Privacy Policy
Last updated: June 2026 · What data we collect, why, and your rights.
Shiptionary respects your privacy. This policy explains what personal data we collect, how we use it, who we share it with, and the choices you have. It applies to anyone who uses the Shiptionary website.
1. Data we collect
- Account data: name, email address, role (subscriber, reviewer), password hash (never the plain password).
- Reviewer details (optional): designation, department, CDC/Seafarer ID, passport number, current/last ship, company, years of experience, nationality, profile photo and verification documents that you choose to upload.
- OAuth data: if you sign in with Google or Apple, we receive your name, email, profile picture and a stable subject identifier. We do not receive your social-login password.
- Content you submit: ship/company/port reviews, ship submissions, bookmarks, helpful votes, comments, contact messages.
- Technical data: IP address, browser user-agent, pages visited, timestamps. Stored in our activity log for security and abuse prevention.
- Cookies: a single session cookie to keep you signed in. We do not use third-party advertising cookies.
2. How we use your data
- Operate the Service — render pages, authenticate you, save your reviews and bookmarks.
- Verify reviewer identity and moderate content for accuracy and community guidelines.
- Send transactional emails — email verification codes, password reset codes, notifications about your reviews.
- Investigate abuse, spam, and security incidents.
- Improve the Service — analyse aggregate usage patterns; no profile is built for advertising.
3. Legal basis (GDPR users)
Depending on the action: contractual necessity (running your account), legitimate interest (security, anti-abuse), or consent (optional reviewer profile fields, marketing). You can withdraw consent at any time without affecting the lawfulness of processing already carried out.
4. Who we share data with
- Resend (US/EU email delivery service) — to send the emails described above.
- Hostinger — our hosting provider; processes traffic on our behalf.
- Google & Apple — only if you choose to sign in with them.
- Law enforcement — only when compelled by a valid legal request.
We do not sell or rent personal data, and we don't share it with advertisers or data brokers.
5. Public vs. private fields
Your designation, department and review text are public when attached to a published review (you can post anonymously). Your email, document uploads, IP address are never shown publicly — only authorised admins and managers can see them, and only when needed for verification or moderation.
6. Data retention
- Active accounts: data is kept while your account exists.
- Deleted accounts: profile data is removed within 30 days. Reviews you've posted may be retained as anonymised content unless you ask for them to be deleted.
- Activity logs (IP, user-agent): 12 months, then purged.
- OTP codes: deleted as soon as they're used or expire (10 minutes).
7. Your rights
Subject to applicable law (GDPR, India DPDPA, CCPA), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your account and associated data ("right to be forgotten").
- Export your data in a portable format.
- Object to specific processing (e.g. marketing emails — though we currently don't send any).
- Withdraw consent at any time.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email privacy@shiptionary.com. We respond within 30 days.
8. Security
Passwords are stored as bcrypt hashes. All traffic uses TLS. Verification documents are stored in a non-public directory. Access to personal data is restricted to authorised staff who need it to do their job. No system is perfectly secure, but we treat suspected breaches seriously and will notify affected users within 72 hours of discovering one.
9. International transfers
Our servers are hosted in India. If you access the Service from outside India, your data is transferred to and processed there. By using the Service you consent to this transfer.
10. Children
The Service is not directed to people under 18, and we do not knowingly collect data from them. If you believe a child has signed up, please contact us and we will delete the account.
11. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email or a site banner. The "Last updated" date at the top reflects the most recent revision.
12. Contact
Privacy questions: privacy@shiptionary.com. Data protection officer: dpo@shiptionary.com.
See also: Terms of Service · Takedown Policy · Grievance Redressal.