Back to Home

Privacy Policy

Effective date: March 14, 2026

Last updated: March 2026

MDONZELLI LTD ("we", "us", "our"), a company registered in England and Wales, operates the SV.GOAT application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SV.GOAT mobile application (Android), web application at svgoat.app, and the GOAT device hardware.

By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • Authentication credentials (password hash or Google OAuth token)
  • App access PIN (stored as a SHA-512 hash — we never store or have access to your plaintext PIN)

1.2 Boat and Equipment Data

When you register a vessel, we collect:

  • Boat name, type, make, model, and year
  • Vessel dimensions (length, beam, draft)
  • Equipment configuration (tanks, batteries, solar panels, engines)
  • GOAT device ID, firmware version, and connectivity status

1.3 Sensor Telemetry Data

When your GOAT device is active and connected, we collect sensor data transmitted from your vessel's SignalK server, including but not limited to:

  • GPS position (latitude, longitude, course, speed over ground)
  • Depth below keel/transducer
  • Wind speed and direction (apparent and true)
  • Air and water temperature
  • Battery voltage, current, and state of charge
  • Solar panel output
  • Tank levels (fuel, water, waste)
  • Bilge pump activation status
  • Engine RPM and temperature
  • AIS vessel traffic data in your vicinity

1.4 Location Data

We collect your vessel's GPS position continuously when the GOAT device is active. This data is used to provide anchor watch monitoring, weather forecasts for your location, remote monitoring, voyage tracking, and AIS collision avoidance. Your vessel's location is never shared publicly. Only you and users you have explicitly granted access to can view your vessel's position.

1.5 Usage Data

We automatically collect certain information about how you interact with the Service:

  • Feature usage patterns and frequency
  • App interaction events
  • Alert configurations and notification preferences
  • Device type, operating system version, and app version

1.6 Photos and Media

You may optionally attach photos to voyage logs. Photos are stored in our cloud storage and are only accessible to you and users you explicitly share access with. We do not analyze, scan, or use your photos for any purpose other than displaying them within your account.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the boat monitoring service
  • Display real-time and historical vessel telemetry data
  • Send alerts and push notifications about vessel conditions (anchor drift, low battery, high wind, bilge pump activity, etc.)
  • Provide anchor watch and GPS-based safety monitoring
  • Deliver weather forecasts and GRIB data for your vessel's location
  • Enable remote monitoring of your vessel from anywhere
  • Facilitate vessel data sharing with crew, family, and guests you authorize
  • Record and display voyage tracks and sailing logs
  • Power AI-assisted sailing insights (Captain Data-beard)
  • Process account management requests (password resets, account deletion)
  • Send transactional emails (account verification, password resets, critical alerts)
  • Improve, optimize, and develop new features for the Service
  • Monitor and analyze usage trends for service reliability
  • Respond to customer support inquiries
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data include:

  • Performance of a contract: Processing necessary to provide the Service you have subscribed to
  • Consent: Where you have given us explicit permission (e.g., optional location sharing, photos)
  • Legitimate interests: Improving our Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights
  • Legal obligation: Where processing is required to comply with applicable law

4. Data Storage and Security

4.1 Infrastructure

Your data is stored on Supabase infrastructure (PostgreSQL database) hosted on Amazon Web Services (AWS) in the US East 1 (N. Virginia) region. Files and media are stored in Supabase Storage.

4.2 Encryption

  • All data is encrypted in transit using TLS 1.2 or higher
  • All data is encrypted at rest using AES-256 encryption
  • Remote device connections are secured via Cloudflare Tunnels (encrypted end-to-end)
  • Authentication tokens and session data are cryptographically signed
  • Your app access PIN is stored as a SHA-512 hash and cannot be reversed

4.3 Security Measures

We implement industry-standard security measures including row-level security (RLS) policies on all database tables, role-based access control, secure API authentication, and regular security monitoring. Access to production systems is restricted and logged.

4.4 Data Retention

Telemetry data is retained according to your subscription tier. Account data is retained for as long as your account is active. When you delete your account, all associated data is permanently removed within 30 days. Anonymized, aggregated analytics data may be retained indefinitely as it cannot be linked back to any individual user.

5. Data Sharing and Third-Party Services

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to third parties. Period. We will never monetize your vessel's location, telemetry data, or personal information.

5.2 Third-Party Service Providers

We use the following third-party services to operate the Service. These providers only receive the minimum data necessary to perform their function:

  • Supabase (database, authentication, file storage) — stores your account data, telemetry data, and media files. Supabase Privacy Policy
  • Cloudflare (secure tunnels, DNS, DDoS protection) — provides encrypted remote access to your GOAT device and protects our infrastructure. Cloudflare Privacy Policy
  • Vercel (web application hosting) — hosts the svgoat.app web application. Vercel Privacy Policy
  • Google (OAuth authentication) — processes authentication when you sign in with Google. We receive your name and email address from Google. Google Privacy Policy
  • Open-Meteo (weather data) — provides weather forecasts and GRIB data. No personal data or vessel position is shared with Open-Meteo; weather requests are made using approximate coordinates only. Open-Meteo Terms
  • Resend (transactional email) — sends account verification, password reset, and critical alert emails. Receives only your email address and the email content. Resend Privacy Policy

5.3 Vessel Sharing

When you share access to your vessel with crew members, family, or guests, they can view your vessel's telemetry data and position. You control who has access and can revoke sharing at any time. Shared users cannot modify your vessel configuration or share your data further.

5.4 Legal Disclosure

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency), or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Cookies and Tracking Technologies

The SV.GOAT web application uses strictly necessary cookies for:

  • Authentication session management (keeping you logged in)
  • Security tokens (CSRF protection)

We do not use advertising cookies, social media tracking pixels, or third-party analytics trackers. We do not engage in cross-site tracking or behavioral advertising.

7. International Data Transfers

Your data is stored on servers located in the United States (AWS US East 1). If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws, including the UK GDPR and EU GDPR.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to data portability: Request export of your data in a machine-readable format
  • Right to restrict processing: Request that we limit how we use your data
  • Right to object: Object to our processing of your data based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time

8.1 How to Exercise Your Rights

  • Delete your account: You can delete your account directly from the app settings. This permanently removes all your data, including vessels, telemetry history, voyage logs, and shared access tokens.
  • Export your data: You can export your boat data and voyage logs from within the app.
  • Contact us: For any other data rights requests, email us at privacy@svgoat.app. We will respond within 30 days.

8.2 Complaints

If you are located in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are located in the EEA, you may contact your local data protection authority.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@svgoat.app.

10. GOAT Device and On-Boat Data

The GOAT device installed on your vessel collects sensor data from your boat's SignalK server and NMEA 2000 network. Important details about how data flows:

  • The GOAT device acts as a bridge between your vessel's instruments and the SV.GOAT cloud service
  • Data is transmitted from the GOAT device to our cloud via encrypted Cloudflare Tunnels
  • When you are on the same local network as your GOAT device, data can be accessed directly without going through the cloud
  • The GOAT device receives over-the-air (OTA) software updates to maintain security and add features
  • You can disconnect the GOAT device at any time to stop all data collection from your vessel

11. Push Notifications

With your permission, we send push notifications for critical vessel alerts (anchor drift, low battery, high wind, bilge pump activation, etc.). You can configure which alerts you receive and their thresholds within the app settings. You can disable push notifications at any time through your device's system settings or within the app.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise any of your rights, please contact us:

See also: Terms of Service