Data Transparency
Data Usage Policy
A comprehensive explanation of how HeyMariner collects, sources, uses, stores, and protects the maritime data that powers our intelligence platform — from AIS vessel positions to port intelligence, weather overlays, and user-generated content.
Last Updated: June 19, 20261. Introduction to Data at HeyMariner
Data is the foundation of HeyMariner. Our platform launched on July 1, 2026, with a mission to provide the world's maritime professionals — Masters, Officers, Engineers, ship operators, port agents, maritime lawyers, marine insurers, and everyone else working in the shipping industry — with the most comprehensive, accurate, and reliable maritime intelligence available in a single integrated platform.
To fulfil that mission, we work with an enormous variety of data: real-time AIS vessel position reports broadcast by ships across the global ocean; vessel registry information maintained by flag state administrations and classification societies; port facility data compiled from harbour authorities and hydrographic offices worldwide; weather model outputs from national meteorological services; navigational warnings from NAVAREA coordinating authorities; maritime regulation text from IMO publications; commercial product catalogues from the IMPA catalogue; and the professional knowledge, experience, and observations contributed by our community members.
This Data Usage Policy explains what data we hold, where it comes from, how we use it, how long we keep it, and how we protect it. It is distinct from — but closely related to — our Privacy Policy, which focuses specifically on the personal data of individual users. This Policy focuses on the broader landscape of maritime data that powers the platform, as well as the data generated by your use of it.
HeyMariner is headquartered at Duncan Avenue, Jersey City NJ 07304, United States. You can reach our data team at heymariner@gmail.com. We are committed to transparency about our data practices, and we welcome enquiries and feedback on this policy.
By using HeyMariner, you acknowledge and accept the data practices described in this policy. If you do not agree with any aspect of these practices, please do not use the platform. If you have questions before deciding whether to use the platform, please contact us and we will be happy to assist.
2. Types of Data on Our Platform
HeyMariner handles five broad categories of data, each with distinct characteristics, sources, and usage patterns.
Maritime Operational Data
This is the core data layer of HeyMariner — the information that directly supports maritime operations, safety, and navigation. It includes Automatic Identification System (AIS) vessel position data covering the real-time and historical positions, headings, speeds, navigational status, destination, and estimated time of arrival of vessels equipped with AIS transponders worldwide; port state data including berth availability, port restrictions, draft limitations, tidal information, and port congestion indicators; hydrographic data including chart data, depth soundings, hazard positions, and Notice to Mariners updates; weather data including marine forecasts, GRIB model output, sea state information, tropical weather system tracking, and ice limit data; navigational warning data from the World-Wide Navigational Warning Service covering NAVAREAs and METAREAs globally; piracy and armed robbery data from the IMB Piracy Reporting Centre and maritime security advisory services; and maritime casualty and incident data from official investigation reports and safety databases.
Maritime operational data is the most safety-critical category of data on our platform. Its accuracy directly affects the operational decisions of maritime professionals. We handle it accordingly, with the highest standards of source verification, refresh frequency monitoring, and error reporting.
User-Generated Data
This category encompasses all data created by you as a HeyMariner user through your interaction with the platform. It includes your vessel watchlists and fleet monitoring configurations; your search history and query patterns; your saved routes, waypoints, and passage plans; your alert configurations and notification preferences; your platform personalisation settings; and the account information you provide upon registration including your professional background, rank, and vessel affiliations.
User-generated data in this sense refers to the traces left by your use of the platform's tools and features — it is distinct from the content you actively create and post in the community, which falls under the Community Data category below.
Editorial Content Data
HeyMariner maintains a growing library of professionally curated editorial content, including maritime regulation summaries and compliance guides; port intelligence articles; maritime news and analysis; technical explainers on vessel systems and equipment; career guidance for maritime professionals; an STCW certification guide; and the HeyMariner maritime wiki. This content is produced by our in-house team of maritime professionals — including our nine Master Mariners, five Chief Engineers, seventeen Officers, and thirteen Engineers — as well as by verified external contributors.
Editorial content data is maintained in our content management system with version history, authorship attribution, and editorial review records. It is published under HeyMariner's editorial policy and is updated on a schedule appropriate to the content type.
