Privacy Policy

Effective Date: March 27, 2026

Bosun AI ("we," "us," or "our") operates the website bosunai.io and manufactures the Bosun AI marine intelligence hardware device and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, join our waitlist, purchase our hardware, or use our Service.

By accessing or using any part of the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Waitlist and Contact Information: When you join our waitlist or contact us, we collect your email address and any other information you voluntarily provide through our web forms.
• Account Information: When you create an account or purchase our hardware, we may collect your name, email address, shipping address, billing information, and payment details.
• Communications: When you email us at hello@bosunai.io or otherwise contact us, we retain the content of those communications.

1.2 Instrument and Navigation Data

The Bosun AI device reads data from your boat's NMEA 2000 network across approximately 40 data channels, including:

• Navigation: Depth, speed over ground, speed through water, heading, course, GPS position
• Wind: Apparent and true wind speed and angle
• Electrical: Battery voltage, state of charge, current, solar output
• Engine: RPM, coolant temperature, oil pressure, fuel rate, engine hours
• Tanks: Fuel, water, and waste levels
• Environment: Water temperature, air temperature, barometric pressure, humidity

1.3 GPS Track History

The device records GPS track history (latitude, longitude, and timestamp) to provide route replay, distance logging, and navigation features.

1.4 Voice and Conversation Data

• Transcribed Text: When you speak to Bosun, your voice is transcribed to text on-device or via a cloud speech-to-text service. The transcribed text and Bosun's responses are stored as conversation logs.
• Voice Prints: If you opt in to voice enrollment, a speaker voice print is created to identify individual crew members by voice. Voice enrollment requires explicit consent (see Section 5).

1.5 Face Recognition Data (T2+ Tiers)

On devices with camera hardware (T2 tier and above), face recognition data may be collected to identify crew members visually. Face enrollment requires explicit opt-in consent (see Section 5).

1.6 Security Recordings

When the security system is armed, the device records camera footage. Security recordings are stored exclusively on the device and are never uploaded to the cloud.

1.7 Device Telemetry

The Bosun AI device transmits device health telemetry, including CPU temperature, memory usage, disk usage, Wi-Fi signal strength, and connectivity status, to help us monitor device health and improve the product.

1.8 Website Analytics

We may collect standard web analytics data including IP address, browser type, referring pages, pages viewed, and time spent on pages. This data is used solely to improve our website experience.

2. Where Your Data Is Stored

2.1 On-Device

The following data is processed and stored locally on your Bosun AI device:

• All raw NMEA 2000 instrument data at full resolution (retained for 48 hours)
• Security camera recordings (retained for 7 days, never uploaded to the cloud)
• Voice processing (wake-word detection, initial transcription)
• Voice prints and face recognition models

2.2 Cloud (US-East)

When your device has an internet connection, the following data is synced to our cloud database infrastructure hosted in the US-East region:

• Instrument history snapshots
• GPS track history
• Conversation logs (transcribed text and Bosun responses)
• Alerts and notifications
• Maintenance logs
• Device health heartbeats

All communications between the device and cloud are encrypted with TLS. Row-level security in our database isolates each vessel's data so that owners can only access their own vessel's information.

2.3 Offline Operation

When no internet connection is available, the device operates fully autonomously using on-device processing capabilities. Data queues locally and syncs when connectivity is restored.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To communicate with you about our waitlist, product availability, pre-orders, and launch updates
• To process orders, deliver hardware, and manage subscriptions
• To provide customer support and respond to inquiries
• To improve and optimize our website, hardware, and services
• To send periodic product updates, firmware release notifications, and service announcements (with your consent where required)
• To detect, prevent, and address technical issues or security threats
• To comply with legal obligations

4. Data Storage and Security

We implement industry-standard security measures to protect your personal information:

• Website Data: Your email and contact information is stored securely with access controls limited to authorized personnel.
• Edge Computing: The Bosun AI device processes instrument data, camera data, and voice wake-word detection locally. This architecture means your most sensitive marine operational data stays on your vessel.
• Encrypted Cloud Communications: All data transmitted between your device and our cloud infrastructure is encrypted in transit using TLS.
• Row-Level Security: Our cloud database enforces row-level security policies so each vessel's data is fully isolated from other vessels.
• Payment Data: We do not store credit card numbers or payment details directly. All payment processing is handled by PCI-DSS-compliant third-party payment processors.

