Privacy Policy

Last updated: March 11, 2026

This short summary does not replace the full legal text below. Mandatory local law prevails where it grants non-waivable rights.

Saymarine Denizcilik Teknolojileri San. Tic. Ltd. ("Saymarine," "we," "us," or "our") operates the Ancwhis mobile application (the "App"), the Ancwhis IoT hardware device, and related cloud services (collectively, the "Services"). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our Services.

This Privacy Policy is drafted primarily for users in Türkiye, the European Economic Area, Switzerland, California, Thailand, and Indonesia. Where mandatory data protection law in your place of residence gives you stronger or additional rights, those local mandatory rules will prevail for the relevant processing activity.

1. Data Controller

The data controller for personal data collected through our Services is:

2. Information We Collect

a) Account Information

When you create an account, we collect your email address, full name, and optionally your phone number and vessel name. This information is necessary to provide and personalize our Services.

b) Device & Telemetry Data

Our Ancwhis hardware device transmits the following data to our cloud infrastructure via IoT protocols:

• GPS coordinates — vessel position (latitude, longitude)
• Anchor status — anchor set/drag detection alerts
• Battery level — device battery charge status
• System health — accelerometer data, internal temperature, signal strength, firmware version
• Connectivity status — Wi-Fi and cellular connection quality metrics

c) Technical Data

When you use the App, we may automatically collect:

• Mobile device type, operating system, and version
• App version and build number
• IP address (for authentication and security purposes)
• App usage patterns and crash reports
• Time zone and language preferences

d) Push Notification Tokens

If you enable push notifications, we collect your device token for Apple Push Notification Service (APNs) on iOS or Firebase Cloud Messaging (FCM) on Android. These tokens are used exclusively for delivering anchor alerts and system notifications.

e) Support & Communication Data

If you contact us through our website contact form, email, or in-app support, we collect your name, email address, message content, and any attachments you provide.

3. How We Use Your Information

We use your personal data for the following purposes:

• Service delivery — Providing anchor monitoring, GPS tracking, and real-time alerts
• Authentication — Verifying your identity and managing your account securely
• Notifications — Sending time-critical anchor drag alerts and system status updates
• Multi-user sharing — Enabling you to share device access with authorized family members or crew
• Product improvement — Analyzing aggregated, anonymized usage data to improve our hardware, firmware, and app
• Customer support — Responding to your inquiries and troubleshooting technical issues
• Safety & security — Detecting fraud, unauthorized access, and ensuring system integrity
• Legal compliance — Fulfilling legal obligations and responding to lawful requests

We do not use your data for behavioral advertising, user profiling for marketing purposes, or selling to third parties.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contractual necessity — Processing required to deliver the Services you have subscribed to (KVKK Art. 5/2-c; GDPR Art. 6(1)(b))
• Legitimate interest — Improving our products, ensuring security, and preventing fraud (KVKK Art. 5/2-f; GDPR Art. 6(1)(f))
• Legal obligation — Complying with applicable laws and regulations (KVKK Art. 5/2-ç; GDPR Art. 6(1)(c))
• Consent — Where required, such as for push notifications or optional analytics (KVKK Art. 5/1; GDPR Art. 6(1)(a)). You may withdraw consent at any time.

5. Location Data

Location data is central to the Ancwhis anchor monitoring service. GPS coordinates are collected from the Ancwhis hardware device (not from your phone) and transmitted to our cloud servers to enable real-time vessel position tracking, anchor drag detection, and alert delivery.

Your vessel's location data is:

• Stored securely in encrypted form on AWS infrastructure
• Accessible only to you and users you have authorized (e.g., family sharing)
• Not shared with any third parties for marketing or advertising purposes
• Retained according to our data retention policy (see Section 11)

The App may request access to your phone's location to display your position on the map relative to your vessel. This permission is optional and the App will function fully without it.

6. Third-Party Services

We use the following third-party service providers to operate our Services. These providers process data under strict contractual data processing agreements:

• Amazon Web Services (AWS) — Cloud infrastructure, database hosting, IoT device management (AWS IoT Core), user authentication (AWS Cognito), and serverless computing (Lambda). Data is primarily stored in the EU-Central-1 (Frankfurt) region.
• Apple Push Notification Service (APNs) — Delivering push notifications to iOS devices
• Google Firebase Cloud Messaging (FCM) — Delivering push notifications to Android devices
• Map services — The App may use Google Maps or similar map tile providers to display vessel position on a map. These services may receive your device's viewport area but not your personal identity.

We do not sell, rent, or trade personal data to any third party. We do not integrate any advertising SDKs or analytics platforms that track users across apps.

7. Tracking & Advertising

We do not track you across other companies' apps or websites. We do not use any advertising identifiers (IDFA, GAID) or third-party tracking SDKs.

On iOS, our App respects Apple's App Tracking Transparency (ATT) framework. Since we do not engage in tracking as defined by Apple, we do not request the ATT permission prompt.

On Android, we do not collect the Google Advertising ID and do not engage in cross-app or cross-site tracking.