Community Data
Community data encompasses all content created by members of the HeyMariner community through active posting and participation. This includes forum posts and discussion thread contributions; port call reports and vessel reviews; near-miss reports and safety observations; weather observations and sea state reports; professional profiles and account information; direct messages between members; and reactions, votes, and other community interactions.
Community data is subject to our Community Guidelines, and we apply moderation standards consistent with the safety-critical nature of maritime information. You retain ownership of community content you create, subject to the licence terms set out in the Community Guidelines.
Commercial Data
HeyMariner's marketplace and procurement features operate on commercial data, including the IMPA catalogue of maritime consumables and spare parts; supplier and ship chandler listings; request for quotation (RFQ) submissions and responses; procurement price benchmarks; and supplier rating and review data. Commercial data is handled in accordance with our contractual obligations to data providers and the commercial interests of platform users.
3. Maritime Data Sources and Providers
The diversity and quality of data on HeyMariner depends on the reliability of our source relationships. We maintain relationships with a range of authoritative data providers.
AIS Data Providers — Terrestrial and Satellite
Automatic Identification System data is sourced from commercial data aggregators who operate networks of terrestrial AIS receivers and maintain agreements with satellite AIS operators. Terrestrial AIS networks typically provide coverage within 40 to 60 nautical miles of the coast, where line-of-sight VHF signal propagation is achievable. Satellite AIS (S-AIS) extends coverage to open ocean areas using low-earth-orbit satellites that intercept AIS transmissions from vessels beyond the range of terrestrial receivers.
AIS data is received by HeyMariner under commercial licence agreements with authorised data aggregators. These agreements govern the scope of data access, permitted usage, redistribution rights, and data retention periods. The identity of specific AIS data providers is commercially confidential, but all providers operate in compliance with applicable telecommunications regulations and data protection law.
Hydrographic Office Data
Hydrographic data underpinning HeyMariner's chart features, port depth information, and navigational hazard data is sourced from national hydrographic offices including the United Kingdom Hydrographic Office (UKHO), the National Oceanic and Atmospheric Administration (NOAA) and the National Geospatial-Intelligence Agency (NGA) of the United States, and member services of the International Hydrographic Organization (IHO). UKHO data products, where used, are accessed under appropriate ADMIRALTY licence terms. NOAA and NGA publications that fall within the public domain are used in accordance with their open access terms.
Port Authority Data
Port and terminal data is compiled from a combination of official port authority publications, UN/LOCODE data maintained by UNECE, the NGA World Port Index (Pub. 150), and licensed commercial maritime databases. Where port authorities provide open-access data portals, we integrate these directly. For ports that publish official Notice to Mariners, we monitor and incorporate relevant updates as part of our regular data maintenance processes.
IMO and BIMCO Publication Data
Maritime regulatory content on HeyMariner draws on the text of IMO conventions, resolutions, circulars, and GISIS database information. We access publicly available IMO documentation through the IMO website and IMODOCS system. BIMCO standard clauses, contract forms, and maritime trade guidance are referenced in accordance with applicable licence terms. We do not reproduce full proprietary IMO or BIMCO publication text without appropriate authorisation. Our regulatory summaries and compliance guides are original editorial works produced by our maritime professional team.
Weather Data Providers
Marine weather data is sourced from NOAA's Global Forecast System (GFS) and the National Hurricane Center, the European Centre for Medium-Range Weather Forecasts (ECMWF), and the UK Met Office. Public domain weather model data is supplemented with commercial weather routing data for premium platform features. Weather data is presented in GRIB2 format for technical users and in human-readable overlays for general users.
Classification Society Data
Vessel class and survey status information is sourced from publicly available classification society databases and licensed maritime vessel registry databases. The major classification societies — Lloyd's Register, Bureau Veritas, DNV, American Bureau of Shipping, ClassNK, and others — maintain public vessel search tools that provide class status, survey dates, and notation information. HeyMariner uses this publicly available information and supplements it with commercially licensed vessel particulars databases.
4. How We Use Maritime Data
The maritime data held by HeyMariner is used to power a range of platform features and services, all oriented toward providing maritime professionals with the intelligence they need to operate safely, efficiently, and compliantly.
Vessel Tracking and Monitoring
AIS data enables HeyMariner's core vessel tracking and monitoring features. Users can search for vessels by name, MMSI number, IMO number, call sign, flag state, or vessel type; view real-time position, heading, and speed on a maritime chart; access historical track data showing a vessel's voyage history; configure alerts for vessel arrivals, departures, AIS loss events, or entries into user-defined geographic zones; and monitor fleets of vessels simultaneously through fleet management dashboards.
