Privacy Policy

Last updated: February 2026

1. Who We Are

CrewSafe AI is operated by SVMS Consultancy Limited, a company registered in Scotland (company number SC514512). When we refer to "we", "us", or "our" in this policy, we mean SVMS Consultancy Limited.

If you have questions about this policy or your data, contact us at hello@crewsafe.ai.

2. What Data We Collect

We collect the following categories of personal data:

  • Account information: Email address and password (hashed) when you create an account. Optionally, your job role, vessel type, years of experience, and certifications if you choose to provide them.
  • Usage data: Questions you ask, AI responses generated, saved templates, feedback you provide on answers, and message counts.
  • Payment information: If you subscribe to a paid plan, your payment details are processed directly by Stripe. We do not store your full card details. We receive and store your Stripe customer ID and subscription status.
  • Technical data: IP address, browser type, device type, and approximate location derived from IP address. This is collected automatically when you use the service.
  • Company documents: If you or your team leader upload company-specific safety documents for team licensing, those documents are stored in tenant-isolated storage accessible only to authorised team members.

3. How We Use Your Data

  • To provide the CrewSafe AI service, including generating AI-powered answers to your safety and regulatory questions.
  • To personalise responses based on your profile (job role, vessel type, experience level).
  • To maintain and improve the quality and accuracy of AI responses using anonymised, aggregated usage patterns.
  • To process payments and manage subscriptions.
  • To send service-related communications (account verification, password resets, subscription updates).
  • To send product updates and safety alerts, if you have opted in to marketing emails.
  • To detect and prevent misuse of the service.

4. AI Processing

When you ask a question, your query is sent to third-party AI providers (Google and/or OpenAI) for processing. These providers process your question in order to generate a response. Your questions are not used by these providers to train their models when processed through our API.

We use retrieval-augmented generation (RAG) to search our regulatory database and provide cited answers. Your questions are converted into vector embeddings to enable this search. These embeddings are stored in our database infrastructure.

5. Data Storage and Security

Your data is stored in Supabase (built on PostgreSQL), hosted on infrastructure within the European Union. All data is encrypted in transit using TLS and at rest using AES-256 encryption.

Company-specific documents uploaded via team licensing are stored with strict tenant isolation. Documents uploaded by one organisation are never accessible to users from another organisation.

We implement row-level security policies on all database tables to ensure users can only access their own data.

6. Payment Processing

Payments are processed by Stripe, Inc. When you subscribe to a paid plan, your payment information is collected and processed directly by Stripe in accordance with their privacy policy. We do not have access to your full card number. We receive confirmation of payment status, subscription details, and a customer identifier from Stripe.

7. Data Sharing

We share your personal data only with the following parties, and only as necessary:

  • Google / OpenAI: Your questions are sent for AI processing.
  • Supabase: Database hosting and authentication services.
  • Stripe: Payment processing.
  • Resend: Transactional and marketing email delivery.
  • Coolify: Self-hosted application hosting.

We do not sell your personal data to third parties. We do not share your data with advertisers.

8. Data Retention

We retain your account data and conversation history for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it (for example, payment records for tax purposes, which are retained for 7 years).

Anonymised, aggregated data that cannot be used to identify you may be retained indefinitely for service improvement purposes.

9. Your Rights (GDPR)

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing of your data for certain purposes.
  • Right to withdraw consent: Withdraw consent for marketing communications at any time.

To exercise any of these rights, contact us at hello@crewsafe.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

We use essential cookies required for authentication and session management. These are strictly necessary for the service to function and do not require consent.

We do not use advertising or tracking cookies. We do not use third-party analytics services that place cookies on your device.

11. Offshore and Maritime Considerations

We understand that many users access CrewSafe AI from offshore installations and vessels where connectivity is limited. Our offline mode caches data locally on your device. Locally cached data is stored only on your device and is not transmitted to our servers until you reconnect.

If you are accessing CrewSafe AI from a shared workstation on a vessel or installation, we recommend signing out after each session to protect your account.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email (if you have opted in) or by placing a notice on the service. The "last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

SVMS Consultancy Limited
Company number: SC514512
Email: hello@crewsafe.ai