← Back to home

Privacy Policy

Effective date · March 25, 2026

How we collect, use, and protect your data on the CHIEF maritime platform. Built with GDPR principles from day one.

About CHIEF

CHIEF ("we", "us", "the Platform") is a comprehensive maritime career platform for seafarers. We currently offer CV and profile management, AI-powered certificate scanning (OCR), document expiry tracking, PDF CV export, public career profiles, and an AI career assistant. We are also developing social networking, job board, online learning (LMS), tutor marketplace, and maritime services features. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

Information We Collect

We collect personal data that you provide directly when using the Platform.

Personal Information

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Citizenship / nationality
  • Marital status
  • Height, weight, shoe size, coverall size
  • Profile photo / avatar

Professional Maritime Data

  • Rank and position
  • Certificates and qualifications — name, number, issue date, expiry date, issuing authority, STCW code
  • Sea service history — vessel name, company, rank held, dates
  • Education and training records

Travel Documents

  • Passport details
  • Seaman book details
  • Visa details

Other Information

  • Emergency contacts and next of kin
  • Cover letters and professional notes

How We Use Camera

The Platform uses your device camera exclusively for AI-powered OCR scanning of maritime certificates. When you scan a certificate:

  • The camera captures an image of your physical certificate
  • The image is transmitted securely (HTTPS) to the Anthropic Claude AI API for text extraction
  • The AI extracts structured data: certificate name, number, dates, issuing authority, STCW code
  • Extracted data is returned to the app for your review and confirmation
  • Images are not stored on our servers after processing is complete

The camera is never used for any purpose other than certificate scanning. We do not access your photo library without your explicit action.

Authentication Data

We support three authentication methods:

  • Email + Password — passwords are hashed using bcrypt and never stored in plain text
  • Apple Sign In — we receive and store only your Apple user identifier
  • Google Sign In — we receive and store only your Google user identifier

Session management uses JWT (JSON Web Tokens) stored securely on your device. Tokens expire automatically and are refreshed as needed.

Data Storage & Security

  • All data is stored in a PostgreSQL database on a secured VPS in Europe
  • All connections use HTTPS with TLS 1.2 or higher
  • Avatar images are stored on the server and served via HTTPS
  • Database access is restricted and protected by authentication
  • We implement regular security reviews and updates

Third-Party Services

We use the following third-party services to operate the Platform:

ServicePurposeData Shared
Anthropic (Claude AI)Certificate OCR processingCertificate images (temporary)
SendGridTransactional emailsEmail address
ExpoPush notificationsDevice push token
AppleSign In with AppleApple authentication token
GoogleGoogle Sign InGoogle OAuth token

Data Sharing

We do NOT sell, rent, or trade your personal data to any third party. Your data is shared only with the third-party services listed above, strictly for the purpose of providing app functionality. We do not use your data for advertising or marketing by third parties.

Your Rights (GDPR)

Under the General Data Protection Regulation and applicable data protection laws, you have the following rights:

  • Access — view all your personal data directly in the app
  • Export — download your complete CV as a PDF document at any time
  • Correction — edit any inaccurate data directly in the app
  • Deletion — request account deletion by contacting support@chief.direct
  • Data portability — receive your data in a structured, machine-readable format

We will respond to all data rights requests within 30 days.

Cookies & Storage

The Platform uses minimal local storage on your device:

  • JWT authentication tokens stored in device secure storage
  • User preferences (language selection)

We do not use tracking cookies, advertising cookies, analytics cookies, or any third-party tracking technologies.

Data Retention

Your personal data is retained for as long as your account remains active. When you request account deletion, all associated personal data is permanently removed from our servers. Certificate scan images are never retained — they are discarded immediately after AI processing.

Children's Privacy

The Platform is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If we discover that a user is under 18, we will promptly delete their account and all associated data.

Changes to This Policy

We may update this Privacy Policy from time to time. Users will be notified of material changes via the app. The "Effective date" at the top of this page indicates when this policy was last revised.

Contact

For privacy-related questions, data access requests, or account deletion, contact us at support@chief.direct. For partnerships and business inquiries, see our contact page.