Privacy Policy

Last Updated: 2025-10-24

Effective Date: Platform Production Deployment

1. Introduction

fleetcore ("we", "our", "us") is committed to protecting the privacy and security of your personal and operational data. This Privacy Policy explains how we collect, use, store, and protect data when you use the fleetcore Agentic Maintenance Operating System platform.

2. Data We Collect

2.1 Account Information

• Name, email address, job title
• Organization affiliation
• User role and permissions
• Authentication credentials (securely hashed)

2.2 Operational Data

• Vessel information (IMO number, vessel type, operational status)
• Equipment installations and specifications
• Maintenance schedules and task records
• Working hours tracking data
• Event and incident reports
• File attachments (photos, videos, documents)

2.3 Usage Data

• Login timestamps and IP addresses
• Feature usage patterns
• System performance metrics
• Error logs and diagnostic data

3. How We Use Your Data

3.1 Primary Purposes

• Platform Operation: Provide maritime maintenance management services
• Compliance Tracking: Enable SOLAS/MARPOL/ISM Code compliance monitoring
• Analytics: Generate equipment health scores and operational insights
• Real-Time Monitoring: Deliver live equipment status updates

3.2 Security & Support

• User authentication and authorization
• System security monitoring
• Technical support and troubleshooting
• Platform performance optimization

4. Data Security

4.1 Technical Security Measures

• Row-Level Security (RLS): PostgreSQL RLS ensuring organization-based data isolation
• Multi-Tenant Architecture: Complete data separation between organizations
• Encryption: Data encrypted at rest and in transit (TLS/SSL)
• Authentication: JWT-based secure authentication with Supabase Auth
• Audit Trails: Complete activity logging with user attribution and timestamps

4.2 Access Control

• Role-based access control (RBAC) with granular permissions
• Dual access pattern: System admins (global) + Organization users (isolated)
• Security definer functions preventing policy recursion
• Automatic session timeout and re-authentication requirements

5. Data Retention

5.1 Operational Data

• Active Data: Retained for duration of organization subscription
• Historical Records: Maintenance history retained for regulatory compliance (typically 5-10 years)
• Audit Trails: Complete activity logs retained per organization data retention policy

5.2 Account Termination

• 30-day grace period for data export after account cancellation
• Complete data deletion upon request (Right to Erasure)
• Backup data purged according to backup retention schedule

6. Data Sharing & Third Parties

6.1 No Data Selling

We do not sell, rent, or trade your data to third parties under any circumstances.

6.2 Service Providers

• Supabase (Database & Infrastructure): Secure cloud hosting and database services
• Monitoring & Analytics: System performance and error tracking (anonymized)

6.3 Legal Requirements

We may disclose data when required by law, court order, or regulatory authority, but only to the extent legally required.

7. GDPR Compliance

7.1 Your Rights Under GDPR

• Right to Access: Request copy of your personal and operational data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data
• Right to Data Portability: Export your data in standard formats (CSV, JSON)
• Right to Restrict Processing: Limit how we process your data
• Right to Object: Object to certain data processing activities

7.2 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at: https://fleetcore.ai/contact

8. International Data Transfers

Data is stored on Supabase infrastructure with geographic redundancy. For EU/EEA users, data residency options are available to ensure GDPR compliance.

9. Cookies & Tracking

9.1 Essential Cookies

• Authentication tokens (required for login)
• Session management (required for platform operation)

9.2 Optional Cookies

• Analytics cookies (with explicit consent)
• Performance monitoring (anonymized)

10. Children's Privacy

fleetcore is an enterprise maritime platform not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email to organization administrators. Continued use of the platform after changes constitutes acceptance of updated policy.

🤖 Questions About Privacy?

Ask Our AI Assistant: Get instant answers about data protection, GDPR compliance, and privacy policies.

• "How is my vessel data protected?" - Learn about RLS and organization isolation
• "Is fleetcore GDPR compliant?" - Understand compliance measures
• "Can I export my data?" - Data portability details
• "Where is data stored?" - Server locations and security
• "Who can access my organization's data?" - Access control explanation

AI Available: Click the chat button for immediate privacy and security answers.

12. Contact Information

Privacy Inquiries: https://fleetcore.ai/contact

Data Protection Officer: Available through contact form

General Support: https://fleetcore.ai

13. Enterprise Security & Regulatory Compliance

• GDPR Compliance: Full General Data Protection Regulation (EU) adherence with data portability, right to erasure, and consent management
• Multi-Tenant Isolation: PostgreSQL Row-Level Security ensures complete organization-level data separation
• Encryption Standards: TLS/SSL for data in transit, AES-256 encryption for data at rest
• Access Control: Role-Based Access Control (RBAC) with granular permissions and audit logging
• Data Residency: Compliance with regional data sovereignty requirements
• Security Monitoring: Real-time threat detection and automated incident response
• Audit Trails: Comprehensive logging of all data access and modifications with timestamp and user attribution
• Backup & Recovery: Automated backups with point-in-time recovery capabilities