Privacy Policy

Last updated: 22 April 2026

The Strait Up Maritime platform at straitupmaritime.com (the "Service") is operated by Prime Calibre Limited (Hong Kong), which owns and runs the platform, its technology, and its data infrastructure. Subscriptions are sold by Prime Calibre Pty Ltd (ABN 76 678 167 407, Australia), which is your contracting party and the data processor for your account information. Prime Calibre Limited processes your data as a sub-processor in the course of delivering the Service. This policy describes how we collect, use, and protect your personal information.

1. Information we collect

Account information. When you create an account, we collect your name, email address, and company name. Payment is processed by Stripe — we do not store card numbers.

Usage data. We log which endpoints you access, timestamps, and vessel identifiers (MMSI/IMO) you screen or add to your watchlist. This is used for service delivery, abuse prevention, and usage billing.

Cookies and sessions. We use session cookies to keep you logged in. We do not use third-party tracking cookies or advertising pixels.

Documents. If you upload documents to a vessel record (Starter plan and above), files are stored in encrypted cloud storage and are only accessible to your account. Uploaded documents may contain personal data relating to third parties (e.g., beneficial owners, directors, crew). You are responsible for ensuring you have a lawful basis for providing this data.

2. How we use your information

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Send transactional emails (login links, alert notifications, Dark Fleet Reports)
• Monitor for abuse and enforce our Terms of Service
• Respond to support requests

We do not sell your personal information. We do not use your data for advertising.

3. Data we process about vessels

Our Service processes publicly available maritime data including AIS positions, vessel registries, and international sanctions lists. This data relates to vessels, not individuals, and is sourced from public authorities and open registries.

4. Data sharing and sub-processors

We share personal data only with the following parties, each of which processes data solely for the purpose of delivering the Service:

• Prime Calibre Limited (Hong Kong) — platform operation, data processing, and infrastructure management as sub-processor
• Railway (Singapore) — application hosting, database, and object storage
• Cloudflare (global edge network) — CDN, DNS, and DDoS protection
• Stripe (Australia / US) — payment processing
• Resend (US) — transactional email delivery

We do not share your screening activity, watchlist, or uploaded documents with any other third party.

5. Data residency

Your data is hosted on infrastructure in Singapore (via Railway) and served globally via Cloudflare's edge network. Platform operations are managed by Prime Calibre Limited in Hong Kong. Payment processing is handled by Stripe in Australia and the United States.

6. Data retention

We apply the following retention periods consistently across all our policies:

• Account data (name, email, company) — retained while your account is active. Deleted within 30 days of account termination.
• Usage logs (endpoints accessed, timestamps, vessel IDs screened) — retained for 12 months from creation for abuse prevention and audit purposes, regardless of account status, then deleted.
• Session data (tokens, IP addresses) — retained for the duration of the session plus 30 days, then deleted.
• Uploaded documents — retained until deleted by you, or deleted within 30 days of account termination.
• Payment data — processed and retained by Stripe per their retention policy. We do not store card details.

7. Security

All data is transmitted over TLS 1.2+. Session tokens are cryptographically generated. Uploaded documents are stored in encrypted cloud storage. We use parameterised database queries to prevent injection attacks. Security headers (HSTS, X-Content-Type-Options, X-Frame-Options) are enforced on all responses.

8. Your rights

You may exercise the following rights at any time by emailing [email protected]:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Data portability — request your data in a structured, machine-readable format
• Restriction — request that we limit processing of your data
• Objection — object to processing of your data

You may also delete your account directly from the dashboard settings page. If you are in the UK/EU/EEA, you have additional rights under GDPR — see our Data Processing Agreement for details.

9. Changes

We may update this policy from time to time. We will notify registered users of material changes by email at least 14 days before they take effect.

10. Contact

For privacy questions: [email protected]