VesselOneVesselOneBack to login

Privacy Policy

Last updated: February 2026

1. About This Policy

MCY Marine Group Pty Ltd (“MCY”, “we”, “us”, or “our”) operates the VesselOne platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with the Service.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with the EU General Data Protection Regulation (GDPR) for users located in the European Economic Area.

By using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

2. What Personal Information We Collect

We may collect the following categories of personal information:

  • Account information: name, email address, phone number, job title, and profile photo
  • Business information: company name, ABN, address, and subscription details
  • Vessel data: vessel name, registration number, hull ID, specifications, and service records you create in the platform
  • Usage data: pages visited, features used, actions taken within the Service, and timestamps
  • Device & technical data: IP address, browser type, operating system, and device identifiers
  • Communications: messages you send to our support team

3. How We Collect Information

We collect personal information:

  • Directly from you when you register an account, complete your profile, or use the Service
  • Automatically through cookies and similar tracking technologies when you use the Service
  • From Company Admins when they invite team members or vessel owners to the platform
  • From third-party services we use to operate the platform (see Section 5)

4. How We Use Your Information

We use personal information to:

  • Provide, operate, and improve the Service
  • Authenticate users and maintain account security
  • Send transactional communications (e.g. email verification, password reset, SMS OTP)
  • Process subscription billing and manage your account
  • Respond to support requests and provide customer service
  • Analyse usage patterns to improve product features (in aggregated, de-identified form)
  • Comply with legal obligations

We do not use personal information for automated decision-making that produces legal or similarly significant effects without human review.

5. Disclosure to Third Parties

We do not sell your personal information. We may share it with trusted third-party service providers who assist us in operating the Service, subject to appropriate contractual protections:

  • Supabase / Amazon Web Services: database hosting and authentication (data stored in AWS ap-northeast-1, Tokyo region)
  • Twilio: SMS delivery for phone verification and notifications
  • Payment processors: subscription billing (details provided at checkout)

We may also disclose personal information where required by law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of MCY, our users, or the public.

6. Data Storage & Security

Your data is stored on servers operated by Supabase and Amazon Web Services, located in the Asia-Pacific region (Tokyo, Japan — AWS ap-northeast-1). By using the Service, you consent to your data being transferred to and processed in this jurisdiction.

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security on our database, and access controls. Despite these measures, no system is completely secure. Please notify us immediately at support@vesselone.com.au if you suspect a security incident.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. After account termination, we may retain data for up to 12 months for legal and audit purposes, then delete it. You may request earlier deletion as described in Section 8.

Certain data (e.g. financial records) may be retained for longer periods as required by Australian law.

8. Your Rights

Under the Australian Privacy Principles and applicable law, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete personal information
  • Delete your personal information (subject to legal retention obligations)
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at privacy@vesselone.com.au. We will respond within 30 days.

9. Cookies & Tracking

We use cookies and similar technologies to maintain your session, remember preferences, and analyse usage. Session cookies are deleted when you close your browser. Persistent cookies remain for up to 12 months.

You can control cookie settings through your browser. Disabling cookies may affect the functionality of the Service.

10. Children’s Privacy

The Service is intended for use by adults and business professionals. We do not knowingly collect personal information from persons under 18 years of age. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice within the Service. Continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy.

12. Contact & Complaints

For privacy-related inquiries or complaints, please contact our Privacy Officer:

MCY Marine Group Pty Ltd — Privacy Officer
Email: privacy@vesselone.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).