Port Intelligence and Berth Availability
Port data is combined with AIS data to provide port intelligence features including vessel traffic monitoring at specific ports and anchorages; estimated berth availability based on vessel arrivals and departures; port congestion indicators derived from anchorage occupancy and average waiting times; access to port facility details including draft restrictions, berth dimensions, and available services; and port call reporting based on AIS detected arrivals and departures.
Route Optimisation and Weather Routing
Weather and AIS data are combined to support passage planning and weather routing features. Users can overlay weather forecast data — including wind, wave height, swell, current, and sea surface temperature — on maritime charts; analyse historical weather patterns on specific routes; identify potential adverse weather windows for planned voyages; and compare actual vessel tracks with optimal routeing alternatives.
Regulation Compliance Tools
Maritime regulatory data is used to power compliance tools including MARPOL special area status displays on vessel tracking charts; ECA (Emission Control Area) boundary data for fuel sulphur compliance planning; port state control performance records and inspection history for specific vessels; flag state endorsement requirements for STCW certificates; and real-time display of active NAVAREA warnings along planned routes.
Historical Voyage Data Analysis
Where AIS data coverage permits, HeyMariner provides historical voyage data features enabling users to reconstruct past voyages, analyse voyage durations and route efficiency, compare performance across vessels on similar routes, and identify patterns in port turnaround times. Historical data is subject to the retention and access limitations specified in our agreements with AIS data providers.
5. Data Accuracy and Reliability
HeyMariner is committed to providing the most accurate maritime data possible, but the inherent characteristics of maritime data sources impose important limitations that all users must understand and account for in their operational decisions.
AIS Data Limitations
AIS data has well-known limitations that are fundamental to the technology and cannot be fully mitigated by any platform. Terrestrial AIS receivers cannot receive signals from vessels beyond approximately 40 to 60 nautical miles from shore, meaning that vessels in mid-ocean passages may appear as AIS-silent or have positions updated only intermittently via satellite AIS, which is subject to higher latency than terrestrial coverage. AIS transponders may malfunction, be incorrectly configured, or be switched off, resulting in complete loss of position reports. AIS signals can be subject to interference, particularly in high-density anchorages and port approaches where signal collision reduces data quality.
AIS data is also susceptible to manipulation. Vessels may transmit false position reports (GPS spoofing), incorrect MMSI numbers, false vessel names, or inaccurate voyage data. HeyMariner employs cross-referencing and anomaly detection to identify potential AIS data integrity issues, but we cannot guarantee the detection of all anomalies. Where AIS spoofing or manipulation is suspected based on data patterns, we may flag the vessel record accordingly, but our assessment is not authoritative.
AIS data is a navigational aid and a traffic monitoring tool — it is not a substitute for proper bridge watch-keeping, radar plotting, or communication with other vessels. HeyMariner AIS data must never be used as the primary means of collision avoidance. COLREGS apply at all times regardless of AIS system status.
Real-Time vs Cached Data
HeyMariner distinguishes between genuinely real-time data feeds and cached data. Real-time data is served directly from live data feeds with minimal latency, typically within seconds to minutes of the original broadcast. Cached data is stored locally and refreshed on a scheduled basis; the time since last refresh is displayed alongside cached data values so users can assess currency. Where data is displayed without a refresh timestamp, users should treat it as potentially stale and verify against authoritative sources before making safety-critical decisions.
Data Refresh Intervals
Live AIS positions are updated as data is received from our data feeds — for vessels within terrestrial network coverage, this is typically within 2 to 10 minutes of the actual position broadcast, depending on transponder class and transmission frequency. Satellite AIS positions may reflect data that is 30 minutes to several hours old depending on satellite pass timing and network architecture. Vessel particulars are refreshed weekly from registry databases. Port restriction data is updated monthly and upon receipt of Notice to Mariners amendments. Weather model data is refreshed every 6 hours in line with standard model run cycles. NAVAREA warning data is refreshed as soon as possible following publication by coordinating authorities, with best-effort near-real-time synchronisation.
