Octopus AIMaritime

Privacy Policy

Last updated: February 2026

1. Data Controller

Octopus AI ("Company") is the data controller for personal data processed through the Octopus AI Maritime platform. We are committed to protecting your privacy in compliance with GDPR (EU General Data Protection Regulation) and KVKK (Turkish Personal Data Protection Law No. 6698).

2. Data We Collect

We collect and process the following categories of personal data:

  • Identity data: first name, last name, nationality, country of residence
  • Contact data: email address, phone number
  • Professional data: rank/position, sea experience, English proficiency level, selected certificates
  • Interview data: competency-based interview responses, AI-generated scores, risk flags, decision outcomes
  • Certificate data: uploaded certificate documents, certificate types, expiry dates, issuing authorities, verification status, document hashes
  • Consent records: privacy policy consent, data processing consent, marketing consent, consent timestamps
  • Technical data: IP address, browser type (collected via consent records)

3. How We Use Your Data

  • Conducting AI-powered competency assessments for maritime positions
  • Verifying STCW certificates and compliance status
  • Matching candidates with shipping company crew requests
  • Generating decision packets (scores, risk flags, compliance status) for hiring companies
  • Sending interview reminders and certificate expiry notifications
  • Improving assessment quality through anonymized analytics

4. Automated Decision-Making

Our platform uses automated decision support to assess candidate competencies. Interview responses are scored by AI models calibrated against maritime industry benchmarks. Assessment results include HIRE, HOLD, or REJECT recommendations. Candidates flagged as HOLD are subject to human review by our admin team. Critical safety risk flags (e.g., blame deflection, aggression indicators, instability patterns) may trigger automatic rejection for safety-critical positions. You have the right to request human review of any automated decision.

5. Data Retention

  • Incomplete applications: retained for 90 days, then permanently deleted
  • Completed assessments: retained for up to 2 years to support ongoing crew matching
  • After retention period: personal data is anonymized; anonymized data may be retained for analytics
  • Certificate documents: retained as long as the candidate is in the active talent pool
  • Consent records: retained for the duration of data processing plus legal requirement periods

6. Data Sharing

Your assessment data and certificate status may be shared with shipping companies and crewing agencies when you are presented as a candidate for a crew request. We share structured decision packets (competency scores, risk flags, certificate compliance) — not raw interview responses. We do not sell your personal data to third parties.

7. Your Rights

Under GDPR and KVKK, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (right to be forgotten)
  • Object to automated decision-making and request human review
  • Request data portability
  • Withdraw consent at any time

8. Data Security

We implement appropriate technical and organizational security measures, including encrypted data storage, secure document hashing for uploaded certificates, role-based access controls, and audit logging for all data access events.

9. Contact

For privacy-related requests, contact our Data Protection Officer at privacy@octopus-ai.net.