NauticGrid compass logoNauticGridBETA
Back to Legal

Privacy Policy

Last updated: April 25, 2026

1. Who We Are

NauticGrid is a maritime disruption intelligence platform. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it. If you have any questions, contact hello@nauticgrid.xyz.

2. Data We Collect

Information you give us

  • Email address, when you subscribe to the daily brief or create an account.
  • Name and profile image, when you sign in via Google OAuth (provided by Google).
  • Payment details, processed by Stripe. We do not store your card or bank details on our servers. We retain a Stripe customer identifier so we can manage your subscription.

Information collected automatically

  • Authentication data: a session token identifying your signed-in session, stored in an HTTP-only cookie.
  • Server logs: standard access logs (IP address, user agent, timestamp, request path) retained for troubleshooting and abuse detection.

3. How We Use Your Data

  • Deliver the daily brief to your inbox.
  • Authenticate you and keep you signed in.
  • Process subscription payments and manage your billing.
  • Send transactional emails such as magic-link sign-in, receipts, and account notifications.
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations.

We do not sell your personal data. We do not share it with third parties for their own marketing purposes.

4. Legal Basis for Processing (GDPR)

We process personal data on the following legal bases: performance of a contract (delivering the Service you signed up for), legitimate interests (running and improving the Service, preventing abuse), consent (for the daily brief subscription, which you can withdraw at any time), and legal obligation (where required by applicable law).

5. Third-Party Service Providers

We use a small set of trusted vendors to operate the Service. Each vendor processes data only as needed to provide their service to us.

  • Stripe (payment processing). Stripe receives your name, email, billing address, and card details directly. Stripe is the data controller for payment processing.
  • Google (OAuth sign-in). If you sign in with Google, Google shares your name, email, and profile image with us per your Google account's OAuth permissions.
  • Resend (transactional and broadcast email). Resend processes your email address to deliver the daily brief and account emails.
  • Railway (hosting). Railway hosts the web application and Postgres database. Server logs and application data live on Railway-managed infrastructure.
  • Groq (AI summarisation). We send public news article text to Groq for summarisation. We do not send your personal data to Groq.

6. Cookies

NauticGrid uses a single essential cookie to keep you signed in after authentication. It is HTTP-only, SameSite-Lax, and not used for advertising or cross-site tracking. We do not use third-party analytics or advertising cookies.

7. Data Retention

We retain account data for as long as your account is active and for a reasonable period afterwards (typically 24 months) to support reactivation, dispute resolution, and legal obligations. Subscriber emails are retained until you unsubscribe. Server logs are retained for up to 90 days. You can request earlier deletion at any time.

8. Your Rights

Depending on where you reside, you may have the following rights over your personal data:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data.
  • Object to processing or request restriction.
  • Receive your data in a portable format.
  • Withdraw consent for the daily brief at any time via the unsubscribe link in every email.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email hello@nauticgrid.xyz. We will respond within 30 days.

9. International Data Transfers

Our service providers may process your data in countries outside your home jurisdiction, including the United States and the European Union. Where applicable, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

10. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest for the database, and access controls limited to the minimum necessary. No system is perfectly secure; if we discover a breach affecting your data, we will notify you and the relevant authorities as required by law.

11. Children

NauticGrid is intended for business users 18 years and older. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us and we will delete it.

12. Changes to This Policy

We may update this policy as the Service evolves. Material changes will be communicated via email to registered users or via a notice on the Service. The “Last updated” date at the top of this page reflects the most recent version.

13. Contact

Privacy questions, data requests, and complaints can be sent to hello@nauticgrid.xyz.