Error Reporting
We actively encourage users to report data errors, outdated information, and apparent data integrity issues. Every data display on HeyMariner includes a feedback mechanism — typically a flag or report icon — that allows users to submit error reports directly from the relevant data view. Alternatively, data error reports can be submitted by email to heymariner@gmail.com. We investigate all confirmed error reports and aim to correct verified errors within 5 business days.
6. Your Search and Usage Data
HeyMariner collects data about how you use the platform in order to provide, improve, and personalise our services. This section explains what we track, how we use it, how long we keep it, and how you can control it.
What We Track
We collect data about the vessel searches you perform, including the vessel names, MMSI numbers, IMO numbers, and other identifiers you search for and the frequency with which you search for specific vessels. We track your port lookups, including which ports you search for and access most frequently. We record your route query patterns — which port pairs you plan routes between, which ocean areas you focus on, and which weather overlays you activate. We monitor which regulation pages, certification guides, and editorial articles you access. We log your watchlist configuration — which vessels, ports, and routes you have saved for ongoing monitoring. We record your alert configuration — what events you have chosen to be notified about, and for which vessels or geographic zones.
How We Use Your Usage Data
Your individual usage data is used to personalise your experience — to surface vessels, ports, and routes relevant to your professional focus on your dashboard; to remember your map view preferences and overlay settings; to pre-populate search fields with your frequently searched identifiers; and to recommend editorial content and regulatory guidance relevant to the vessel types and trade routes you monitor.
Aggregated, anonymised usage data is used to improve the platform — to identify which features are most actively used; to understand which vessel types, trade routes, and port regions attract the most user interest; to prioritise data quality improvements in the areas users engage with most; and to inform our product development roadmap.
Retention of Usage Data
Individual usage data is retained for the duration of your account and for up to 12 months following account closure. Anonymised aggregated usage data may be retained indefinitely for platform improvement purposes. You may request deletion of your usage data as part of a data erasure request submitted under our Privacy Policy.
Your Opt-Out Rights
You may opt out of usage data collection for personalisation purposes through your account privacy settings. Note that opting out of usage data collection will disable personalisation features — your dashboard will not be pre-configured with your frequently monitored vessels and ports, and content recommendations will be based solely on general maritime popularity rather than your specific professional focus. Core platform functionality is not affected by opting out of personalisation data collection.
7. Maritime Alert and Subscription Data
HeyMariner aggregates and distributes maritime safety and operational alerts from multiple authoritative sources. Understanding how this alert data is managed is important for users who rely on HeyMariner for situational awareness.
NAVAREA Navigational Warnings
We aggregate NAVAREA, HYDROPAC, HYDROLANT, and HYDROARC navigational warning data from national coordinating authorities. Warnings are displayed on the HeyMariner chart overlay and can be subscribed to by NAVAREA region. NAVAREA warning data is updated as soon as possible following publication by coordinating authorities. However, HeyMariner is not an authorised NAVAREA broadcaster, and our NAVAREA data must not be used as a substitute for the official GMDSS navigational warning broadcasts received on board via SafetyNET or NAVTEX.
Piracy and Maritime Security Alerts
Piracy incident and maritime security threat data is sourced from the IMB Piracy Reporting Centre, the EU NAVFOR Shared Awareness and Deconfliction (SHADE) system, the Maritime Security Centre Horn of Africa (MSCHOA), and national maritime security agencies. This data is displayed on the HeyMariner chart and available as a subscription alert for users monitoring high-risk areas. Alert data is updated as new incidents are reported and verified, typically within 24 hours of official incident publication.
Port Restriction and Notice to Mariners Data
Port restriction alerts — including temporary depth limitations, berth closures, traffic separation scheme amendments, and local port authority notices — are aggregated from official Notice to Mariners publications and port authority announcements. These are available as push alerts for ports on your watchlist. Given the volume and diversity of Notice to Mariners publications globally, completeness cannot be guaranteed. Users must always consult official hydrographic office publications and relevant port authority notices directly before entering port.
Subscription Alert Data Handling
When you configure alerts on HeyMariner, we store your alert preferences — including the vessels, ports, geographic zones, and event types you wish to be alerted about — in our database. This information is used solely to generate and deliver the alerts you have requested. It is not shared with third parties for commercial purposes. You may modify or delete your alert subscriptions at any time through your account settings. Alert subscription data is deleted within 90 days of account closure.
