Privacy Policy

Last updated April 15, 2026

This Privacy Policy explains how Binnacle AI ("we", "us") collects, uses, and protects your personal information. Binnacle is a maritime crew compliance platform operated by Bluewave Projects.

1. Information we collect

We collect information in three categories:

  • Account data: your name, email, organization name, role, and hashed password when you create an account.
  • Crew and vessel data you upload: names, contact info, Merchant Mariner Credential numbers, TWIC numbers, medical certificate data, drug test results, and uploaded documents related to your crew and vessels. You are the data controller for this information; we process it on your behalf.
  • Usage data: IP address, browser type, pages viewed, timestamps. Used for security, debugging, and product improvement.

2. How we use your information

We use your information to:

  • Provide, maintain, and improve the Binnacle service
  • Query USCG and Federal Register systems on your behalf for credential verification and regulatory updates
  • Send service-related email and SMS notifications (credential expirations, security alerts, account changes)
  • Process payments and manage subscriptions
  • Respond to support requests and investigate security incidents
  • Comply with legal obligations

We do not sell your personal information or use it for advertising.

3. How we share your information

We share information only with:

  • Subprocessors: Vultr (hosting), Anthropic (document classification AI), Resend (email delivery), Twilio (SMS delivery), Stripe (payments). Each subprocessor is bound by contract to protect your data.
  • USCG / Federal Register: we submit credential verification requests on your behalf when you use the relevant features. USCG is a federal agency and handles data according to its own published privacy notices.
  • Legal requirements: when required by law, court order, or to protect rights and safety.

4. Data retention

We retain Customer Data for as long as your account is active. On termination, you have 30 days to export your data before we delete it. Backups are retained for 90 days and then purged.

5. Security

We use industry-standard security measures: TLS 1.2+ for all data in transit, encryption at rest for our database, role-based access control, and regular security audits. We follow the principle of least privilege for employee access. No system is perfectly secure; report suspected vulnerabilities to security@binnacleai.com.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. Email privacy@binnacleai.com to exercise these rights. We respond within 30 days.

California residents (CCPA) and EU/UK residents (GDPR) have additional rights including the right to opt out of the sale of personal information (which we do not do) and the right to lodge a complaint with a supervisory authority.

7. Children

Binnacle is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

8. International data transfers

Binnacle operates on U.S.-based infrastructure. If you access Binnacle from outside the U.S., your data will be transferred to and processed in the U.S. under appropriate safeguards.

9. Changes

We may update this Privacy Policy. Material changes will be announced by email or in-app notification at least 30 days before taking effect.

10. Contact

Questions or concerns: contact us at privacy@binnacleai.com.