Privacy Policy

Last updated: 2025

1. Introduction

This Privacy Policy explains how VesselHQ by Cesare Mannino ("VesselHQ", "we") collects, uses, stores, and protects personal data when using the VesselHQ platform or visiting https://VesselHQ.net.

2. Data We Collect

2.1 Data you provide actively

• Name and surname
• Email address
• Password (securely hashed)
• Organization details
• License information
• Enterprise Request form data

2.2 Automatically collected data

• IP address
• Browser metadata
• Access logs
• Device identifiers

2.3 Crew management data

Organizations may upload operational crew data including certificates, expiration dates, training records and related files.

3. Purpose of Processing

The data are used for:

• Service delivery (account creation, authentication, licensing)
• Security (fraud detection, system integrity)
• Service communication (reset password, invites, notifications)
• Legal compliance under EU law

4. Legal Basis (GDPR)

• Art. 6(1)(b) – performance of a contract
• Art. 6(1)(a) – consent
• Art. 6(1)(f) – legitimate interest (security)

5. Data Retention

• Active accounts → until user deletion
• Crew documents → until removed by organization
• Server logs → 12 months
• Enterprise requests → 24 months

6. Data Sharing and Transfers

Your data may be processed by:

• Railway (Hosting – EU)
• Cloudinary (Media storage – may involve USA transfers)
• Zoho Mail (SMTP – EU)
• Gumroad (License validation)

7. User Rights

You may request access, rectification, deletion, portability, restriction or objection. Email: info-vms@spacetraffic.net

8. Security

VMS Crew implements secure password hashing, HTTPS encryption, access controls and regular backups.

9. Cookies

See our Cookie Policy for details.

10. Updates

This Privacy Policy may be updated. Changes will be published online.