Legal

Privacy Policy

Last updated: March 2026

1. Introduction

VoyageLink (voyagelink.io) is operated by VoyageLink Ltd. This policy explains what data we collect, why we collect it, and your rights over it. We are committed to protecting your privacy and handling your data transparently.

2. Data We Collect

  • Account data: email address, name, and avatar (managed via Clerk authentication)
  • Device data: satellite device identifiers, IMEI numbers, and device configuration
  • Position data: GPS coordinates, speed over ground, course over ground, heading, and altitude
  • Message data: composed messages, delivery status, and recipient information
  • Weather data: fetched on your behalf from third-party providers, not stored long-term
  • Payment data: handled entirely by Stripe — we never see or store your card details
  • Usage data: pages visited and features used for service improvement (via Sentry error tracking)

3. How We Use Your Data

We use your data to:

  • Provide the VoyageLink service
  • Compose and deliver automated messages on your behalf
  • Display your position on tracking maps
  • Process payments for your subscription
  • Monitor service reliability via Sentry error tracking

We will NEVER:

  • Use your data to train AI models
  • Sell your data to third parties
  • Serve advertising based on your data

4. Zero Data Retention for AI Processing

VoyageLink uses AI to compose messages on your behalf. Your expedition data — position, weather, telemetry — is sent to our AI provider solely for the purpose of composing your message. This data is processed under a Zero Data Retention (ZDR) agreement, meaning it is not stored, logged, or used for any purpose beyond composing your message. Once your message is generated, all input data is discarded by the AI provider.

5. Data Retention

  • Account data: retained until you delete your account
  • Position history: retained until you delete it or your account
  • Messages: retained until you delete them or your account
  • Account deletion: when you delete your account, all your data is permanently deleted within 30 days

6. Data Sharing

We share data only with the following service providers:

  • Clerk — authentication
  • Stripe — payment processing
  • Twilio — SMS delivery
  • SendGrid — email delivery
  • Supabase — database hosting
  • Sentry — error monitoring
  • AI provider — message composition only, under ZDR agreement

We do not sell, rent, or share your data with any other third parties.

7. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Delete your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing of your personal data

To exercise any of these rights, contact us at sam@voyagelink.io.

8. Cookies

We use essential cookies only, required for authentication session management. We do not use advertising cookies, tracking cookies, or any third-party cookies for analytics or marketing purposes.

9. Security

  • All data encrypted in transit using TLS 1.3
  • All data encrypted at rest using AES-256
  • Authentication managed via Clerk with industry-standard security
  • Regular security audits and vulnerability assessments

10. Contact

Sam Joynson
VoyageLink
sam@voyagelink.io
voyagelink.io

11. Changes to This Policy

We will notify users by email of any material changes to this privacy policy. Your continued use of VoyageLink after changes are published constitutes acceptance of the updated policy.