What is Charter Logic Suite?

Charter Logic Suite is an AI-powered maritime financial auditing platform with 18 features including demurrage auditing, FMC compliance, EU ETS validation, REST API, multi-language support, and white-label portals. Audits complete in 28 seconds.

How much does Charter Logic Suite cost?

Founding Member: $799/month (3 seats, 15 audits). Professional: $1,999/month (10 seats, 40 audits). Enterprise: $4,999/month (unlimited). Enterprise Plus: From $12,000/month for white-label.

What languages does Charter Logic Suite support?

Charter Logic Suite supports Statements of Facts in English, Arabic, Greek, Spanish, Chinese, and French. Documents are auto-detected and translated; audit reports are always in English.

Does Charter Logic Suite have an API?

Yes, Enterprise plans include full REST API access for TMS/ERP integration, with webhook callbacks, rate limiting, and comprehensive documentation.

Can I white-label Charter Logic Suite?

Yes, Enterprise Plus plans ($12,000+/month) include white-label portal capabilities with custom branding, custom domains, and multi-client management for P&I Clubs and brokers.

Privacy Policy | Charter Logic Suite

This Privacy Policy explains how Charter Logic Suite (‘we’, ‘us’, ‘our’) collects, uses, stores, and protects personal data when you use our platform at charterlogicsuite.com. We comply with the EU General Data Protection Regulation (GDPR), the Pakistan Personal Data Protection Act 2023 (PDPA), and applicable UAE Federal Decree No. 45 of 2021 on Personal Data Protection.

Section 1

Who We Are

Data Controller:: Charter Logic Suite
Platform URL:: charterlogicsuite.com
Contact:: [email protected]
Registration:: Not yet incorporated. Business registration in progress. Address will be published upon registration.

For EU users: we process your data as a Data Controller under GDPR Article 4(7). Our EU representative for GDPR purposes (per Article 27) will be appointed prior to active marketing in the EU. Contact [email protected] for EU-specific enquiries in the interim.

Section 2

Data We Collect

2.1 Account Data

Full name, work email address, company name, and job role (provided at registration).
Password (stored as bcrypt hash — never in plaintext).
Billing information: managed exclusively by Paddle (our payment processor). Charter Logic Suite does not store card numbers, CVV codes, or bank details.
Subscription tier and plan history.

2.2 Usage Data

Audit jobs submitted: vessel name, voyage reference, port, dates, demurrage rate.
Documents uploaded: stored encrypted in Supabase Storage. Deleted automatically after 90 days unless you extend retention in Settings.
Audit results: event classifications, laytime calculations, financial figures — stored in your account.
API usage: request timestamps, endpoints called, response codes (Enterprise plans).
Integration data: Slack/Teams webhook URLs, notification preferences (Enterprise plans).
Login timestamps, session duration, IP address (for security monitoring only).
Browser type and operating system (for compatibility diagnostics only).

2.3 Multi-Language Processing

Documents in Arabic, Greek, Spanish, Chinese, French, and other languages are auto-detected and translated to English for processing. Original language content is retained alongside translations.

2.4 White-Label Portal Data (Enterprise Plus)

If you operate a white-label portal, we process: your branding assets (logo, colours), custom domain configuration, and your clients' data on your behalf. You act as Data Controller for your clients; CLS acts as Data Processor.

2.5 Document Content

Documents you upload (Statements of Facts, charterparties, invoices) are processed by our AI pipeline. The content is sent to the following third-party processors:

Processor	Purpose	Data Sent	Retention
Google Document AI	OCR — text extraction	Document image bytes	Not retained after processing
Amazon Textract	Table extraction	Document image bytes	Not retained after processing
OpenRouter AI	Maritime AI reasoning	Extracted text (not raw images)	Not retained for model training
Supabase	Database and file storage	All structured data and files	90 days for files; indefinite for audit results

Zero-Training Commitment

We use OpenRouter's API which does not use your data for model training. Your document content is never used to train or improve the AI models.

