A quick summary: YMS360 is a maintenance and management platform for superyachts, built by Triton Technical LLC. We collect the information needed to operate the service — account details, yacht and maintenance data, usage logs, and support communications. If you subscribe to our mailing list or interact with our marketing, our own first-party platform records email engagement and website activity to help us follow up. We never sell personal information for money and you can opt out of advertising sharing at any time. We honor privacy rights under the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA). The full detail is below.
Scope & who we are
This Privacy Policy explains how Triton Technical LLC ("Triton Technical," "we," "us," or "our") handles personal information in connection with the YMS360 software platform, the website at yms360.com, our mobile and desktop applications, APIs, help center, and related services (collectively, the "Services").
For purposes of the EU and UK General Data Protection Regulation ("GDPR"), Triton Technical LLC is the controller of personal information collected about visitors to our website and users of our Services, except where we act as a processor on behalf of a yacht owner, management company, or other customer who has subscribed to YMS360. In those cases, our customer is the controller and determines how data within their account is used. This policy describes our practices as a controller; for processing done on behalf of a customer, their privacy notice and our data processing agreement apply.
This policy does not apply to third-party websites, services, or applications that you may access through the Services, even if we link to them.
Information we collect
We collect information in three ways: information you provide to us, information we collect automatically, and information we receive from third parties.
Information you provide
| Category | Examples |
|---|---|
| Account data | Name, work email, phone number, job title, company or yacht affiliation, password (stored hashed) |
| Billing data | Billing contact, billing address, VAT/tax ID, purchase order references. Payment card details are collected directly by our payment processor and not stored on our servers. |
| Yacht & operational data | Vessel name, IMO/MMSI, flag, specifications, equipment registry, maintenance schedules, inventory, crew assignments, certificates, and logs you enter into the platform |
| Support & communications | Messages you send via email, chat, phone, demo requests, or forms, including any attachments |
| Marketing preferences | Subscription status for newsletters or product updates |
Information we collect automatically
- Usage data: pages viewed, features used, actions taken within the platform, time spent, click paths, and error reports.
- Device & technical data: IP address, approximate location derived from IP (country, city, and internet service provider / organization), browser type and version, operating system, device identifiers, language preferences, time zone, and referral URLs.
- Marketing campaign data: if you subscribe to our email list or visit our website after clicking one of our marketing emails or ads, we record UTM parameters (source, medium, campaign), landing page, referrer, and subsequent pages visited. For email recipients, we also record whether emails were opened, which links were clicked, and whether messages bounced. This data is used to measure campaign performance and calculate a lead score that helps our team prioritize follow-up.
- Cookies and similar technologies: see Section 11 below for details on what we set and how to control it.
- Log data: authentication events, API calls, and system diagnostic data used for security and debugging.
Information from third parties
- Identity providers if you log in using single sign-on (e.g., your company's SSO provider).
- Payment processors for transaction status and fraud signals (we do not receive full card numbers).
- Business contact sources such as publicly available professional directories, which we may use for business-to-business outreach in line with applicable law.
- Integration partners where you connect YMS360 to another system (for example, an accounting package or fleet database), we receive the data that integration is configured to exchange.
We do not knowingly collect special categories of personal data (such as health, biometric, or government ID data) unless you voluntarily provide it — for example, if a crew certificate you upload contains such information. If you choose to upload such data, you are responsible for ensuring you have the legal basis to do so.
How we use information
We use personal information for the following purposes:
- Providing the Services: creating and maintaining accounts, delivering platform features, syncing data across devices, enabling integrations, and processing your transactions.
- Customer support: responding to questions, troubleshooting, training, and onboarding.
- Billing and account administration: invoicing, processing payments, tax compliance, and collecting amounts owed.
- Security and fraud prevention: authenticating users, detecting and preventing abuse, investigating incidents, and enforcing our terms.
- Product improvement: analyzing aggregate usage to understand how features are used, fix bugs, and improve performance. Where we use customer data to improve the Services, we do so in de-identified or aggregated form.
- Communications: sending transactional messages (such as service notices, security alerts, and billing), and — if you have opted in or where permitted by law — product updates and marketing.
- Marketing, lead qualification, and sales follow-up: where you have subscribed to our email list or otherwise consented, we use the marketing campaign data described in Section 2 to measure how our campaigns perform, to calculate a lead score that reflects engagement (such as emails opened, links clicked, and pages visited on our website), and to prioritize outreach from our sales team. You can ask us to stop this at any time — see Sections 9, 10, and 11.
- Legal and compliance: complying with applicable laws, responding to lawful requests, and protecting our rights and those of our users.
We do not use personal information for automated decision-making that produces legal or similarly significant effects about you (see Section 13). We do not sell personal information, and we do not use customer content to train generative AI models.
Legal bases for processing (GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR:
- Contract (Art. 6(1)(b)): to provide the Services you or your organization have subscribed to and to perform pre-contract steps at your request (for example, handling a demo inquiry).
- Legitimate interests (Art. 6(1)(f)): to operate, secure, and improve the Services; to conduct business-to-business marketing where our interests are not overridden by your rights; and to defend legal claims. You have a right to object to processing based on legitimate interests.
- Consent (Art. 6(1)(a)): for non-essential cookies, certain marketing communications, and any processing where consent is legally required. You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): to meet accounting, tax, and other statutory requirements.
