Privacy Policy

Last updated: 1 June 2026 · Governing law: GDPR (EU) 2016/679

1. Who We Are

NaviCast Eco ("we", "our", "the Company") is a B2B maritime SaaS platform providing real-time vessel speed monitoring and EU ETS compliance alerting. We are subject to the General Data Protection Regulation (GDPR) (EU) 2016/679.

Data Controller contact: youssef.ayadi1752011@gmail.com

2. Data We Collect

Account & contact data
Email address and company name on registration. Telegram usernames entered for pilot alerts. Legal basis: contract performance (Art. 6(1)(b) GDPR).
Vessel data
IMO numbers, MMSI numbers, vessel names, and eco-speed targets you enter. Legal basis: contract performance.
AIS position data
Real-time vessel speed, latitude, longitude, and heading sourced from the public AIS stream via aisstream.io. This is public maritime data broadcast by vessels under SOLAS requirements. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
Alert & notification logs
Records of Telegram alerts sent, delivery timestamps, and Telegram message IDs. Legal basis: contract performance.
Billing data
Subscription plan and Stripe customer ID. Card numbers are never stored by us — all payment processing is handled by Stripe, Inc. Legal basis: contract performance.
Usage & server logs
IP addresses, browser type, and request timestamps. Retained for 90 days. Legal basis: legitimate interests in security.

3. How We Use Your Data

We do not sell your data. We do not use your data for advertising.

4. Telegram Bot Messaging

Speed alerts are delivered via Telegram Bot API. By registering a Telegram username, you consent to receive transactional alert messages. You can opt out at any time by removing the bot or by emailing us.

Message frequency depends on vessel activity. Standard carrier rates may apply.

5. Data Retention

Data typeRetention period
Account & contact dataUntil deletion request + 30 days
Vessel configuration dataUntil deleted by user or account termination
AIS position history12 months rolling
Alert / notification logs24 months
Trial registrations14 days after trial expires
Billing records7 years (EU VAT law requirement)
Server access logs90 days

6. Third-Party Processors

Supabase (PostgreSQL)
Database and authentication · EU (AWS Frankfurt)
Privacy policy ↗
Telegram Messenger Inc.
Pilot alert delivery via Telegram Bot API · USA/EU — SCCs in place
Privacy policy ↗
aisstream.io
Public AIS vessel position stream · EU
Privacy policy ↗
Vercel, Inc.
Application hosting and CDN · USA/EU — SCCs in place
Privacy policy ↗

7. Your GDPR Rights

You have the following rights under GDPR. Email youssef.ayadi1752011@gmail.com — we respond within 30 days.

Access
Request a copy of all personal data we hold about you.
Rectification
Request correction of inaccurate or incomplete data.
Erasure
Request deletion of your personal data ("right to be forgotten").
Portability
Receive your data in JSON/CSV format.
Object
Object to processing based on legitimate interests.
Restrict processing
Request that we limit how we use your data.

You may also lodge a complaint with your national data protection authority. Find yours at edpb.europa.eu.

8. Cookies

NaviCast Eco uses only strictly necessary session cookies for authentication. No tracking cookies, analytics cookies, or advertising cookies are used.

9. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API endpoints are rate-limited. Access to production databases is restricted to authorised personnel via role-based access control.

10. Changes to This Policy

We will notify registered users by email at least 14 days before material changes take effect. The current version is always at navicast-eco-git.vercel.app/privacy.

11. Contact

Privacy requests or questions: youssef.ayadi1752011@gmail.com