9. Commercial Data and Supplier Information
HeyMariner's marketplace and procurement features are powered by commercial data maintained in partnership with maritime suppliers, ship chandlers, equipment manufacturers, and service providers. This section explains how commercial data is handled.
The IMPA catalogue data displayed on HeyMariner is accessed under appropriate commercial licence from the International Marine Purchasing Association (IMPA) or through authorised data partners. IMPA catalogue numbers, product descriptions, and technical specifications are used solely to facilitate legitimate maritime procurement activities by platform users. We do not modify, misrepresent, or commercially exploit IMPA catalogue data in ways that would conflict with IMPA's commercial interests or the terms of our data licence.
Supplier listings on the HeyMariner platform are maintained by the suppliers themselves or by our marketplace team in collaboration with supplier partners. Supplier contact information, product portfolios, and service descriptions are maintained with the aim of accuracy, but HeyMariner does not verify the accuracy of supplier-submitted information and does not endorse any specific supplier or product.
Request for Quotation (RFQ) data submitted through the HeyMariner procurement platform is shared with the suppliers to whom the RFQ is addressed. We retain RFQ data for 12 months following submission to enable dispute resolution and platform improvement. We do not share individual RFQ data with third parties beyond the intended recipient suppliers.
Aggregated, anonymised procurement data — such as the most commonly requested product categories by vessel type, or regional price benchmarks for common maritime consumables — may be used for platform analytics and editorial content. This data is anonymised before use in any externally visible context.
10. Data Export and Portability
HeyMariner supports your right to access and export the data we hold about you and your use of the platform. Data portability is a core principle of our approach to user rights and data governance.
You may request an export of your personal and usage data at any time through the data export function in your account settings, or by submitting a request to heymariner@gmail.com. We will prepare and deliver your data export within 30 calendar days of your verified request. Data is provided in a structured, machine-readable format — typically JSON or CSV, depending on data type — to enable portability to other systems.
Your data export will include account and profile information; vessel watchlist and fleet monitoring configurations; saved routes, waypoints, and passage plan data; alert subscription configurations; community posts and contributions (where applicable); search history and usage data (where you have not opted out of collection); and subscription and billing records.
Your data export will not include maritime operational data that does not belong to you — such as AIS position records of vessels you have tracked — as this data is licensed from third parties and cannot be redistributed in bulk form. It will also not include content posted by other community members, even in threads in which you participated.
If you are closing your account and wish to delete your data rather than export it, please submit a data erasure request at the same time as your account closure request. Account closure and data deletion are distinct processes and both must be requested explicitly.
11. API Data Access
HeyMariner provides programmatic API access to selected maritime data for maritime software developers, shipping companies building internal tools, maritime analytics firms, and research institutions. API access is subject to separate API Terms of Service and commercial licence agreements that govern the scope, volume, and permitted uses of data accessed through the API.
API data access is tiered by use case and data type. Public and research API tiers provide access to non-commercially sensitive, publicly available maritime data — such as port position data, vessel type classifications, and NAVAREA warning summaries — with rate limits appropriate for non-commercial or low-volume use. Commercial API tiers provide access to live AIS data, vessel track histories, port intelligence feeds, and weather routing data, subject to commercial licence fees and usage quotas consistent with our upstream data provider agreements.
API users are prohibited from using HeyMariner API data to build competing general maritime intelligence platforms without explicit written authorisation; from reselling or redistributing raw AIS data accessed through the API in bulk form; from using API data in ways that violate the privacy rights of individuals; and from using the API in ways that could compromise maritime safety or security.
API access is monitored for compliance with usage terms. Accounts found to be exceeding permitted usage volumes, using data in prohibited ways, or misrepresenting the purpose of their API access will have their access suspended pending investigation.
To enquire about API access for your organisation, contact us at heymariner@gmail.com with a description of your intended use case, estimated data volumes, and organisation background. We evaluate all API access requests individually.
12. Data Aggregation and Analytics
HeyMariner uses aggregated and anonymised data analytics to improve the platform, inform our editorial team, and produce publicly available maritime intelligence insights. This section explains what aggregate analytics we produce and how we ensure that aggregation does not compromise individual privacy.