International data transfers
Triton Technical is headquartered in the United States. We and our service providers may process personal information in countries other than your own, including the United States and other jurisdictions where our vendors operate.
Where we transfer personal data out of the European Economic Area, United Kingdom, or Switzerland to a country that has not been granted an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK Addendum or UK International Data Transfer Agreement, supplemented by technical and organizational measures where necessary. You can request a copy of the relevant safeguards by contacting us at info@yms360.com.
Data retention
We retain personal information for as long as it is needed for the purposes described in this policy and for legitimate business or legal purposes after that. Retention periods vary by data type:
- Account and yacht data: for the life of the customer account, plus a reasonable period after termination to allow for data export and dispute resolution.
- Billing records: typically seven years to meet tax and accounting requirements.
- Support communications: generally up to three years after resolution.
- Marketing contacts: until you unsubscribe or object, plus a short suppression-list retention to honor your opt-out.
- Marketing engagement and lead-scoring data: while you remain a subscriber and for up to 24 months after your last engagement, after which the record is deleted or anonymized. IP addresses associated with anonymous website visits are retained for up to 13 months.
- Security and audit logs: typically 12–24 months.
- Backups: rotated on a defined schedule; deletions propagate to backups within that cycle.
When personal data is no longer needed, we delete or anonymize it. If deletion is not technically feasible (for example, on archival backups), we isolate it and protect it from further processing until deletion is possible.
Security
We take reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include:
- Encryption of data in transit (TLS) and at rest for our production databases
- Role-based access controls and the principle of least privilege
- Multi-factor authentication for administrative access
- Regular vulnerability scanning and patching
- Secure development practices and code review
- Logging, monitoring, and alerting for suspicious activity
- Incident response procedures
- Employee training and confidentiality obligations
No system is perfectly secure. We cannot guarantee absolute security, but we work continuously to improve our controls. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals without undue delay.
Your rights under GDPR
If you are in the EEA, UK, or Switzerland, you have the following rights with respect to your personal data:
- Access — obtain confirmation of whether we process your personal data and a copy of that data.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion in certain circumstances (the "right to be forgotten").
- Restriction — ask us to limit how we process your data in certain circumstances.
- Portability — receive your data in a structured, commonly used, machine-readable format, and transmit it to another controller where technically feasible.
- Objection — object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
- Withdraw consent — where we process on the basis of consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Lodge a complaint — with your local data protection supervisory authority. We would appreciate the chance to address your concerns first — please contact us before doing so.
How to exercise your rights
Email info@yms360.com with your request. We may need to verify your identity before responding. We will reply within one month of receiving a valid request, or let you know if we need a reasonable extension.
If your data was submitted to YMS360 by a customer (for example, your employer), we may refer your request to that customer and assist them in responding.
California privacy rights
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"), gives you the following rights:
- Right to know what personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it.
- Right to access the specific pieces of personal information we hold about you.
- Right to delete personal information, subject to certain exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. We do not sell personal information for money. However, when you consent to marketing cookies, certain identifiers (such as IP address and cookie IDs) may be shared with advertising partners like LinkedIn and Meta to measure our ads and show you relevant content, which the CCPA defines as "sharing for cross-context behavioral advertising." You can opt out at any time by rejecting marketing cookies in our consent banner, by sending a Global Privacy Control signal from your browser, or by emailing us.
- Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes that would trigger this right.
- Right to non-discrimination — we will not discriminate against you for exercising any of these rights.
Categories we collect
In the preceding 12 months, we have collected the following categories of personal information (as defined by the CCPA): identifiers (name, email, IP address); commercial information (subscription details); internet or other electronic activity information (usage data); geolocation (approximate, from IP); professional information (job title, employer); and inferences drawn from the above to understand product usage. Sources, purposes, and recipients are described in Sections 2, 3, and 5.
How to exercise California rights
Submit a request by emailing info@yms360.com or by using our contact form. We will verify your request using information we already hold. You may designate an authorized agent to make a request on your behalf; we may require written proof of authorization and verify your identity directly.
"Shine the Light": California Civil Code § 1798.83 permits California residents to request information about certain disclosures of personal information to third parties for their direct marketing purposes. We do not make such disclosures.
Children's privacy
The Services are intended for business users and are not directed to children. We do not knowingly collect personal information from individuals under 16. If you believe a child has provided personal information to us, please contact info@yms360.com and we will take appropriate steps to delete it.
Automated decision-making & profiling
We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you. We may use limited automated techniques for analytics, security (such as rate-limiting and fraud detection), and product recommendations within the platform. These do not produce such effects, but if you have questions about any specific processing, please contact us.
Third-party links and services
The Services may contain links to third-party websites, plugins, or integrations (for example, help center content, social media links, or partner applications). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where appropriate, provide additional notice — for example, by email to registered users or by a prominent notice in the Services. Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy, to the extent permitted by law.
Contact us
If you have questions or concerns about this Privacy Policy or our data practices, including how to exercise your rights, please get in touch. We aim to respond promptly.
Data Controller
Triton Technical LLC
Email: info@yms360.com
General inquiries: info@yms360.com
US Sales: +1.954.621.4901
UK Sales: +44.207.993.2547
EU / UK Matters
For data protection matters specific to the EU or UK, you also have the right to contact your local supervisory authority. We encourage you to reach out to us first at info@yms360.com so we can try to resolve your concern directly.