Privacy Policy

Effective date: April 27, 2026 | Last updated: April 27, 2026

This Privacy Policy explains how Skipi handles personal data in the Skipi desktop application, Skipi Crewing, skipi.app, and related online services. Skipi is operated by Tymur Rudov ("we", "us").

1. Controller

Tymur Rudov
Tbilisi, Georgia
Email: info@tymur.org

2. Product Stage and Target Markets

At this stage, Skipi is developed primarily for maritime users and companies in Ukraine, Russia, India, the Philippines, Indonesia, Sri Lanka, and comparable non-EEA markets. The current online services are not intentionally marketed as a public EU/UK recruitment or job-placement service.

If data-protection laws such as GDPR or UK GDPR apply to a specific processing operation, we will handle applicable requests through the contact email above. Company-side users remain responsible for their own legal basis and compliance when they receive, store, or use seafarer data.

3. Local-First Principle

Skipi's core desktop features are local-first:

your vault, documents, CVs, contract evidence, and metadata are stored in a folder on your device;
core document management does not require a Skipi account;
we do not receive your local vault contents unless you explicitly use an online feature that sends data;
you control backups, deletion, and device security for local files.

4. Data We May Process

Feature	Data	Purpose
Website / waitlist	Email address if you submit it; basic technical logs from hosting or form providers	Respond to requests, notify about launch, protect the site
Auto-update	Version check requests handled by update hosting providers	Deliver signed application updates
Job alerts / vacancy polling	Broad filters such as rank or vessel type if sent by the app; IP address visible at transport level; no seafarer account profile	Return public vacancies and protect the service
Anonymous engagement counters	Vacancy ID plus an action such as apply-click or hide	Show aggregate employer-side interest without identifying a seafarer
Encrypted messaging	Public user ID, public key, role, thread ID, sender/recipient IDs, timestamps, message size, ciphertext	Route end-to-end encrypted messages
Contact initiation / relay	Redacted CV, optional documents, message text, contact-for-reply, summary fields chosen by the seafarer	Deliver the seafarer's chosen communication to the employer
Employer / crewing verification	Company name, legal name, jurisdiction, registration number, corporate email, phone, MLC or licence information, admin review notes	Verify company-side users and reduce fraud risk
Vessel reviews, where available	IMO number, ratings, review text, rank at the time, contract period, pseudonymous author hash, proof metadata if submitted	Display community vessel information and reduce duplicate or fraudulent reviews
Support / security	Information you send us, logs needed to investigate abuse, security incidents, or delivery failures	Provide support and protect users

5. What We Do Not Do

We do not sell personal data.
We do not use third-party advertising trackers in the desktop app.
We do not build a permanent server-side seafarer profile database for matching.
We do not perform server-side candidate ranking or hiring decisions.
We do not read end-to-end encrypted message content.
We do not upload your local vault documents unless you explicitly initiate a feature that sends them.

6. Legal Bases Where Required

Where a data-protection law requires a legal basis, we generally rely on:

user request or contract to provide the feature you use;
consent where you explicitly enable an optional feature or send documents;
legitimate interests for fraud prevention, security, service integrity, and basic operational logs;
legal obligation where we must keep or disclose information under applicable law.

7. Retention

Local vault data: stays on your device until you delete it.
Hosted attachments or package files: intended to be temporary and deleted after expiry or delivery window.
Vacancies: may remain active until expiry or closure, then may be retained for audit, abuse prevention, and company history.
Encrypted messages: retained while needed to provide the thread unless deleted or expired under product rules.
Verification and billing records: retained as needed for fraud prevention, accounting, and legal reasons.
Security logs: kept only as long as reasonably needed for security, debugging, and abuse prevention.

8. Sharing

We share data only as needed to operate Skipi:

with the recipient you choose when you send a CV, package, message, or contact request;
with infrastructure, hosting, email, update, storage, payment, form, or security providers acting for operational purposes;
with authorities or other parties if required by law or needed to protect users, security, or legal rights.

Once an employer, crewing company, or other recipient receives your CV, documents, contact details, or message, that recipient is independently responsible for how it handles the data.

9. International Processing

Skipi is operated from Georgia and may use providers in other countries. Your data may be processed outside your country of residence. Where legally required, we will use appropriate safeguards for international transfers.

10. Security

We use technical and organizational measures appropriate to the product stage, including TLS for network transport, signed desktop updates, local-first storage, and end-to-end encryption for supported message content. No system is perfectly secure. Local vault security depends on your device, operating system account, vault folder permissions, and backups.

11. AI and OCR Features

AI or OCR features are optional document-assistance tools. Local OCR or local model use may keep processing on your device. If you configure a cloud AI provider or API key, document content may be sent to that provider under its own terms. Skipi does not use your documents to train AI models unless you explicitly agree to a future feature that says so.

12. Your Choices and Rights

You can keep using local vault features without enabling job alerts or online messaging.
You can turn job alerts off to stop vacancy polling.
You can choose redacted CVs and avoid sending full personal details until you decide.
You can request deletion of platform-held data by contacting us.
We cannot guarantee deletion of copies already delivered to or downloaded by recipients.

13. Children

Skipi is intended for professional maritime users and is not intended for persons under 18.

14. Changes

We may update this Privacy Policy as Skipi changes. The "Last updated" date shows the current version.

15. Contact

For privacy questions or requests:
Tymur Rudov
Email: info@tymur.org
Website: skipi.app