Phoenix AIPhoenixAI
Client LoginGet Started

Privacy Policy

Last updated: January 2025

1. Introduction

Phoenix AI Limited ("Phoenix AI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our maritime VAT compliance platform and related services (the "Services").

We are headquartered in the European Union and process data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Phoenix AI Limited
Le Panorama, 57 Rue Grimaldi, 98000 Monaco
Email: privacy@phoenixai.app

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, company name, phone number when you register
  • Vessel Data: Vessel names, registration numbers, MMSI, flag state, and related details
  • Charter Information: Charter contracts, itineraries, embarkation/disembarkation points, fees
  • Financial Data: APA transactions, expense records, invoicing information
  • Communications: Messages you send to us, support requests, feedback

3.2 Automatically Collected Information

  • AIS Position Data: Vessel positioning data from integrated AIS providers
  • Usage Data: Features used, calculations performed, documents generated
  • Device Information: Browser type, IP address, device identifiers
  • Cookies: Session and preference cookies (see Cookie Policy)

4. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: Perform VAT calculations, generate evidence packs, manage compliance workflows
  • Territorial Analysis: Process AIS data to determine territorial water allocations
  • Compliance Documentation: Create and store audit-ready documentation
  • Blockchain Anchoring: Create immutable records for document integrity verification
  • Account Management: Manage your account, subscriptions, and preferences
  • Communication: Send service updates, filing reminders, and support responses
  • Improvement: Analyze usage patterns to improve our Services
  • Legal Compliance: Comply with applicable laws and regulatory requirements

5. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: Processing necessary to provide our Services to you
  • Legitimate Interests: Service improvement, security, fraud prevention
  • Legal Obligation: Compliance with tax, accounting, and regulatory requirements
  • Consent: Where required, such as for marketing communications

6. Data Sharing

We may share your information with:

  • Service Providers: Cloud hosting, AIS data providers, payment processors who assist in delivering our Services
  • Professional Advisors: Accountants, lawyers, and consultants bound by confidentiality obligations
  • Authorities: Tax authorities, regulators, or law enforcement when legally required
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

7. Data Retention

We retain your data for as long as necessary to provide our Services and comply with legal obligations. Compliance documentation and audit evidence is retained for the statutory retention period applicable in each jurisdiction (typically 7-10 years).

You may request deletion of your data at any time, subject to legal retention requirements. Blockchain-anchored hashes cannot be deleted but contain no personally identifiable information.

8. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • SOC 2 Type II certification

See our Security page for more details.

9. Your Rights

Under GDPR and applicable law, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@phoenixai.app.

10. International Transfers

Your data is stored in EU data centers. We do not transfer data outside the European Economic Area except where necessary to provide our Services and appropriate safeguards are in place (Standard Contractual Clauses).

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our platform.

12. Contact Us

For privacy-related questions or to exercise your rights, contact our Data Protection Officer:

Email: privacy@phoenixai.app
Address: Le Panorama, 57 Rue Grimaldi, 98000 Monaco

You also have the right to lodge a complaint with your local data protection supervisory authority.