Privacy Policy
Effective Date: 2 March 2026 | Last Updated: 2 March 2026
Vinova Systems Ltd (Company No. 15969790), registered at 7 Bell Yard, London, England, WC2A 2JR ("Vinova Systems", "we", "us", or "our") is committed to protecting the privacy of individuals who use our products, services, and websites. This Privacy Policy explains how we collect, use, store, and share information when you use:
- NCoDE Mobile — our iOS and Android mobile application
- NCoDE Command — our unified vessel management and operating platform
- NCoDE Peplink — our network monitoring integration
- NCoDE Fleet — our fleet management platform
- SeaTwin — our digital twin product
- AirTime and SeaLink — our connectivity and communication services
- Vinova Systems websites — including www.vinova.uk
- Any associated hardware, cloud services, or support services (collectively, the "Services")
Summary: We collect only the data necessary to operate our vessel monitoring and management services. We do not sell your personal data. We do not use your data for advertising. Vessel telemetry data is processed locally on your vessel or device wherever possible.
1. Information We Collect
1.1 Information You Provide
- Account information: Name, email address, company name, and role when you create an account or request information via our contact forms.
- Configuration data: Vessel identifiers (MMSI, vessel name), connection settings (server addresses, port numbers), and dashboard layout preferences.
- Support communications: Messages, feedback, and correspondence you send to us.
1.2 Information Collected Automatically
- Vessel telemetry data: Engine parameters (RPM, temperature, oil pressure, fuel levels), navigation data (position, speed, heading, depth), environmental data (weather, sea state, temperature, humidity), and system status data collected from onboard sensors via NMEA 2000 and other marine protocols. This data is processed primarily on-vessel or on-device and is only transmitted to cloud services when explicitly configured by the vessel operator.
- Network data: WAN link status, signal strength, bandwidth usage, and connected device information when using NCoDE Peplink features. This data remains within the vessel's network unless cloud sync is enabled.
- AIS data: Automatic Identification System vessel tracking data obtained from publicly available AIS services for fleet tracking and collision avoidance purposes.
- Device information: Device type, operating system version, app version, and screen dimensions for the purpose of delivering a responsive user experience. We do not collect device advertising identifiers.
- Usage data: Basic app usage patterns (screens visited, features used) to improve product quality. This data is anonymised and aggregated.
- Security and audit logs: Login events, configuration changes, and system alerts for compliance and security monitoring purposes.
1.3 Information We Do Not Collect
- We do not collect precise device location via GPS from your mobile device. Vessel position is obtained from the vessel's onboard navigation systems (NMEA data), not from your phone's GPS.
- We do not collect contacts, photos, calendar data, or other personal content from your device.
- We do not use advertising identifiers (IDFA/GAID).
- We do not use tracking pixels or third-party analytics SDKs that share data with advertisers.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|
| Provide vessel monitoring services | Telemetry, configuration, vessel IDs | Contract performance |
| Display vessel position and fleet tracking | Navigation data, AIS data | Contract performance |
| Deliver alerts and notifications | Telemetry thresholds, alert configuration | Contract performance |
| Network monitoring and access control | WAN status, connected devices | Contract performance |
| Security and compliance logging | Audit logs, login events | Legitimate interest |
| Product improvement | Anonymised usage data | Legitimate interest |
| Customer support | Account info, communications | Contract performance |
| Respond to enquiries | Contact form submissions | Consent |
3. Data Storage and Security
3.1 Where Data Is Stored
- On-vessel: Telemetry data, audit logs, and configuration are stored locally on the vessel's NCoDE hardware and within the NCoDE Command application's local database. This data does not leave the vessel unless cloud sync is explicitly configured.
- On-device: NCoDE Mobile stores connection settings and cached telemetry data locally on your mobile device using encrypted device storage.
