Request access
Legal

Privacy Policy

Effective
May 2, 2026

This Privacy Policy describes how Sephra, Inc. (“Sephra,” “we,” “us”) collects, uses, and shares information in connection with our websites, our voyage-operations product, and any related services we offer (together, the “Services”). Sephra is an internal-facing operations tool for maritime voyage teams; our customers are companies, and the individual users of the product are typically employees of those companies.

This policy applies to:

  • visitors to our websites,
  • individual end users of our product,
  • people who contact us, request access, or apply for a role.

If you use Sephra as part of your job, your employer is our customer. Information your employer instructs us to process on their behalf is “Customer Data,” and our handling of it is governed primarily by the agreement between Sephra and your employer (see “Customer Data” below).

01Information we collect

Information you give us

  • Account information — name, work email, role, and the company you work for.
  • Communications — messages you send us when you contact support, request access, apply for a role, or otherwise correspond with us.
  • Voyage and operational material — material your team loads into Sephra. This is Customer Data; see Section 6.

Information collected automatically

  • Usage data — pages and features used, actions taken, timestamps, and referrer.
  • Device and connection — IP address, browser type, operating system, device identifiers, and approximate location derived from IP.
  • Cookies and similar technologies — see Section 3.

Information from other sources

  • Identity providers and single sign-on services if your employer uses them.
  • Service providers that help us run our business (for example, customer relationship management).
  • Publicly available sources for sales and marketing.

02How we use information

  • To provide, operate, and maintain the Services.
  • To authenticate users and secure accounts.
  • To improve and develop the Services, including our AI features (see Section 4).
  • To communicate with you about the Services, support, security, and product updates.
  • To comply with legal obligations and enforce our terms.
  • To prevent fraud, abuse, and security incidents, and to protect our rights and the rights of others.

03Cookies and analytics

We use cookies and similar technologies to operate the Services, remember preferences, and understand how the Services are used. We use a small number of analytics and error-monitoring providers that process limited data such as IP address and usage events on our behalf. We do not use cookies for cross-site behavioral advertising. You can control cookies through your browser settings; some features may not work without them.

04AI features and model improvement

Sephra uses AI to help voyage teams work faster. Two things to know about how that works in practice:

Third-party LLM providers

When you use AI features in Sephra, your inputs may be processed by third-party large-language-model providers acting as our service providers. These providers are bound by contractual terms that prohibit them from retaining your data beyond what is needed to return a response, or using it to train their own models.

Our own model improvement

We may use Customer Data and usage data to improve, evaluate, and develop our own models, features, and the Services more generally. Where we do this we apply safeguards, including, where appropriate, de-identification, aggregation, and access controls. Specific terms — including any opt-outs — are set in our written agreement with each customer; if you have questions, contact us at privacy@sephra.ai.

05How we share information

We do not sell personal information, and we do not share it for cross-context behavioral advertising. We share information in the following circumstances:

  • Service providers who help us operate the Services — for example, cloud hosting, analytics, error monitoring, email, customer support, payment processing, identity providers, and AI/ML providers. These providers process information on our instructions and are contractually bound to protect it.
  • Professional advisors — lawyers, accountants, auditors, and similar advisors, under confidentiality.
  • Legal authorities — when we believe in good faith that disclosure is required by law or legal process, or to protect the rights, property, or safety of Sephra, our customers, or others.
  • In a corporate transaction — for example, an acquisition, financing, reorganization, or sale of assets. Information would be transferred subject to standard confidentiality protections.
  • With your direction — when you ask us to share information with a third party.

06Customer Data

The material your team loads into Sephra is processed by Sephra on behalf of our customer (typically your employer). Our handling of Customer Data, including data ownership, security, retention, and deletion, is governed by the agreement (and any data processing addendum) between Sephra and the customer.

If you are an end user and want to access, correct, or delete information that your employer has loaded into Sephra, please contact your employer first. We will support our customer in responding to your request.

07International data transfers

We are based in the United States and operate globally. When personal information is transferred across borders — for example, from the EU, UK, or other regions to the United States — we rely on appropriate safeguards, such as standard contractual clauses and supplementary measures where required by law.

08Data retention

We retain personal information only as long as necessary for the purposes described in this policy, to comply with legal obligations, and to resolve disputes and enforce our agreements. Customer Data is retained according to the agreement with the customer; account-level information is retained while the account is active and for a limited period afterwards.

09Security

We use administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit and (where appropriate) at rest, logging, and security monitoring. No system is perfectly secure; if you discover a vulnerability, please report it to security@sephra.ai.

10Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. California residents have specific rights under the CCPA, and EU and UK residents have rights under the GDPR and UK GDPR. To exercise any of these rights, contact us at privacy@sephra.ai. We may need to verify your identity before responding.

If you are an end user of Sephra at your employer, requests about Customer Data should be directed to your employer; we will assist them in responding.

11Changes to this policy

We may update this Policy from time to time. When we do, we will update the “Effective” date above. If changes are material, we will provide additional notice — for example, by email or through an in-product notice — before they take effect.

12Contact us

Questions about this Policy or our privacy practices? We’d like to hear from you.

Sephra, Inc.
privacy@sephra.ai