← Back to Platform

Privacy Policy

Last updated: May 21, 2026

Thalassacore Maritime Systems ("we", "our", "us") values the confidentiality of data processed inside our vessel management system. This Privacy Policy details how we collect, store, isolate, and safeguard your organization's records, seafarer personal data, and system logs.

1. Data Categories & Purpose

In operating the Service, Thalassacore processes data under three categories:

Operational Telemetry: Vessel Noon Reports, physical tank metrics, GPS coordinates, weather readings, and machinery running hours. Used to generate fleet KPIs and compliance reports.
Personal Identifiable Information (PII): Seafarer profiles, certificates of competency, appraisal logs, passport/visa numbers, and bank account payroll coordinates. This is processed solely under the instruction of the subscriber entity (Data Controller).
Commercial Information: Voyage estimates, charter party terms, freight bills, and supplier quotations.

2. Data Isolation & Tenancy Hardening

Database Layer Segregation: All transactional tables implement strict row-level filters. Endpoints enforce the tenant's context, preventing SQL exposure or cross-tenant leaks. We undergo periodic database audits to trace and patch logical-physical column drifts.

3. Seafarer Data Governance (GDPR / MLC)

As a maritime platform, we support compliance with the General Data Protection Regulation (GDPR) and maritime labor conventions:

Purpose Limitation: Seafarer details are recorded strictly to audit compliance (e.g. tracking MLC 2006 rest hour thresholds or passport validity).
Access Controls: User permissions can be custom-scaled inside the platform. Crew logs and payroll details are restricted from non-authorized superintendents.
Audit Logging: Database actions regarding crew profiles or salary scales are recorded in the Activity Trail, tracking user, timestamp, and action description.

4. Data Retention & Portability

We retain subscriber data during the active subscription period. If a subscriber terminates their contract, we keep database snapshots for a 90-day grace period, during which the subscriber may export their entire operational history, before it is permanently deleted from our live environments.

5. Integration Integrity

Connecting third-party accounting applications (e.g. Logo Tiger ERP) or marine feeds requires API validation. Integration credentials are encrypted and stored in secure credential storage within the database environment, isolated per tenant.

6. Contact Details

For inquiries regarding data protection policies or seafarer access requests, please reach out to our compliance officer at privacy@thalassacore.com.