Privacy Policy
This Privacy Policy explains how Section Nine AS ("we", "us") collects, uses, and protects personal data when you use the GapAnalyzer service or visit gapanalyzer.io. It is written for the people whose data we actually handle, in plain language.
1. Who we are
The data controller is Section Nine AS, a Norwegian company, organisation number 935 659 965, with registered office at Mildevegen 26, 5259 Hjellestad, Norway.
For privacy enquiries write to [email protected]. For everything else, [email protected].
2. What data we collect
- Account data: name, work email, company, role, phone number, and (optionally) vessel details you provide when requesting access or signing in.
- Document content: the DP Operations Manuals, FMEAs, and trials programmes you upload for analysis, plus the gap-analysis reports we generate from them.
- Usage and security logs: timestamps, IP addresses, request paths, and audit events needed to operate, secure, and bill the service.
3. How we use it
- To deliver the gap-analysis service you requested.
- To maintain accounts, authenticate users, and prevent abuse.
- To send transactional email about your jobs (e.g. "your report is ready").
- To send newsletter or product updates only if you've opted in.
- To meet legal, tax, and accounting obligations.
We do not sell your data. We do not share it with advertising or marketing networks. We do not profile users for advertising purposes.
4. Where it is stored
All systems run on a dedicated server in the European Union (Helsinki, Finland), operated by us. Authentication, document storage, database, mail, CRM, and newsletter services are self-hosted on that server. Customer data is not shared with marketing, advertising, or analytics third parties.
5. Sub-processors
Two third parties process personal data on our behalf:
- Anthropic, PBC (San Francisco, USA) provides the large language model that generates the gap analysis. Document text and images you upload are sent to Anthropic for processing. Anthropic does not use customer content to train its models. Anthropic retains API request data for up to 30 days for trust and safety review and then deletes it. Transfers to the United States are covered by the European Commission's Standard Contractual Clauses (SCCs).
- Mistral AI SAS (Paris, France, EU) provides Optical Character Recognition (OCR) for uploaded PDFs. Processing takes place inside the European Union.
6. Cookies
The application uses one first-party session cookie to keep authenticated users signed in. That is the only cookie we set. We do not use tracking cookies, advertising cookies, or any third-party tracker. Under Article 5(3) of the ePrivacy Directive the session cookie qualifies as strictly necessary, so we do not display a consent banner.
7. Analytics
We use a self-hosted, cookieless analytics tool (Umami) for aggregated, anonymous page-view counts. There is no Google Analytics, Facebook Pixel, LinkedIn Insight Tag, Hotjar, or similar third-party tracker on this site or in the application.
8. Retention
Account data is retained while your account is active. Uploaded manuals and generated reports are deleted within 30 days of account closure or a deletion request. Security and audit logs are retained for 12 months.
9. Your rights
Under the EU/UK General Data Protection Regulation (GDPR) you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to lodge a complaint with a supervisory authority (in Norway, Datatilsynet). Send any of these requests to [email protected] and we will respond within 30 days.
10. Security
All traffic is served over TLS 1.2 or higher. Multi-factor authentication is available on user accounts. Storage and database volumes are encrypted at rest. We restrict operational access to the people who need it.
11. Changes to this policy
We will publish material changes on this page with a new "Last updated" date and, for active users, give reasonable advance notice by email.
12. Contact
Section Nine AS, Mildevegen 26, 5259 Hjellestad, Norway. Privacy enquiries: [email protected]. General enquiries: [email protected].