NS
Nautical Staffing

Privacy Policy

Last updated: April 23, 2026

Nautical Staffing LLC ("Nautical," "we," or "us") operates a recruiting platform that connects clients with offshore talent. This policy explains what personal information we collect, how we use it, and the choices you have. It applies to our website, the client portal at portal.nauticalstaffing.com, and all related services (the "Services").

1. Who the policy covers

Clients. Businesses that engage us to source and place talent.

Candidates. Individuals we consider for placement with a client.

Visitors. Anyone browsing our public site.

2. Information we collect

From clients

  • Name, business email, phone, and company.
  • Authentication data: one-time 6-digit codes we email you, and a session cookie after you sign in to the portal.
  • Role requirements you share with us (job descriptions, required skills, salary ranges).
  • Actions you take in the portal: candidates you select, pass on, or ask questions about; messages you send us.
  • If you choose to connect your Google Calendar, we read free/busy information (no event titles, descriptions, or attendees) and we create a separate secondary calendar named “Nautical Staffing Interviews” that we use for new interview events. We never access, modify, or delete events on your existing calendars.

From candidates

  • Profile data provided to our recruiting team, synced from our applicant tracking system (Recruit CRM), including name, email, phone, location, résumé, work history, education, skills, and salary expectations.
  • Optional introductory video, and derived analysis (transcript, communication scoring).
  • Scheduling data when you book an interview through a link we send you.

Automatically

  • Log data: IP address (hashed for session fingerprinting), user-agent, timestamps.
  • A small number of strictly-necessary cookies to keep you signed in. We do not use advertising cookies.

3. How we use information

  • Run the recruiting workflow: screening, presenting candidates, scheduling interviews, and placement.
  • Use AI (Anthropic's Claude) to summarise résumés, score fit, and generate decision context. Scores are recommendations — humans make final decisions.
  • Send transactional email (login codes, notifications, booking links) via Resend.
  • Comply with legal obligations and enforce our Terms.
  • Improve the Services using aggregated, de-identified usage data.

4. Sub-processors and data sharing

We use the following service providers to run the Services. Each is contractually bound to protect your data and use it only for the purposes we specify.

  • Railway — application hosting and managed Postgres database (US-based).
  • Anthropic — large-language-model inference for résumé parsing, scoring, and summarisation. Data sent for inference is not used to train Anthropic's models.
  • Google (Cloud, Calendar, OAuth, Meet) — calendar integration and video conferencing. Scopes used: calendar.freebusy (read busy times only) and calendar.app.created (create + manage a separate secondary calendar that the app provisions). We do not request any access to events on your existing calendars.
  • Resend — transactional email delivery.
  • Deepgram — automated transcription for candidate intro videos (when candidates submit them).
  • Recruit CRM — our applicant tracking system. Candidate data originates here and syncs into our platform.

We do not sell personal information. We do not share personal information with third parties for advertising or cross-context behavioural advertising.

5. Data retention

  • Client account data is retained while your account is active and for up to 24 months after closure for audit purposes, then deleted.
  • Candidate data is retained while we believe there is a reasonable prospect of placement, and for up to 24 months after the last meaningful activity. You may request earlier deletion (see Rights below).
  • Authentication tokens and session cookies expire on their own schedules (login codes within 10 minutes, sessions within 14 days of last use).
  • Email logs are retained for 90 days for troubleshooting delivery issues.

6. Your rights

Depending on where you live (including the EU under GDPR and California under CCPA), you may have rights to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate.
  • Request deletion of your information.
  • Object to or restrict certain processing.
  • Request a copy of your data in a portable format.
  • Withdraw consent where we rely on consent.

To exercise any of these rights, email us at privacy@nauticalstaffing.com. We will respond within 30 days.

7. Security

We use industry-standard measures including encryption in transit (HTTPS), encryption at rest for database storage, hashed login tokens, and least-privilege access controls. No system is perfectly secure; we encourage you to use strong, unique passwords and keep your devices updated.

8. Children

The Services are not directed to children under 16 and we do not knowingly collect their information.

9. International transfers

Our infrastructure is hosted in the United States. If you are accessing the Services from outside the US, your information will be transferred to, stored, and processed in the US. We rely on Standard Contractual Clauses and appropriate safeguards for cross-border transfers where required.

10. Changes

We may update this policy. If changes are material, we'll notify affected users by email. The “Last updated” date at the top will always reflect the current version.

11. Contact

Questions or concerns? Email privacy@nauticalstaffing.com.