Privacy Policy

Last updated: March 12, 2026

ArcNautical ("we", "us", "our") operates the ArcNautical maritime intelligence platform at arcnautical.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

Account Information: When you register, we collect your email address, company name, and password (stored as a salted cryptographic hash, never in plaintext).

Usage Data: We collect information about how you use the platform, including voyage queries, fleet configurations, alert settings, and report generation activity. This data is tied to your account and used to provide the service.

API Access Logs: When you use our API, we log request metadata (endpoint, timestamp, IP address) for rate limiting, security monitoring, and service improvement.

Vessel Data: Fleet vessel information (IMO numbers, MMSI, vessel names) that you configure for monitoring. This is operational data necessary to provide alerting and tracking services.

2. How We Use Your Information

• To provide and maintain the ArcNautical platform and its features
• To compute voyage risk scores, fleet assessments, and threat intelligence
• To deliver alerts and webhook notifications you have configured
• To generate PDF reports you have requested
• To send email verification and password reset communications
• To monitor and prevent abuse, fraud, and unauthorized access
• To improve and optimize the platform based on aggregate usage patterns

3. Data Sources

ArcNautical aggregates publicly available maritime intelligence data from sources including:

• GDELT Project (conflict event data)
• IMB Piracy Reporting Centre, ReCAAP, UKMTO (piracy incident data)
• NGA (navigational warnings, world port index)
• OFAC, UN, EU, OpenSanctions (sanctions screening data)
• Open-Meteo (marine weather forecasts)
• GDACS, NOAA NHC (natural disaster events)
• GLEIF (corporate ownership data)
• AIS vessel position data (via licensed AISStream feed)

All external data sources are publicly accessible or used under their respective terms of service.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We may share information only in the following circumstances:

• Webhook Delivery: Alert data is sent to webhook URLs you have explicitly configured.
• Email Delivery: Report emails are sent via our SMTP provider to recipients you have configured.
• Legal Compliance: When required by law, regulation, or valid legal process.

5. Data Security

We implement industry-standard security measures including:

• Passwords hashed with scrypt (N=16384) with random salts
• API keys hashed with SHA-256 before storage
• Session tokens generated with cryptographically secure randomness
• HMAC-SHA256 webhook signature verification
• TLS encryption for all data in transit
• Rate limiting on authentication endpoints
• Per-customer data isolation in the database

6. Data Retention

• Account data: Retained for the lifetime of your account
• Vessel position history: 90 days
• Dark activity events: 1 year
• Chokepoint throughput data: 1 year
• Natural disaster events: 90 days
• Voyage risk score cache: 2 hours
• Session tokens: 7 days from creation

Automated data retention is enforced by a daily cleanup process.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and associated data
• Export your fleet configurations and alert settings
• Withdraw consent for non-essential data processing

To exercise these rights, contact us at [email protected].

8. Cookies

ArcNautical uses only essential browser storage (localStorage) to maintain your session token and application preferences. We do not use third-party tracking cookies. Analytics are privacy-respecting and do not track individual users across sites.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

10. Contact

If you have questions about this Privacy Policy, contact us at:
[email protected]