5. Biometric Data and Consent

Bosun AI collects two categories of biometric data:

• Voice Prints: Used to identify individual crew members by voice for personalized responses and access control.
• Face Recognition Data: Used on T2+ tier devices to identify crew members visually for cabin automation and security.

Both voice enrollment and face recognition require explicit opt-in consent from each crew member. Consent is tracked with a timestamp in the system. Crew members may revoke their biometric consent at any time through the Hub crew settings, which will delete their biometric enrollment data.

6. Third-Party Services

We use the following categories of third-party services in connection with the Service:

• Speech-to-Text Processing: When connected to the internet, voice queries may be sent to a cloud-based speech-to-text service for transcription.
• AI Language Model: Complex queries may be processed by a cloud-based AI language model to generate responses.
• Voice Synthesis: Bosun's spoken responses may be generated by a cloud-based voice synthesis service.
• Hosting Infrastructure: Our website is hosted on cloud hosting infrastructure in the US.
• Database Infrastructure: Vessel data is stored in cloud database infrastructure hosted in the US-East region.
• Payment Processors: We use third-party payment processors for transactions. These processors handle your payment information in accordance with PCI-DSS standards.

We do not sell, trade, or otherwise transfer your personal information to third parties for marketing purposes. We may share information with service providers who assist us in operating our website and business, provided they agree to keep your information confidential.

7. We Do Not Sell Your Personal Data

Bosun AI does not sell, rent, or lease your personal information to third parties. We do not participate in data broker networks. We do not monetize your data in any way. Your information is used solely to provide and improve the Service.

8. Cookies and Tracking Technologies

Our website uses minimal cookies and tracking technologies:

• Essential Cookies: We may use strictly necessary cookies to ensure the proper functioning of our website (e.g., session management).
• Analytics Cookies: We may use privacy-respecting analytics to understand how visitors interact with our website. These analytics do not track you across other websites and do not create advertising profiles.

We do not use third-party advertising cookies or cross-site tracking technologies. You can configure your browser to refuse all cookies, though this may affect your ability to use certain features of our website.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@bosunai.io.

10. Your Rights, Choices, and Data Deletion

10.1 How to Delete Your Data

You can delete your data in the following ways:

• Voice Command: Say "Bosun, delete my data" to initiate data deletion from the device.
• Hub Settings: Use the "Delete Account" button in your Hub account settings.
• Email Request: Contact hello@bosunai.io for GDPR/CCPA access, erasure, or data portability requests.

10.2 Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a commonly used, machine-readable format within 30 days of your request.

10.3 Right to Deletion

You have the right to request that we delete your personal information. Upon receiving a verified deletion request, we will delete your personal data from our systems within 30 days, except where retention is required by law or for legitimate business purposes (such as fulfilling warranty obligations).

10.4 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you.

10.5 Right to Opt Out

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send or by contacting us directly. You may also disable device telemetry at any time through the Bosun AI device settings.

10.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to direct us not to sell your personal information if our practices ever change.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, contact us at hello@bosunai.io. We will verify your identity before fulfilling your request.

12. European Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent legislation:

• Legal Basis: We process your personal data based on your consent (e.g., joining the waitlist, biometric enrollment), contractual necessity (e.g., fulfilling orders), legitimate interest (e.g., improving our products), or legal obligation.
• Data Transfers: If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
• Data Protection Officer: For GDPR-related inquiries, contact us at hello@bosunai.io.

All rights described in Section 10 (access, deletion, correction, portability, opt-out) apply equally under GDPR. We will respond to GDPR requests within 30 days.

13. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy:

• Instrument Snapshots: 90 days in the cloud; 48 hours on-device at full resolution.
• GPS Track History: 90 days in the cloud.
• Conversations: 90 days in the cloud.
• Security Recordings: 7 days on-device only; never uploaded to the cloud.
• Device Heartbeats: 30 days in the cloud.
• Maintenance Logs: Retained indefinitely as part of the vessel owner's digital logbook.
• Waitlist Data: Retained until you request removal or until the waitlist is no longer active.
• Account Data: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes.
• Transaction Data: Retained as required by tax and accounting regulations (typically 7 years).

14. International Data Transfers

Bosun AI is based in the United States. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our Service, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your jurisdiction.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Effective Date" above. For significant changes, we will provide additional notice (such as an email notification for registered users). Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

16. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us:

• Email: hello@bosunai.io
• Website: bosunai.io