ODN Portal

1. What we collect

We collect only the data the portal needs to function. Nothing is sold, shared with advertisers, or used to profile you across the web.

When you register

Username, email address, optional first and last name, and a salted hash of the password you choose (argon2id; the plaintext password is never stored or transmitted anywhere we can recover it from). The time you accepted this Privacy Policy and the Terms of Service is recorded.

When you use the portal

Your UI preferences (depth and temperature units, language), the vessel you last viewed, the timestamp of your last activity (refreshed at most once every five minutes), and any private per-tow notes you choose to write. If an administrator has configured per-vessel anonymisation rules for your account, they are stored against your account only.

When you sign in

A signed authentication cookie (NextAuth JWT, HttpOnly, Secure on HTTPS) carrying only your user id, group memberships, and admin flags. The cookie expires seven days after your last access. Your IP address and a small amount of context (e.g. rate-limit decisions) may appear in server logs.

When you reset your password

A single-use token tied to your account, plus the IP address of the request, kept for thirty days after the reset link is used or expires.

When administrators act on your account

An audit-log entry recording who did what (e.g. activated your account, assigned you to a vessel, edited your groups), with the actor’s username, the action, and the IP. We keep this trail indefinitely so account changes are always traceable.

2. What we do NOT collect

No analytics, tracking, or advertising cookies. The portal sets only the cookies strictly required for authentication (the NextAuth session token, its CSRF guard, and the post-login redirect target).
No location data beyond what the vessels you have access to already report via their on-board sensors. The portal does not request browser geolocation.
No third-party social or marketing pixels. Map tiles come from Mapbox, which sees your IP address as part of standard HTTP, but receives no portal account data.

3. Who can see your data

You

You can read and edit your own profile on the /profile page. You can download a complete JSON copy of every piece of personal data the portal holds about you via the same page.

Administrators

ODN administrators can read your account data and audit-log history in order to operate the portal (approve registrations, assign vessel access, investigate abuse). Every administrative action is itself recorded in an audit log. Administrators cannot see your private tow notes.

Other users

Other users cannot see your account data, your private tow notes, your password-reset history, or your anonymisation rules. They can see vessel data they have been granted access to, which is independent of your account.

External services

AWS SES: sends registration, password-reset, and account-state emails. Receives your email address, username, and the email body.
Mapbox: serves map tiles. Sees your IP address; receives no portal account data.
Sentry (when enabled): error reporting. Receives error stacks, request URLs, and IP addresses. Not enabled today.

4. Vessel anonymisation

An ODN administrator can configure per-vessel display rules for your account so the portal shows you a disguised label (e.g. “Vessel_3”) and optionally rounded coordinates and program name. These rules apply only to your view of the portal; other users see the canonical data, or their own configured view. You cannot set or change these rules yourself; they are managed by administrators.

The portal also ensures the canonical vessel name does not appear in browser URLs, the network panel, history, or HTML source: a per-user opaque token stands in for it everywhere a user can navigate. This protects shared screenshots and shared links from leaking the real name.

5. How long we keep your data

Account, preferences, vessel access, anonymisation rules, private notes: kept for as long as your account exists. You can delete them all at once via the Danger Zone on your profile; deletion is immediate and cascades through every user-bearing table.
Password-reset tokens: kept for thirty days after they are used or expire, then swept automatically.
Administrative audit log:kept indefinitely. Entries that reference your account survive your account’s deletion (the foreign keys clear but the action record itself stays), so the admin trail remains traceable.
Server logs: kept by the hosting infrastructure (AWS EC2 / CloudWatch) under the standard retention configured there. Logs do not contain passwords or authentication tokens.

6. Your rights

You can, at any time:

Access and exporta full copy of every row in this policy that ties to your account, as a JSON file. See the “Data & privacy” section of your profile.
Correct your name and email on the profile page.
Delete your account and all associated data via the Danger Zone on your profile. Some non-personal data (e.g. audit-log entries with your name denormalised) is retained for traceability even after deletion.
Object or restrict processing by contacting us at the email below.

7. Security

Passwords are hashed with argon2id at parameters matching the Django defaults. Sessions are signed JWTs with HttpOnly, SameSite=Lax, Secure-on-HTTPS cookies; their inactivity timeout is seven days. The portal serves over HTTPS with HSTS, a strict Content-Security-Policy, a frame-deny policy, and rate limits on every authentication endpoint and every expensive API call. Server-side code reads database credentials only from server-only modules so they cannot leak into a browser bundle.

8. Changes to this policy

We may revise this policy. When we do, the effective date at the top of the page is updated. Material changes will be flagged in the portal so you have an opportunity to review them before continuing.

9. Contact

For privacy questions or to exercise any of the rights above, email data@oceandata.net.