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit — All data transmitted between the App, our hardware, and cloud servers uses TLS 1.2+ encryption
• Encryption at rest — Personal data stored in our databases is encrypted using AES-256
• Authentication — User authentication is managed through AWS Cognito with secure token-based sessions
• Credential storage — Sensitive credentials are stored in platform-secure storage (iOS Keychain / Android EncryptedSharedPreferences)
• Device provisioning — IoT devices use certificate-based mutual TLS authentication with AWS IoT Core
• Access control — Internal access to user data is restricted to authorized personnel on a need-to-know basis

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

9. Data Sharing

We do not sell, rent, or share your personal data with third parties except in the following circumstances:

• With your consent — When you use the multi-user device sharing feature, authorized users (e.g., family members) can view your device's data
• Service providers — With trusted third-party providers who process data on our behalf under contractual obligations (see Section 6)
• Legal requirements — When required by law, regulation, or valid legal process (court order, government request)
• Safety — When we believe in good faith that disclosure is necessary to protect the safety of our users or the public
• Business transfer — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. You will be notified of any such change.

10. International Data Transfers

Saymarine is headquartered in Türkiye. Our cloud infrastructure is primarily hosted in the European Union (AWS EU-Central-1, Frankfurt). Data may be processed in or transferred to countries outside your country of residence, including Türkiye and the European Economic Area.

When transferring personal data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all sub-processors
• Compliance with KVKK requirements for international transfers (Art. 9)
• Additional transfer safeguards, notices, or consents where required by Swiss, Thai, Indonesian, or other applicable local law

11. Data Retention & Deletion

We retain your personal data only for as long as necessary to provide our Services and fulfill the purposes described in this Policy:

• Account data — Retained while your account is active and for up to 30 days after account deletion request
• Telemetry data — Real-time telemetry is retained for the duration of your active subscription. Historical data is retained as configured in the App (default: 7 days rolling window)
• Support communications — Retained for up to 2 years to provide ongoing service
• Backup data — Removed from backup systems within 90 days of deletion from active systems

Account deletion: You may request deletion of your account and all associated data at any time by using the "Delete Account" feature within the App or by emailing info@saymarine.com. Upon receiving a valid deletion request:

• Your account and personal data will be removed from active systems within 30 days
• Associated device data and telemetry will be permanently deleted
• Backup copies will be purged within 90 days
• We may retain anonymized, aggregated data that cannot be linked back to you

12. Your Rights

Depending on your jurisdiction and the way we provide the Services to you, you may have the following rights regarding your personal data. We will respond within the timeframe required by applicable law.

Under KVKK (Article 11)

• Right to know whether your data is being processed
• Right to request information about the processing
• Right to know the purpose of processing and whether it is used appropriately
• Right to know the third parties to whom data is transferred
• Right to request correction of incomplete or inaccurate data
• Right to request deletion or destruction of data
• Right to object to processing results obtained exclusively through automated means
• Right to request compensation for damages arising from unlawful processing

You may exercise these rights by contacting info@saymarine.com. You may also file a complaint with the Turkish Personal Data Protection Authority (KVKK) at www.kvkk.gov.tr.

Under GDPR (where applicable)

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / "right to be forgotten" (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right not to be subject to automated individual decision-making (Art. 22)

EU residents may lodge a complaint with their local Data Protection Authority.

Under Swiss Federal Act on Data Protection (FADP), where applicable

• Right to information about whether we process your personal data and what data we process
• Right to request correction of inaccurate personal data
• Right to request deletion where the data is no longer required, consent is withdrawn, or processing is otherwise unlawful
• Right to request restriction, object to certain processing, and request data portability where the law provides those rights
• Rights relating to automated individual decisions where applicable

Swiss residents may seek court enforcement of their rights or report significant breaches to the Federal Data Protection and Information Commissioner (FDPIC).

13. Additional Regional Privacy Notices

California (CCPA/CPRA, where applicable)

If we are subject to the California Consumer Privacy Act as amended by the CPRA for a particular California resident interaction, California residents may have the following additional rights:

• Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete — You may request deletion of personal information we have collected
• Right to Correct — You may request correction of inaccurate personal information
• Right to Opt-Out — You may direct a business to stop the sale or sharing of your personal information. We do not currently sell or share personal information for cross-context behavioural advertising.
• Right to Limit — You may request limits on the use and disclosure of sensitive personal information, where the law grants that right
• Non-Discrimination — We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at info@saymarine.com. We will verify your identity before fulfilling any request. California residents may also submit a complaint to the California Privacy Protection Agency (CPPA).

Thailand (PDPA, where applicable)

If Thai personal data protection law applies to your use of the Services, you may request access, correction, deletion, and other rights made available by the Personal Data Protection Act B.E. 2562. We will notify you of material privacy notice changes as required by applicable Thai law.

Indonesia (Law No. 27 of 2022, where applicable)

If Indonesian personal data protection law applies to your use of the Services, you may exercise the rights granted to data subjects under Law No. 27 of 2022 on Personal Data Protection and related implementing regulations. Where required, we will follow local rules governing overseas transfers, retention, and responses to data subject requests.

14. Cookies & Similar Technologies

Our main website (www.saymarine.com) is a static website that does not use cookies, tracking pixels, or similar technologies. We do not use Google Analytics or any third-party analytics tools on our website.

The Ancwhis mobile app does not use web cookies. It uses secure token-based authentication (JWT) stored in platform-secure storage.

15. Children's Privacy

Our Services are not directed to children. We do not knowingly collect personal information from a child below the minimum age at which they may lawfully use the Services or consent to relevant processing without parental or guardian involvement under applicable law. If we become aware that we have collected personal data from a child in violation of applicable law, we will take steps to delete that data promptly. If you believe we have inadvertently collected such data, please contact us at info@saymarine.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this page
• We will notify you via in-app notification or email for significant changes
• We will post the updated policy on this page

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

17. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: