SAIL ATLAS - PRIVACY POLICY

Last updated December 17, 2024

This Privacy Notice for HeyAtlas.ai LLC (doing business as Sail Atlas) ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

Visit our website at https://www.sailatlas.app, or any website of ours that links to this Privacy Notice
Download and use our mobile application (Sail Atlas), or any other application of ours that links to this Privacy Notice
Use Sail Atlas. Sail Atlas is a comprehensive software platform, helping charter companies to amaze their customers, grow their revenue and save time and money.
Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@sailatlas.app.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process sensitive personal information when necessary, with your consent or as otherwise permitted by applicable law.

Do we collect any information from third parties? We may access information from your Google Drive when you explicitly authorize us to import files for our charter management services.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, including secure cloud storage providers like AWS S3 and analytics services like Microsoft Clarity.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information, including encryption and secure cloud storage.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

WHAT INFORMATION DO WE COLLECT?
HOW DO WE PROCESS YOUR INFORMATION?
WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
HOW LONG DO WE KEEP YOUR INFORMATION?
HOW DO WE KEEP YOUR INFORMATION SAFE?
DO WE COLLECT INFORMATION FROM MINORS?
WHAT ARE YOUR PRIVACY RIGHTS?
CONTROLS FOR DO-NOT-TRACK FEATURES
DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
DO WE MAKE UPDATES TO THIS NOTICE?
HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Names
Phone numbers
Email addresses
Mailing addresses
Job titles
Usernames
Passwords
Contact preferences
Contact or authentication data
Billing addresses
Debit/credit card numbers
Identification numbers
Date of birth
Gender

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

Passport numbers
Birth dates
Gender

Google Drive Files and Documents

When you authorize us to access your Google Drive:

We access only the specific files you choose to import into our platform
We download and store these files securely in our AWS S3 cloud infrastructure
We process document content to provide charter management services
We maintain file metadata necessary for organizing and managing your documents within our platform

Important: We never access your Google Drive files without your explicit consent and selection. You have full control over which files are imported.

Microsoft Clarity Analytics

Website Analytics and User Experience: We use Microsoft Clarity to better understand how users interact with our website. Microsoft Clarity automatically collects:

Session recordings showing how you navigate our website (mouse movements, clicks, scrolls)
Heatmaps showing where users click and how they interact with page elements
Technical information such as browser type, device type, and screen resolution
Website performance data and user behavior analytics

Important: Microsoft Clarity does not collect personally identifiable information. All data is processed in accordance with Microsoft's privacy policies. You can learn more about Microsoft Clarity's privacy practices at https://privacy.microsoft.com/privacystatement.

Opt-out: You can opt out of Microsoft Clarity by visiting https://clarity.microsoft.com/terms and following their opt-out instructions.

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts
To deliver and facilitate delivery of services to the user
To respond to user inquiries/offer support to users
To send administrative information to you
To fulfill and manage your orders
To enable user-to-user communications
To request feedback
To protect our Services
To identify usage trends
To save or protect an individual's vital interest
To import and manage files from Google Drive: When you authorize access to your Google Drive, we import selected files to our platform and store them securely in AWS S3 to provide charter management services
To provide cloud-based file management: We store and process your uploaded files (including those from Google Drive) to enable document management, sharing, and collaboration features within our platform
To analyze website usage: We use Microsoft Clarity to understand how users interact with our website to improve user experience and optimize our services

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases:

Consent. We may process your information if you have given us permission to use your personal information for a specific purpose, including accessing your Google Drive files.
Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you.
Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests.
Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.
Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
When we use Google Drive APIs. We access your Google Drive files only with your explicit authorization to import selected documents into our platform for charter management services.
Cloud Storage Providers. We store your files (including those imported from Google Drive) with Amazon Web Services (AWS) S3, which provides secure cloud storage infrastructure for our platform.
Analytics Services. We share anonymous usage data with Microsoft Clarity to analyze website performance and user experience. This data does not include personally identifiable information.
Service Providers. We may share your information with third-party service providers who perform services on our behalf, such as hosting, analytics, and customer support. These providers are bound by contractual obligations to keep your information confidential and secure.

Google User Data Usage and Compliance

Google Drive Integration: When you authorize our application to access your Google Drive, we use this access solely to:

Import files from your Google Drive that you specifically select for use in our platform
Transfer these files to our secure cloud storage (AWS S3) to provide our charter management services
Process and manage these files within the Sail Atlas platform as part of our core functionality

Important: We access Google user data only with your explicit consent and use such data solely to provide and improve our application's functionality. We do not:

Sell, transfer, or use Google user data for advertising purposes
Share Google user data with data brokers or advertising platforms
Use Google user data for credit-worthiness determinations
Access or store any Google Drive files without your explicit selection and authorization
Transfer Google user data to third parties except as necessary to provide our services (such as secure cloud storage)

File Storage: Files imported from Google Drive are securely stored in our AWS S3 infrastructure and are subject to the same security and retention policies as described in this Privacy Policy.

Data Sales: We do not sell your personal information to any third parties under any circumstances.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

Google Analytics

We may share your information with Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout.

Microsoft Clarity

We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and provide the best user experience. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Our primary servers are located in Germany, and we also use Amazon Web Services (AWS) S3 infrastructure which may be located in various regions globally. If you are accessing our Services from outside these regions, please be aware that your information (including files imported from Google Drive) may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we may share your personal information.

File Storage: Files you upload or import from Google Drive are stored securely in AWS S3 cloud infrastructure, which maintains high security standards and complies with international data protection requirements.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. Specifically:

Active accounts: We retain your personal information for as long as you maintain an active account with us
Closed accounts: When you close your account, we will delete your personal data within 30 days, except where retention is required by law
Imported files: Files imported from Google Drive are retained for as long as your account is active or until you request their deletion
Billing information: We retain billing and payment information for 7 years for tax and accounting purposes
Legal obligations: Some data may be retained longer if required by law, regulation, or legal proceedings

Data Deletion: When the data retention period expires for a given type of data, we will securely delete or anonymize it from our active systems. You may request deletion of your data at any time by contacting us at privacy@sailatlas.app.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process, including:

Encryption: We use industry-standard encryption to protect your data both in transit and at rest
Access Controls: We implement strict access controls and authentication mechanisms to limit access to your personal information
Secure Infrastructure: Our systems are hosted on secure cloud infrastructure (AWS S3) with regular security audits
Employee Training: Our staff receives regular training on data protection and security best practices
Regular Monitoring: We continuously monitor our systems for security threats and vulnerabilities

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Therefore, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

9. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. This service is not directed to children under 13 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services.

If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@sailatlas.app.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

In some regions, you have certain rights under applicable data protection laws. These may include the right to:

Request access and obtain a copy of your personal information
Request rectification or erasure
Restrict the processing of your personal information
Data portability
Not to be subject to automated decision-making
Withdraw consent for Google Drive access

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

Contact us using the contact information provided
Log in to your account settings and update your user account
Revoke Google Drive access through your Google Account settings

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of certain US states, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information.

Categories of Personal Information We Collect

Category	Examples	Collected
Identifiers	Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name	YES
Personal information as defined in the California Customer Records statute	Name, contact information, education, employment, employment history, and financial information	YES
Protected classification characteristics under state or federal law	Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data	YES
Commercial information	Transaction information, purchase history, financial details, and payment information	NO
Internet or other similar network activity	Files imported from Google Drive, browsing history, search history, and interactions with our platform	YES
Sensitive personal information	Account login information, citizenship or immigration status, drivers' licenses, passport numbers and precise geolocation	YES

Your Rights

You have rights under certain US state data protection laws. These rights include:

Right to know whether or not we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to request the deletion of your personal data
Right to obtain a copy of the personal data you previously shared with us
Right to non-discrimination for exercising your rights

13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (Privacy Act).

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided.

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email at privacy@sailatlas.app, or contact us by post at:

HeyAtlas.ai LLC
Data Protection Officer
2307 Lemoine Ave #330
Fort Lee, NJ 07024
United States

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

To exercise your rights, you can:

Submit a data subject access request by emailing us at privacy@sailatlas.app
Log into your account settings to update your information
Contact us directly using the information provided in Section 15
Revoke Google Drive access through your Google Account settings

Data Deletion Requests: If you request deletion of your personal data, we will delete your information within 30 days of receiving your request, except where we are required to retain it by law. This includes deleting files imported from Google Drive. We will confirm the deletion once completed.

Response Time: We will respond to your request within 30 days and provide you with information about the action we have taken.