Maritimemaritime

Privacy Policy

Last updated: May 17, 2026

1. Introduction

Maritime AI, Inc. ("Maritime," "we," "us," or "our") operates the maritime.sh platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

When you create an account, we collect your name, email address, and profile picture as provided by you or your authentication provider.

2.2 Information from Third-Party Authentication Providers

We offer sign-in via Google and GitHub. When you authenticate through these providers, we receive:

  • Your name and email address
  • Your profile picture URL
  • A unique account identifier from the provider

We access only the minimum data necessary to create and maintain your account. We do not request access to your contacts, calendar, drive files, or any other data beyond basic profile information.

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other raw payment credentials on our servers. We retain only a reference identifier for your Stripe customer record.

2.4 Service Usage Data

  • Agent configurations, deployment metadata, and logs
  • API keys and secrets you provide for your agents (stored encrypted)
  • Usage metrics (compute time, resource consumption)

2.5 Automatically Collected Information

  • IP address and approximate geolocation
  • Browser type, operating system, and device information
  • Pages visited and features used within the Service
  • Referring URL and session duration

3. How We Use Your Information

  • Authenticate your identity and maintain your account
  • Provide, operate, and maintain the Service
  • Process billing and send transaction-related communications
  • Send technical notices, security alerts, and support messages
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address fraud, abuse, or technical issues
  • Comply with legal obligations

4. Google User Data

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to your Google account email, name, and profile picture for authentication purposes
  • We do not use Google user data for advertising purposes
  • We do not sell Google user data to third parties
  • We do not use Google user data to build user profiles for advertising or to serve ads
  • We limit our use of Google user data to providing and improving the Service as described in this policy
  • We do not allow humans to read your Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with law, or for our internal operations (and only when data is aggregated and anonymized)

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

  • Service providers: Stripe (payment processing), Railway (hosting), AWS and Hetzner (infrastructure), and Neon (database hosting) — each bound by data processing agreements
  • Legal requirements: When required by law, subpoena, court order, or government request
  • Safety: To protect the rights, property, or safety of Maritime, our users, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted via TLS
  • Sensitive credentials (API keys, secrets) are encrypted at rest using AES-256-GCM
  • Database connections use TLS with certificate verification
  • Authentication tokens are signed and encrypted (JWE/JWS)
  • Access to production systems is restricted to authorized personnel

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data is retained until you delete your account
  • Agent deployment data and logs are retained for the life of the agent plus 30 days after deletion
  • Billing records are retained for 7 years as required by tax and accounting regulations
  • Automatically collected usage data is retained for up to 12 months

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data and account
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data
  • Withdrawal of consent: Revoke consent for data processing at any time

To exercise any of these rights, email us at contact@maritime.sh. We will respond within 30 days. You may also revoke third-party access by disconnecting Maritime from your Google or GitHub account settings at any time.

9. Cookies and Tracking

We use essential cookies required for authentication and session management. We do not use third-party advertising cookies or cross-site tracking technologies. Specifically:

  • Session cookies: Required for authentication (expire when you close your browser or after 30 days)
  • Preference cookies: Store your UI preferences (theme, layout)

10. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. International Data Transfers

Your data may be processed and stored in the United States and other countries where our infrastructure providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last updated" date, and sending a notice to the email address associated with your account. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Maritime AI, Inc.

Email: contact@maritime.sh