Gia Marine Intelligence LLC
Summary in plain English: We collect your account information and the questions you ask the assistant so we can run the service and make it better. We do not sell your data, do not share individual queries with other customers, and do not allow our AI vendors to train models on your prompts or our manual content. You can ask us to delete your account and your data at any time by emailing legal@giamarine.com.
Gia Marine Intelligence LLC ("Gia Marine," "we," "us," or "our") is a Florida limited liability company operating the AI-powered marine documentation assistant available at giamarine.com (the "Service").
For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, Gia Marine Intelligence LLC is the data controller of personal data we collect directly from you when you use the Service. Where a manufacturer, dealer, or fleet operator provides the Service to you under their own subscription, we act as a data processor on their behalf and the relevant Data Processing Agreement governs that relationship.
General privacy questions: legal@giamarine.com
Security disclosures: security@giamarine.com
Mailing address: [REGISTERED AGENT ADDRESS — UPDATE BEFORE PUBLISHING]
EU representative (Art. 27 GDPR): [TBD — engage Prighter, EDPO, or VeraSafe before EU customer launch]
UK representative: [TBD — engage UK representative before UK customer launch]
| Purpose | GDPR legal basis |
|---|---|
| Authenticate you and provide access to the Service | Performance of a contract (Art. 6(1)(b)) |
| Enforce access control to manufacturer-licensed manuals | Performance of a contract; legitimate interests (Art. 6(1)(f)) in protecting licensed content |
| Operate, monitor, and secure the Service (logging, rate limiting, fraud and abuse prevention) | Legitimate interests (Art. 6(1)(f)) |
| Improve search relevance, identify content gaps, and train our internal knowledge base from anonymized aggregate data | Legitimate interests (Art. 6(1)(f)) |
| Communicate with you about service updates, billing, and security incidents | Performance of a contract; legal obligation (Art. 6(1)(c)) |
| Comply with applicable law and respond to lawful requests | Legal obligation (Art. 6(1)(c)) |
| Send marketing communications (only with your consent and only if you opted in) | Consent (Art. 6(1)(a)), withdrawable at any time |
We do not use your queries or any personal data to train third-party large language models. Our LLM and embedding providers (see Section 5) are contractually prohibited from training their models on inputs and outputs we send through their APIs.
We use a small set of vetted third-party service providers to operate the Service. A complete, up-to-date list of subprocessors, what data they receive, and where they store it is published at /subprocessors. We review subprocessors at least annually and require each one to provide appropriate technical and organizational security measures.
If you access the Service through a manufacturer, dealer, or fleet account, administrators within your organization can see usage data (queries asked, models used, last login) tied to your account. They cannot see your password. If you do not want your organization administrators to see your queries, do not use the Service through their account.
We may share aggregated, de-identified usage statistics (for example, "most queried topics across all V46 owners last quarter") with the manufacturer who licensed the underlying content. We will not share individual identifiable queries with manufacturers unless required by a Data Processing Agreement with your organization or by law.
We may disclose information if required by a valid subpoena, court order, or other legal process, or to protect the rights, property, or safety of Gia Marine, our users, or the public. We will challenge overbroad requests and notify affected users when we are legally permitted to do so.
If we are acquired, merged, or sell substantially all of our assets, personal data may be transferred as part of that transaction, subject to the acquirer agreeing to honor this Privacy Policy or providing equivalent protections. We will notify affected users at least 30 days before any such transfer.
Gia Marine is based in the United States. Personal data we collect is primarily processed in the United States. If you access the Service from outside the United States, your data will be transferred to, stored in, and processed in the U.S. and other countries where our subprocessors operate.
For personal data transferred from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) (2021 modules) as the legal mechanism for transfer. Where applicable, we supplement these clauses with appropriate technical measures (encryption in transit and at rest, access controls, audit logging).
The locations and transfer mechanisms for each subprocessor are listed at /subprocessors.
| Data type | Retention period |
|---|---|
| Account information (email, name, password hash, org membership) | While your account is active, plus 30 days after deletion to allow for restoration. Permanently deleted after 30 days unless we are required to retain it by law. |
| Query logs and conversation history | 12 months from the date of the query, after which the user identifier is stripped and the query is retained in anonymized aggregate form for product improvement. |
| Feedback (thumbs up/down with associated query) | 12 months, then anonymized. |
| Operational and security logs (IP addresses, request logs) | 30 days. |
| Database backups | 30 days. When a record is deleted from production, it persists in backups for up to 30 days before being purged. |
| Authentication cookies and refresh tokens | Access tokens expire after 15 minutes. Refresh tokens expire after 7 days. Both are deleted immediately on logout. |
| Support email correspondence | 3 years from the date of the last message in the thread. |
| Billing and tax records (when applicable) | 7 years, as required by U.S. tax law. |
Regardless of where you are located, you can:
To exercise any of these rights, email legal@giamarine.com from the email address associated with your account. We will respond within 30 days. We may need to verify your identity before processing certain requests.
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
To submit a request, email legal@giamarine.com with the subject line "California Privacy Request." Authorized agents may submit requests on your behalf with written authorization.
| Category (CCPA) | Examples we collect | Purpose |
|---|---|---|
| Identifiers | Email, name, account ID, IP address | Account management, security |
| Customer records | Email, password hash, organization affiliation | Account management |
| Commercial information | Subscription tier, billing history (when applicable) | Billing |
| Internet activity | Queries asked, conversation history, feedback, model selections | Service operation and improvement |
| Inferences | Whether a query was low-confidence, which knowledge gaps exist | Product improvement |
We use industry-standard administrative, technical, and physical safeguards to protect personal data, including:
No system is perfectly secure. If you believe your account has been compromised, contact security@giamarine.com immediately.
If we discover a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay. We will notify supervisory authorities within 72 hours where required by GDPR. We will follow applicable U.S. state breach-notification laws including the California breach-notification statute.
We use a minimal set of cookies, all strictly necessary to operate the Service. We do not use advertising or analytics cookies.
| Cookie | Purpose | Lifetime |
|---|---|---|
| gia_access | Short-lived authentication token. Required to use the Service after login. | 15 minutes |
| gia_refresh | Refresh token used to obtain new access tokens without re-entering your password. | 7 days |
Both cookies are set with the HttpOnly, Secure, and SameSite=Lax flags. They are deleted when you log out.
Because we use only strictly necessary cookies for authentication, we do not display a cookie consent banner under the EU ePrivacy Directive. If we ever add analytics or marketing cookies, we will request consent first.
The Service is intended for use by adults engaged in vessel operation, maintenance, or service. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact legal@giamarine.com and we will delete it.
The Service uses artificial intelligence to generate responses to your questions. These responses are informational only and are not used to make decisions about you. We do not engage in profiling or automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR Article 22.
The Service may link to third-party websites or services (such as manufacturer support portals or YouTube videos referenced in knowledge base articles). We are not responsible for the privacy practices of those third parties. Review their privacy policies before submitting any personal data.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. The "Last updated" date at the bottom of this page indicates when this policy was last revised. We will notify you of material changes by email or through a notice in the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.
If you have questions, concerns, or complaints about this Privacy Policy or how we handle your personal data:
EEA/UK residents may also contact our European representative directly: [REPRESENTATIVE NAME AND ADDRESS — UPDATE BEFORE EU LAUNCH]
Last updated: [DATE TO BE FILLED ON PUBLISH] · Version 1.0 · Terms of Service · Subprocessors · Acceptable Use