VesselIQTerms of Service

Privacy Policy

Effective date: 6 April 2026

1. Who We Are

VesselIQ (“we”, “us”, “our”) operates the VesselIQ platform at vesseliq.app — a systems documentation and handover management tool for the superyacht and commercial marine industry. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK GDPR, EU GDPR (Regulation 2016/679), and applicable maritime regulations.

For all privacy enquiries, contact us at: hello@vesseliq.app

2. Data We Collect

Account data

When you create an account we collect your email address and any display name you provide. We do not collect payment card details directly — billing (if applicable) is handled by a PCI-DSS compliant payment processor.

Vessel and equipment data

You may upload documentation, photographs, service records, and technical specifications relating to vessels and onboard systems. This data is yours. We process it only to provide the platform service.

Crew and personnel data

Handover notes and service logs may include names of crew members (outgoing/incoming crew, service technicians). This constitutes personal data under GDPR. You are responsible as Data Controller for ensuring crew members are informed that their names may appear in vessel records held on VesselIQ.

Usage and technical data

We collect IP addresses, browser type, pages visited, and session duration for security monitoring, rate limiting, and platform improvement. This data is stored in our audit log and retained for 90 days.

Uploaded files

Documents, images, and Excel files you upload are stored encrypted at rest in Supabase Storage (hosted on AWS). Files are accessible only to authenticated users with access to the relevant vessel.

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract performance — to provide the VesselIQ platform service you have signed up for.
  • Legitimate interests — for security monitoring, fraud prevention, platform improvement, and audit logging.
  • Legal obligation — where required by applicable law, including maritime safety regulations.
  • Consent — for optional communications such as product updates and newsletters.

4. Maritime Regulatory Context

VesselIQ is designed to support compliance with documentation requirements under several maritime frameworks. Where your use of VesselIQ forms part of a Safety Management System (SMS), you should be aware of the following:

  • ISM Code (International Safety Management Code) — Records created in VesselIQ may form part of your vessel's SMS documentation. These records should be retained in accordance with your flag state's ISM requirements, typically a minimum of 3 years.
  • MLC 2006 (Maritime Labour Convention) — If crew records are stored in VesselIQ, you must ensure compliance with MLC requirements regarding seafarer data privacy, retention, and access rights.
  • MCA / Flag State Requirements — UK-flagged vessels operating under MCA oversight should ensure that records held in VesselIQ satisfy the relevant Code of Practice or class requirements for technical documentation.
  • SOLAS Chapter IX — For vessels subject to SOLAS, VesselIQ records may supplement (but do not replace) mandatory hard-copy documentation required to be kept onboard.

VesselIQ is a documentation tool. It does not constitute a certified Safety Management System and does not provide legal or regulatory compliance advice. Operators remain solely responsible for regulatory compliance.

5. How We Share Your Data

We do not sell personal data. We share data only with:

  • Supabase — database, authentication, and file storage provider (EU/US data centres).
  • Anthropic — AI processing for the equipment import and chat features. Only vessel equipment data (not personal data) is sent to Anthropic's API.
  • Vercel — hosting and content delivery network.
  • Law enforcement — where required by a valid legal order.

All third-party providers are subject to data processing agreements compliant with GDPR Article 28.

6. Data Retention

  • Account data — retained for the life of your account, then deleted within 30 days of account closure.
  • Vessel and equipment records — retained until you delete them or close your account.
  • Audit logs — retained for 90 days then automatically purged.
  • Security logs (rate limiting, IP data) — retained for 24 hours in memory only.
  • Backups — retained for 7 days on Supabase's managed backup system.

7. Your Rights

Under UK/EU GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate personal data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — ask us to restrict processing of your data in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time, for processing based on consent.

To exercise any of these rights, email hello@vesseliq.app. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We implement technical and organisational security measures including: end-to-end encryption in transit (TLS 1.2+), encryption at rest, two-factor authentication, role-based access controls, rate limiting on all API endpoints, automated vulnerability scanning, and immutable audit logging of all material data operations. For details, see our Security Policy.

9. Cookies

VesselIQ uses only essential cookies required for authentication (HTTP-only session cookies set by Supabase Auth). We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.

10. International Transfers

Your data may be processed in the United States (Supabase, Anthropic, Vercel infrastructure). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days before they take effect. Continued use of VesselIQ after the effective date constitutes acceptance of the updated policy.

12. Contact

VesselIQ
Email: hello@vesseliq.app
Website: vesseliq.app