Our analytics outputs include fleet statistics — such as the aggregate number of vessels of specific types currently in specific regions or ocean areas, average speeds on major trade routes, and seasonal traffic pattern analysis; port traffic analytics covering vessel call volumes at major ports by vessel type, average port turnaround times, and anchorage occupancy rates; weather routing analytics examining the correlation between weather patterns and vessel routing decisions on major trade lanes; and community analytics showing the most actively discussed regulatory topics, port regions, and vessel types on the HeyMariner platform.
All aggregate analytics are produced using anonymisation techniques that prevent the reconstruction of individual vessel or user-level data from the aggregate output. We apply a minimum threshold of data points below which aggregate statistics are not published, to prevent quasi-identification of individual data subjects in low-traffic scenarios.
Aggregated maritime analytics may be shared with maritime industry partners, research institutions, and in HeyMariner's published editorial content, including our maritime intelligence reports and market analyses. These publications do not contain individually identifiable data.
We use Google Analytics and other web analytics tools to understand platform usage patterns. These tools collect anonymised data about page views, user sessions, geographic distribution of users, and device and browser types. We do not use analytics tracking to create individual advertising profiles or to share behavioural data with advertising networks.
13. Open Data and Public Maritime Data
A significant proportion of the data infrastructure underpinning HeyMariner is built on open data resources published by international organisations, national governments, and hydrographic offices. We are committed to properly acknowledging and respecting the terms under which open data is provided, and to contributing to the open data ecosystem where we can.
Open data sources used by HeyMariner include UN/LOCODE data from UNECE, published under open access terms; NGA World Port Index data, which is in the public domain as a US government publication; NOAA GFS weather model data, published as open data by the US government; OpenStreetMap geographical data, used under the Open Database Licence (ODbL); Natural Earth public domain vector data, used for basemap rendering; and publicly available IMO GISIS database information.
Where open data is used, we provide appropriate attribution in accordance with the applicable licence terms. OpenStreetMap data is used in accordance with the ODbL: we acknowledge OpenStreetMap contributors in our map attribution and make our derivative database available for inspection upon request. Natural Earth data is used in accordance with its public domain terms.
HeyMariner is exploring opportunities to contribute to the open maritime data ecosystem by publishing appropriately licensed data products — such as aggregated port traffic statistics or anonymised weather observation datasets — that can benefit the broader maritime research and safety community. We welcome proposals for open data collaboration from maritime research institutions and safety organisations.
We also acknowledge the work of maritime safety organisations and volunteer-maintained maritime data projects that form part of the open maritime data landscape, and we are grateful for the professional dedication that sustains these resources.
14. Data Security Measures
Protecting the data entrusted to HeyMariner is a fundamental responsibility. We implement a layered security architecture appropriate to the sensitivity of the data we hold and the threat environment in which we operate.
Encryption
All data in transit between your browser or application and HeyMariner servers is encrypted using TLS 1.2 or higher. Sensitive data at rest — including user credentials, personal information, and commercially sensitive data — is encrypted using AES-256 encryption. Database encryption is enforced at the storage layer, ensuring data remains protected even in the event of physical storage compromise. API communications use HTTPS with certificate pinning where supported by the client environment.
Access Controls
Access to HeyMariner's data systems is governed by a principle of least privilege — team members can only access data necessary for their specific role. All internal access to production data systems requires multi-factor authentication. Access logs are maintained for all data system access events. Third-party service providers who process data on our behalf are granted only the access necessary to fulfil their contracted service function, and are contractually bound by data processing agreements that require compliance with applicable data protection law.
Audit Logs
HeyMariner maintains comprehensive audit logs of all access to and modifications of user data, maritime operational data, and system configurations. Audit logs are retained for a minimum of 12 months and are reviewed regularly for anomalous access patterns. Access to audit logs is restricted to senior members of our technical and security team.
Vulnerability Management
We conduct regular security assessments of our platform infrastructure, including vulnerability scanning of externally accessible services and periodic penetration testing by qualified security professionals. Critical and high-severity vulnerabilities are patched within 24 hours of identification where technically feasible. We maintain a responsible disclosure programme — if you identify a security vulnerability in HeyMariner's platform, please contact us at heymariner@gmail.com and we will investigate and respond promptly.
15. Data Breach Response Plan
In the event of a data security incident that results in or may result in unauthorised access to, disclosure of, or loss of personal or maritime operational data, HeyMariner has an established incident response plan.
