Sealink

Privacy Policy

How we collect, use, and protect your personal information

Last updated: 22 December 2025

Marine Sealink BV ("Sealink," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you access our website, dashboards, order-tracking pages, or other services (collectively, the "Platform"). It also explains the rights you have under applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Data Controller

Marine Sealink BV
Email: contact@marine-sealink.com

2. What Data We Collect

We collect the following categories of information when you use the Platform:

  1. Account Information – Name, email address, password (hashed), MFA preferences, and role (e.g., seafarer, admin). Collected via Supabase authentication flows.
  2. Order Details – Product URLs or descriptions, quantities, recipient names and emails (for gifts), vessel names, IMO numbers, calling ports, estimated times of arrival, and special instructions submitted via the order form.
  3. Communication Records – Messages exchanged through the in-app Order Message Thread, status updates, support conversations, and email logs (including notification type and delivery status).
  4. Tracking & Dashboard Data – Order IDs, status history, quoted prices, payment links, port selections, and analytics derived from admin dashboards and charts.
  5. Technical & Usage Data – Device/browser information, IP address, session cookies, timestamps, and error logs captured automatically through Next.js/Supabase infrastructure for security and debugging.

3. How We Use Your Data

We process personal data for the following purposes:

  1. Service Delivery – Authenticate users, allow order submissions, quote generation, payment coordination, shipment tracking, and recipient notifications.
  2. Operations & Logistics – Verify vessel itineraries, coordinate procurement with vendors, determine delivery feasibility, and update order status events.
  3. Support & Communications – Respond to questions, send alerts (quotes, payment reminders, status changes, port delays), and maintain a complete audit trail.
  4. Analytics & Reporting – Provide admins with aggregated KPIs (e.g., order volumes, revenue, port activity) to improve service quality and capacity planning.
  5. Security & Compliance – Detect fraud, enforce MFA, maintain server logs, and comply with legal obligations (customs, port authority requests, tax/audit requirements).

4. Legal Bases for Processing

We rely on the following legal bases under GDPR:

  1. Contractual necessity – To provide the Platform, manage orders, deliver goods, and fulfill our agreement with you.
  2. Legitimate interests – To secure the Platform, maintain audit trails, and optimize logistics for seafarers and admins.
  3. Consent – For optional communications (e.g., marketing) or when senders share recipient contact details for tracking links. Senders must ensure the recipient has consented.
  4. Legal obligations – To retain invoices, respond to lawful requests, and comply with customs, tax, or harbor authority requirements.

5. Sharing and Disclosure

We may share data with:

  1. Service Providers – Supabase (hosting, authentication, database), Vercel/Next.js (application hosting), Resend or Mailjet (transactional messaging), and similar vendors who help operate the Platform. These processors are bound by contractual safeguards.
  2. Logistics Partners & Port Agents – Limited order details necessary to procure goods, coordinate delivery, and confirm handover to your vessel.
  3. Payment Processors – When you follow a payment link, the third-party processor receives transaction data subject to its own privacy policy.
  4. Corporate Admins – If your employer or vessel owner provides your access, authorized admins may view your orders, status history, and analytics in the admin dashboard.
  5. Legal Authorities – When required by law or to protect our rights, property, or safety (e.g., responding to customs investigations or court orders).

We do not sell personal information.

6. International Transfers

Our infrastructure may process data in the European Economic Area (EEA) and other jurisdictions. When data leaves the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect your information.

7. Data Retention

  1. Order and account data are retained for as long as you maintain an account and for a reasonable period afterward to handle disputes, audits, or legal obligations (typically 6 years unless law requires longer).
  2. Messaging logs, email delivery logs, and status history are retained to preserve an auditable trail of procurement and delivery actions.
  3. Technical logs may be kept for up to 12 months for security and troubleshooting.
  4. We will delete or anonymize data sooner upon verified request unless retention is legally required.

8. Security Measures

We use technical and organizational safeguards, including:

  1. Supabase authentication with support for optional MFA (TOTP).
  2. Role-based access controls for dashboard and admin areas.
  3. TLS encryption for data in transit and managed storage for data at rest.
  4. Continuous monitoring, audit logging, and least-privilege access policies.

No system is completely secure, so you must protect your login credentials and enable MFA whenever available.

9. Cookies and Similar Technologies

The Platform uses essential cookies or storage tokens to maintain your session, remember authentication state, and secure the dashboard experience. We may also use analytics pixels to monitor performance on aggregated dashboards. You can configure your browser to block cookies, but some features may stop working.

10. Your Rights (GDPR)

Subject to applicable law, you have the right to:

  1. Access the personal data we hold about you.
  2. Request correction of inaccurate or incomplete data.
  3. Request deletion of your data (subject to legal retention requirements).
  4. Object to or restrict processing in certain circumstances.
  5. Request data portability for information you provided to us.
  6. Withdraw consent at any time when processing is based on consent.

To exercise these rights, contact contact@marine-sealink.com. We may need to verify your identity before fulfilling the request.

11. Children's Data

The Platform is not intended for individuals under 18. We do not knowingly collect personal data from children; if you believe we have done so, contact us to delete it.

12. Changes to This Policy

We may update this Privacy Policy to reflect new features (such as expanded tracking, analytics, or integrations) or legal requirements. Material changes will be announced via the Platform or email. Continued use after the effective date constitutes acceptance of the updated policy.

13. Contact

If you have questions or concerns about privacy, contact:

Marine Sealink BV – Privacy Team
Email: contact@marine-sealink.com

You also have the right to lodge a complaint with your local supervisory authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).