Privacy Policy

Last Updated: January 2026

The Muster App Ltd ("we", "us", or "our") operates the Muster application (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use our Service.

1. Information We Collect

Visitor Information

When visitors check in to a vessel using the Service, we collect:

• Full name
• Company/organization (if applicable)
• Photograph (for identification badges)
• Government-issued ID (passport, driver's license) - image captured for verification
• Check-in and check-out timestamps
• Reason for visit

Device Information

For authorized devices running the Service:

• Device identifier (UUID)
• Device name
• App version and platform
• Last active timestamp

Vessel Information

For vessels using the Service:

• Vessel name and details
• Crew member information (names, roles)
• Safety documents uploaded by vessel administrators

Audio Recordings

If enabled by the vessel, audio may be recorded during active muster (emergency drill) sessions. This feature:

• Purpose: Supports compliance with maritime safety regulations including the International Safety Management (ISM) Code and Safety of Life at Sea (SOLAS) Convention requirements for emergency preparedness and drill documentation
• Consent Required: All persons present during a recorded muster session must be informed that recording is taking place. Vessel operators are responsible for obtaining appropriate consent or providing notice before recording begins
• Vessel Control: Audio recording is disabled by default and must be explicitly enabled by the vessel administrator. It can be disabled at any time
• Limited Scope: Recording only occurs during active muster/emergency drill sessions, not during normal vessel operations
• Deletion: Vessel administrators may delete audio recordings at any time. Recordings are automatically deleted after the configured retention period

2. How We Use Information

We use collected information for:

• Vessel Safety: Tracking who is on board for emergency muster and evacuation procedures
• Identification: Generating visitor badges for security purposes
• Compliance: Meeting maritime safety regulations (ISM Code, ISPS Code)
• Service Operation: Authenticating devices, syncing data, providing the Service
• Safety Audits: Recording muster sessions when enabled by vessel administrators

3. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

• Legitimate Interests: Vessel safety and security, emergency preparedness
• Legal Obligation: Compliance with maritime safety regulations requiring vessels to track personnel on board
• Contractual Necessity: Providing the Service to vessel operators

4. Data Retention

• Visitor Records: Retained as configured by the vessel administrator
• Visitor Photos/IDs: Retained as configured by the vessel administrator
• Muster Audio Recordings: Retained for the configured retention period, then automatically deleted
• Crew Information: Retained while actively employed on the vessel
• Safety Documents: Retained until deleted by vessel administrator

Vessel administrators may delete visitor data at any time through the admin interface.

5. Data Storage and Security

• Data is stored on Amazon Web Services (AWS) infrastructure
• All data is encrypted in transit using HTTPS/TLS
• Files are stored with server-side encryption at rest
• Access to documents is controlled via time-limited signed URLs
• Devices must be authorized by vessel administrators to access data

6. Data Sharing

We do not sell personal data. We may share data with:

• Vessel Operators: The vessel that collected your information has full access to their own data
• Service Providers: AWS for hosting and storage
• Legal Requirements: When required by law, court order, or to protect safety

7. Your Rights

Depending on your location, you may have rights to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests

To exercise these rights, contact the vessel operator who collected your information, or contact us at support@themusterapp.com.

8. International Transfers

Data may be transferred to and processed in countries outside your own. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

The Service is not intended for use by children under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify vessel operators of significant changes.

11. Contact Us

For questions about this Privacy Policy:

The Muster App Ltd
support@themusterapp.com

For Vessel Operators

As a vessel operator using the Service, you are the Data Controller for visitor and crew data collected through the Service. We act as a Data Processor on your behalf.

You are responsible for:

• Informing visitors that their data is being collected
• Responding to data subject requests from visitors
• Configuring appropriate retention periods
• Ensuring lawful basis for processing

A Data Processing Agreement (DPA) is available upon request.