Section 3

Legal Basis for Processing

Processing Activity	Legal Basis
Creating and managing your account	Performance of contract (GDPR Art. 6(1)(b))
Processing audit jobs	Performance of contract (GDPR Art. 6(1)(b))
Sending service emails (receipts, alerts)	Performance of contract (GDPR Art. 6(1)(b))
Improving the platform (aggregated analytics)	Legitimate interests (GDPR Art. 6(1)(f))
Security monitoring (IP logging)	Legitimate interests (GDPR Art. 6(1)(f))
Marketing emails (if opted in)	Consent (GDPR Art. 6(1)(a))
Compliance with legal obligations	Legal obligation (GDPR Art. 6(1)(c))

Section 4

How We Share Your Data

We do not sell, rent, or trade your personal data.

We share data only with the following categories of recipients:

Payment processor (Paddle) — billing data only. Paddle is GDPR-compliant and PCI-DSS certified.
OCR processors (Google, Amazon) — document images only, for text extraction. No personal profile data is shared.
AI processor (OpenRouter) — extracted text only. Not used for training.
Infrastructure (Supabase, Vercel) — host our database, storage, and web application. Both are SOC 2 compliant.
Weather data providers (NOAA, Open-Meteo) — port coordinates only, no personal data.
Integration platforms (Slack, Microsoft Teams) — webhook URLs and notification content (Enterprise plans only, user-configured).
Legal authorities — only if required by applicable law, court order, or regulatory request. We will notify you unless legally prohibited.

Section 5

Data Storage & Security

5.1 Where Data is Stored

Database: Supabase (hosted on AWS us-east-1; EU region available on request).
Files: Supabase Storage (same region as database).
Web application: Vercel global CDN.

5.2 Security Measures

Encryption in transit: TLS 1.3 for all connections.
Encryption at rest: AES-256 for all files and database records.
Access control: Row-Level Security (RLS) — you can only access your own data.
Authentication: Supabase Auth with bcrypt password hashing and optional Magic Link.
Session management: JWT tokens with configurable expiry (default 30 days).
Infrastructure: Supabase and Vercel are SOC 2 Type II certified.
Vulnerability disclosure: [email protected] — response within 24 hours.

5.3 Document Retention

Uploaded documents: deleted automatically after 90 days.
Audit results (structured data): retained until account deletion.
You can delete any document or audit result manually at any time.
On account deletion: all personal data deleted within 30 days.

Section 6

Your Rights

Depending on your jurisdiction, you have the following rights:

Right	Description	How to Exercise
Access	Request a copy of all personal data we hold about you.	Email [email protected] — response within 30 days.
Rectification	Correct inaccurate or incomplete personal data.	Update directly in Account Settings, or email us.
Erasure	Request deletion of your personal data.	Account Settings > Delete Account, or email us.
Portability	Receive your data in a machine-readable format.	Email [email protected] — JSON export.
Object	Object to processing based on legitimate interests.	Email [email protected].
Withdraw Consent	Withdraw consent for marketing emails.	Unsubscribe link in any email, or Account Settings.

Section 7

Cookies

Cookie	Type	Purpose	Expiry
sb-auth-token	Essential	Supabase authentication session token.	30 days
cls_preferences	Functional	UI preferences (sidebar state, date format).	12 months
paddle_marketing	Marketing (opt-in)	Paddle affiliate tracking (referral links only).	90 days
_vercel_insights	Analytics (opt-in)	Anonymised page view analytics (no personal data).	30 days

We do not use third-party advertising cookies. We do not use fingerprinting or cross-site tracking.

Section 8

Children's Privacy

Charter Logic Suite is a professional B2B platform intended exclusively for maritime industry professionals. We do not knowingly collect data from persons under the age of 18. If we become aware that a user under 18 has registered, we will delete the account immediately.

Section 9

International Data Transfers

Our infrastructure is primarily US-based (Supabase on AWS, Vercel). For EU users, this constitutes an international data transfer. We rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) to ensure adequate protection. For users in Pakistan: we comply with the Pakistan Personal Data Protection Act 2023. Your data is processed in the US under appropriate transfer safeguards.

Section 10

Changes to This Policy

We may update this Privacy Policy to reflect changes to our platform, legal requirements, or data practices. We will notify you by email at least 14 days before any material changes take effect. The current version is always available at charterlogicsuite.com/privacy.

Section 11

Contact & Complaints

Privacy enquiries: [email protected]
Data Protection Officer: [email protected]
Security vulnerabilities: [email protected]
EU GDPR representative: To be appointed prior to EU launch.

If you are not satisfied with our response to a privacy complaint, you may contact your national supervisory authority (e.g., ICO in the UK, CNIL in France).