Upon detection of a potential breach, our security team immediately convenes to assess the nature, scope, and severity of the incident. We isolate affected systems to prevent further unauthorised access while preserving forensic evidence. We determine what categories of data may have been accessed or exposed and identify the individuals or organisations whose data may be affected.
Where a breach involves personal data and meets the threshold for mandatory notification under applicable data protection law — including the EU GDPR (72-hour notification requirement to supervisory authority) and applicable US state data breach notification laws — we notify the relevant regulatory authority within the prescribed period. We notify affected individuals promptly where the breach poses a high risk to their rights and freedoms.
In the context of a maritime intelligence platform, a data breach may also have operational safety implications — for example, if a breach exposed commercially sensitive vessel tracking configurations or maritime security alert subscription data. In such cases, we assess and address the maritime safety implications of the breach in addition to fulfilling our data protection notification obligations.
Following resolution of a breach, we conduct a root cause analysis and implement measures to prevent recurrence. A post-incident report is shared with affected users where appropriate.
16. Cross-Border Data Flows
Maritime data is inherently global. A vessel tracked on HeyMariner may be transiting between any two of the world's ports, its AIS data may be captured by receivers in three different countries, and the user monitoring it may be located in a fourth. This global nature of maritime data creates complex questions around data sovereignty and cross-border data flows that we address carefully.
HeyMariner is a United States-headquartered company and our primary data infrastructure is hosted in data centres located in the United States. Where we work with cloud service providers whose infrastructure extends to other regions — including the European Economic Area — we ensure that appropriate data transfer mechanisms are in place, including Standard Contractual Clauses (SCCs) for transfers of personal data from the EEA to the US under the EU GDPR.
AIS data itself is inherently cross-border — vessel position broadcasts are received and redistributed across multiple jurisdictions without restriction, as this is fundamental to the operation of the global maritime traffic monitoring and collision avoidance systems that AIS supports. We process AIS data in accordance with applicable telecommunications and data protection frameworks in the jurisdictions relevant to our operations.
For users accessing HeyMariner from jurisdictions with specific data localisation requirements — such as certain jurisdictions in the Middle East, South Asia, or East Asia — we are committed to ensuring that our data handling complies with applicable local law. If you have concerns about data localisation requirements relevant to your jurisdiction, please contact us and we will discuss the implications for your use of the platform.
The global nature of maritime data means that achieving perfect data sovereignty in this domain is practically impossible — a fact recognised by the international maritime regulatory framework, which has always operated on the basis of global data sharing in the interest of maritime safety. We align our approach to cross-border data flows with this established principle.
17. Changes to This Data Usage Policy
HeyMariner reviews this Data Usage Policy periodically to ensure it accurately reflects our data practices and complies with applicable law. We will update this policy as our data sources, processing activities, and legal obligations evolve.
Material changes to this policy — changes that significantly alter the types of data we collect, how we use it, with whom we share it, or how long we retain it — will be communicated to registered users by email at least 30 days before they take effect. The "Last Updated" date at the top of this page reflects the date of the most recent revision.
Minor changes — corrections of typographical errors, clarifications that do not alter the substance of our data practices, or updates to contact information — may be made at any time without prior notice, and the "Last Updated" date will be revised accordingly.
Your continued use of HeyMariner following the effective date of a material policy change constitutes your acceptance of the revised policy. If you do not accept the revised policy, you should cease using the platform and request deletion of your data.
We maintain an archive of previous versions of this policy. If you wish to review a previous version, please contact us and we will provide it upon request.
18. Contact for Data Enquiries
HeyMariner welcomes enquiries about our data practices. Whether you are a user seeking to understand how your data is used, a data provider interested in partnering with us, a researcher seeking access to maritime analytics, or an authority with a legitimate data request, we are committed to responding promptly and transparently.
For data-related enquiries, please use one of the following subject line formats to ensure your enquiry reaches the right team: "Data Access Request" for requests to access or export your data; "Data Erasure Request" for requests to delete your data; "Data Partnership Enquiry" for organisations interested in data licensing or supply partnerships; "API Access Request" for programmatic data access enquiries; "Data Error Report" for reporting inaccurate or outdated maritime data; and "Data Security Concern" for reporting potential security vulnerabilities.
This Data Usage Policy was last updated on June 19, 2026. The current version is authoritative. For enquiries about previous policy versions, please contact us directly.