- Cloud services: When cloud sync is enabled, vessel data is transmitted via encrypted connections (TLS 1.2+) to secure cloud infrastructure hosted in Microsoft Azure (UK West region). Contact form submissions and account data are stored in our secure cloud infrastructure.
3.2 Security Measures
- All data transmitted between devices and cloud services uses TLS 1.2 or higher encryption.
- Cloud infrastructure is hosted within secure, professionally managed data centres.
- Access to vessel data is controlled by authentication (LDAP or local credentials).
- We implement role-based access controls within our products.
- Security monitoring and event logging is provided where configured.
3.3 Data Retention
- Telemetry data: Retained on-vessel for as long as storage permits, managed by the vessel operator. Cloud-synced data is retained for the duration of the service agreement.
- Audit logs: Retained for a minimum of 12 months for compliance purposes, then automatically purged.
- Account data: Retained for the duration of the business relationship and for 12 months thereafter, unless a longer period is required by law.
- Contact form data: Retained for 24 months or until the enquiry is resolved, whichever is longer.
4. Data Sharing
We do not sell, rent, or trade your personal data or vessel data to third parties.
We may share data only in the following limited circumstances:
- Service providers: We use Microsoft Azure for cloud hosting and data processing. These providers are bound by data processing agreements and process data only on our instructions.
- At your direction: When you configure data sharing with third-party systems or integrations (e.g., fleet management platforms).
- Legal obligations: Where required by law, regulation, court order, or governmental request. We will notify you where legally permitted to do so.
- Safety: Where necessary to protect the safety of persons or vessels in an emergency.
5. Your Rights
If you are located in the UK or European Economic Area, you have the following rights under the UK GDPR / EU GDPR:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate data.
- Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@vinova.uk. We will respond within 30 days.
6. Mobile Application Specific Provisions
6.1 NCoDE Mobile (iOS and Android)
- Network access: The app requires network access to connect to your vessel's NCoDE system, either via local WiFi or a cloud proxy service. No data is transmitted to Vinova Systems unless cloud sync is explicitly configured by the vessel operator.
- Local network access (iOS): The app may request local network permission to discover and connect to NCoDE systems and CCTV cameras on the vessel's local network.
- Notifications: The app may request permission to send notifications for vessel alerts and threshold breaches. You can disable notifications at any time in your device settings.
- No background location: The app does not access your device's GPS or location services. Vessel position is obtained from the vessel's navigation instruments.
- Biometric authentication (iOS): The app may use Face ID or Touch ID to securely authenticate you. Biometric data is processed entirely on your device by iOS and is never transmitted to or accessed by Vinova Systems.
- No camera or microphone: The app does not access your device's camera or microphone.
- Data stored on device: Connection settings (server URL, protocol preference) and cached telemetry data are stored locally on your device. This data is removed when you uninstall the app.
- Third-party SDKs: The app uses React Native (Meta Platforms) as its application framework and react-native-maps for map display. No advertising or analytics SDKs are included.
6.2 Apple App Tracking Transparency
NCoDE Mobile does not track you across other companies' apps or websites. We do not use the AppTrackingTransparency framework because we do not engage in tracking as defined by Apple.
6.3 Apple Privacy Nutrition Labels
The following data types are collected by NCoDE Mobile:
| Data Type | Collection | Linked to Identity | Used for Tracking |
|---|
| Email address | For account/login | Yes | No |
| Name | For account/login | Yes | No |
| Product interaction | App functionality | No | No |
| Device type / OS version | App functionality | No | No |
7. Cookies and Website Tracking
Our website (www.vinova.uk) uses only essential cookies required for the website to function. We do not use advertising cookies, social media tracking pixels, or third-party analytics that share data with advertisers.
8. Children's Privacy
Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.
9. International Data Transfers
Our primary data processing takes place in the United Kingdom. Where data is processed outside the UK (for example, via cloud infrastructure), we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions as applicable.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of this page and, where appropriate, via in-app notification or email. Your continued use of our Services after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.