Privacy Policy – YachtSecure
Privacy Policy – YachtSecure
Last updated: January 2026
1. Introduction
FROLSON, publisher of the YachtSecure platform (www.yachtsecure.com), is committed to protecting the privacy and personal data of its users. This privacy policy describes how we collect, use, store and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable French legislation.
Data Controller:
FROLSON
45 avenue Pasteur
06600 Antibes, France
SIRET: 810 629 147 00036
Email: privacy@frolson.com
2. Personal Data Collected
2.1 Data Collected Directly
When using YachtSecure, we collect the following data:
During account creation:
- First and last name
- Email address
- Phone number
- Password (stored encrypted)
- Country of residence
Information about your vessel:
- Yacht name
- Type and technical specifications (length, year of construction, builder, etc.)
- Insured value
- Home port
- Navigation area
- IMO number or registration (if applicable)
Insurance documents:
- Insurance policies (PDF, images, scanned documents)
- Quotes and insurance proposals
- Contracts and amendments
- Insurance certificates
- Correspondence with insurers
Payment data:
- Billing information
- Transaction history
- Banking data is processed by our PCI-DSS certified payment providers and is never stored on our servers
2.2 Automatically Collected Data
Connection and browsing data:
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent
- Date and time of connection
- Approximate geolocation data (country/city via IP)
- Screen resolution and browser language
Cookies and similar technologies:
- Session and authentication cookies
- Preference cookies (language, theme, etc.)
- Analytical cookies (Google Analytics with IP anonymization)
2.3 Data Generated by Service Use
- Results of your insurance policy analyses
- History of your searches and comparisons
- Personal notes and annotations
- Configuration preferences
- Interactions with customer service
2.4 Specific Maritime Sector Data
Localization and Navigation Data:
- AIS (Automatic Identification System) data if you choose to share it voluntarily.
Use and Protection:
- This data is ONLY collected if shared voluntarily.
- It is used exclusively for insurance risk analysis.
- It is NEVER shared with third parties without your explicit consent.
- It is stored encrypted on our European servers.
Legal Basis: Explicit Consent.
3. Purposes and Legal Basis of Processing
| Purpose | Legal Basis | Data Concerned |
|---|---|---|
| Creation and management of user account | Contract performance | Identification data, email, password |
| Provision of insurance analysis services | Contract performance | Insurance documents, vessel data, analysis results |
| Automated AI processing of documents | Explicit consent | Uploaded documents, extracted content |
| Payment processing | Contract performance | Billing data, transaction history |
| Communication (support, notifications) | Contract performance / Legitimate interest | Email, phone, interaction history |
| Service improvement and development | Legitimate interest | Usage data, feedback, analytics |
| Statistics and analytics (Google Analytics) | Consent (cookies) | Anonymized browsing data |
| Security and fraud prevention | Legitimate interest / Legal obligation | Connection logs, IP address, suspicious behavior |
| Compliance with legal obligations (accounting) | Legal obligation | Billing data, contracts |
4. Automated Processing and Artificial Intelligence
4.1 Description of AI Processing
YachtSecure uses artificial intelligence technologies (advanced language models and OCR) to automatically analyze your insurance documents. These systems:
- Extract text from PDF documents and images
- Identify clauses, coverage and exclusions
- Detect insured amounts and deductibles
- Compare contractual terms
- Generate summaries and recommendations
4.2 AI Architecture and Confidentiality
Processing of confidential data:
For the analysis of your insurance documents and all data that can identify the owner or the vessel, we exclusively use:
- Open source language models hosted on our own servers (FROLSON infrastructure)
- Open source OCR tools specifically configured for our activity
- Open source document processing software developed and maintained internally
Guarantees: Your confidential data never leaves our servers. No sharing with third-party commercial AI providers. Total control over processing and storage. No use for training external models.
4.3 Your Rights Regarding Automated Decisions
How our AI works: Our analysis system uses several complementary techniques: OCR for text extraction, Semantic analysis for identifying clauses by comparison with a base of standard clauses, and Scoring to calculate coverage levels based on market standards.
Right to explanation: For each analysis, you receive a summary of detected elements with their location in the document, an explanation of the scores assigned, and justifications for recommendations.
Human Intervention: AI analyses are for informational purposes. No decisions producing legal effects are made solely on automated processing. You can always request human intervention or contest results.
