Privacy Policy

Last updated: February 17, 2026

Thalassacore Maritime Systems ("we", "our", "us") operates the Thalassacore vessel management platform. This policy explains how we collect, use, store, and protect your personal data when you use our services.

1. Information We Collect

Account Information

When you register for a trial or create an account, we collect:

• Full name and email address
• Company name
• Password (stored as a one-way hash, never in plain text)

Operational Data

Data you enter into the platform during normal use, including but not limited to:

• Vessel information, voyage records, and port call data
• Crew records, certificates, and employment contracts
• Maintenance schedules, work orders, and equipment logs
• Financial records such as purchase requisitions and invoices
• Safety observations, incidents, and audit records

Usage Data

We automatically collect technical information such as IP address, browser type, access times, and pages viewed to improve our service.

Contact Form Data

When you use our contact form, we collect your name, email address, and message content to respond to your inquiry.

2. How We Use Your Data

We use your information to:

• Provide, maintain, and improve the Thalassacore platform
• Authenticate your identity and manage your account
• Process your operational data as instructed by you
• Send essential service notifications (account, security, billing)
• Respond to your support requests and inquiries
• Detect and prevent fraud, abuse, and security threats

3. Multi-Tenant Data Isolation

Thalassacore is a multi-tenant platform. Each organization's data is logically isolated through tenant-scoped access controls and row-level security. No tenant can access another tenant's data.

4. Data Storage & Security

Your data is stored on Microsoft Azure infrastructure with the following protections:

• Encrypted at rest and in transit (TLS 1.2+)
• Role-based access controls with attribute-based policy enforcement
• Regular automated backups with point-in-time recovery capability
• Audit logging of all administrative and security-relevant actions

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Trial accounts that are not converted may be automatically purged after 90 days. Upon account deletion, your data is removed within 30 days, except where retention is required by law.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the data we hold about you
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests

To exercise any of these rights, contact us at admin@thalassacore.com.

7. Cookies

Thalassacore uses essential cookies and local storage for authentication (JWT tokens) and user preferences. We do not use third-party tracking cookies or analytics services.

8. Third-Party Services

We may use the following third-party services to operate the platform:

• Microsoft Azure: Cloud hosting and database services
• Google Workspace SMTP: Transactional email delivery
• GitHub: Source code hosting and CI/CD deployment

These providers process data on our behalf and are bound by their own privacy policies.

9. Children's Privacy

Thalassacore is a business-to-business platform. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy-related questions or requests: