receipt provides tamper-evident proof of when entries were made.
IMO Resolution MSC.428(98) (Maritime Cyber Risk Management). CelesteOS's audit trail provides objective evidence of records integrity, relevant to US Coast Guard ISM cyber-risk verification since January 2021.
(e) Positioning vs class society Type Approval

CelesteOS is not a PMS.

It runs alongside your existing PMS and its class approvals. We do not replace your DNV, LR, BV, or ABS Type Approved system. We index it, search it, and seal its outputs.

This is deliberate. Adding CelesteOS does not require re-certifying your PMS, re-training your engineers on a new platform, or migrating any data. Your existing approvals remain intact.