5. Data Recipients
5.1 Internal Access
Your data is accessible only to authorized persons within FROLSON: Technical team (maintenance), Customer service (support), and Management (administration).
5.2 Subcontractors and Service Providers
We share certain data with the following GDPR-compliant providers:
- Hosting: Hostinger International Ltd. – Website and server hosting (Cyprus, EU). Servers located in the EU.
- Infrastructure: Proprietary AI infrastructure – Open source models hosted locally.
- Payment: Stripe / PayPal – Secure payment processing (PCI-DSS certified).
- Analytics: Google Analytics (anonymized data only).
5.2 bis – Detailed Technical Infrastructure
- Servers: Dedicated Hostinger servers in the EU (France or Netherlands).
- GPU Infrastructure: NVIDIA A5000 GPUs on dedicated servers for AI processing.
- Database: PostgreSQL 15+ with AES-256 encryption.
- Stack: Caddy web server (TLS 1.3), Docker container isolation.
6. Data Transfers Outside the EU
Confidential data: Your insurance documents and identifying data remain exclusively in the European Union. Non-confidential and anonymized data: Some auxiliary services (analytics, payments) may involve transfers outside the EU under Standard Contractual Clauses (SCC).
6 bis – Precise Geolocation Data
If mobile GPS features are enabled: coordinates and navigation history are used for emergency assistance and risk optimization. Users maintain full control with the ability to toggle settings and delete history.
7. Data Retention Period
| Type of Data | Retention Period | Legal Basis |
|---|---|---|
| Active account data | Duration of contractual relationship | Contract performance |
| Closed account data | 3 years after closure | Legal prescription |
| Uploaded documents | Until manual deletion or closure + 3 years | Contract performance |
| Billing data | 10 years | Accounting legal obligation |
| Connection logs | Maximum 12 months | Legal obligation (security) |
8. Data Security
Technical Measures: Encryption in transit (HTTPS/TLS 1.3), encryption at rest (AES-256 for documents/passwords), bcrypt password hashing, and 24/7 monitoring.
Organizational Measures: Principle of least privilege, Multi-factor authentication (MFA) for administrators, and daily encrypted backups with 30-day retention.
DPIA: In accordance with Article 35 of the GDPR, we maintain a Data Protection Impact Assessment for high-risk processing (AI and sensitive maritime data).
9. Your GDPR Rights
You have the following rights: Access (Art 15), Rectification (Art 16), Erasure (Art 17), Restriction of processing (Art 18), Data Portability (Art 20), and Objection (Art 21).
9.5 bis – Data Portability Procedure
Data is provided in JSON and CSV formats. Uploaded documents are returned in a ZIP archive. Most requests are processed within 48 hours.
{
"account": { "id": "user_id", "email": "user@email.com" },
"vessels": [ { "name": "Yacht_Name", "insured_value": 000 } ]
}
10. Cookies and Tracking
We use strictly necessary cookies (session, security), preference cookies (language), and analytical cookies (Google Analytics, requiring consent).
11. Minors
Our services are not intended for persons under 18 years of age. We do not knowingly collect data from minors.
12. Privacy Policy Changes
We may modify this policy to reflect service or regulatory changes. Significant changes will be notified via email.
13. Third-Party Connections
OAuth connections (Google, Facebook, LinkedIn) only collect your name, email, and profile picture. We never publish without authorization.
14. Data Protection Officer (DPO)
Guillaume Grunberg – Email: privacy@frolson.com – FROLSON, 45 avenue Pasteur, 06600 Antibes, France.
15. GDPR Glossary
Definitions for Personal Data, Processing, Data Controller, Processor, Consent, Pseudonymization, Anonymization.
16. Links to Other Sites
We are not responsible for the privacy practices of third-party websites linked on YachtSecure.
17. Compliance and Certifications
Compliant with GDPR (EU 2016/679), French Data Protection Act, and ORIAS code of conduct.
17 bis – Record of Processing Activities
FROLSON maintains an internal record of processing activities as per Article 30 of the GDPR, updated every 6 months.
18. Contact and Supervisory Authorities
Email: privacy@frolson.com. Authority: CNIL (France), 3 Place de Fontenoy, 75334 Paris. Web: www.cnil.fr
This policy complements our Legal Notice and Terms and Conditions of Use.
