Effective date: March 2026
At NiekaLab Pte. Ltd. (“NiekaLab”, “we”, “us”, or “our”), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use Pelagos (“the Service”). By using or accessing the Service, you acknowledge that you accept the practices and policies outlined below.
Your use of Pelagos is at all times subject to our Terms of Service. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.
For privacy-related questions, contact us at privacy@getpelagos.com.
This Privacy Policy covers how we treat personal data that we gather when you access or use Pelagos. “Personal data” means any information that identifies or relates to a particular individual, including information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws.
This Privacy Policy does not cover the practices of companies we do not own or control, or people we do not manage.
When you create an account and use Pelagos, we collect:
You also create an organization within Pelagos and provide a name for it. This is a user-provided label and does not need to be your legal company name.
You upload compliance documents to Pelagos, including SMS manuals, procedures, policies, audit records, inspection evidence, and other compliance documentation. The content of these documents may contain personal data about individuals within your organization (such as crew names, roles, or incident details). You are responsible for ensuring you have the appropriate legal basis to share any personal data contained within documents you upload.
When you use Pelagos, you generate data through your interactions with the Service, including compliance analysis results, KPI scores, evidence mappings, disputes, stage claims, and submission packages.
If you contact us by email or through the Service, we collect the information you provide in those communications.
When you use Pelagos, certain information is collected automatically through our service providers:
Our service providers (Supabase, PostHog, and Sentry) may automatically collect information such as your IP address, browser type and version, operating system, device type, and referring URLs. We do not actively collect this data in our application logic, but it is captured as part of the standard operation of these third-party services.
We use PostHog to collect anonymous product usage data, such as which features are used, pages visited, and session activity. This data helps us understand how people use Pelagos and improve the Service. PostHog does not receive any document content or compliance data.
We use Sentry to capture application errors and performance issues. Sentry receives error traces and diagnostic information. Sentry does not receive document content or compliance data.
We use Stripe to process payments and manage subscriptions. When you subscribe to a paid plan, Stripe collects your payment information (such as credit card number, billing address, and email) directly. Pelagos does not store credit card numbers or payment credentials on our servers. Please refer to Stripe's Privacy Policy for details on how they handle your payment data.
We use the personal data we collect for the following purposes:
We do not send marketing or promotional emails. All emails from Pelagos are transactional and directly related to your use of the Service.
We will not use the personal data we collect for materially different, unrelated, or incompatible purposes without providing you notice.
We do not sell your personal data. We do not share your personal data with third parties for their marketing purposes. We only share personal data with the following categories of service providers who help us operate the Service:
We may disclose your personal data to third parties if required to do so by law, regulation, court order, or legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of NiekaLab, our users, or the public.
If NiekaLab undergoes a merger, acquisition, bankruptcy, or other transaction in which a third party assumes control of our business, your personal data may be transferred to that third party. We will make reasonable efforts to notify you before your information becomes subject to a different privacy policy.
Because Pelagos handles sensitive compliance documents, we want to be especially clear about how this data is treated:
Your documents are private by default. There is no privacy mode toggle or data sharing opt-in. All customer documents are treated as confidential at all times.
Pelagos uses cookies and similar technologies to operate the Service and understand how it is used.
Session and authentication cookies managed by Supabase. These are required for the Service to function and to keep you logged in. You cannot opt out of these cookies without losing access to the Service.
PostHog sets cookies for session and user identification to help us understand product usage patterns. These cookies do not contain document content, compliance data, or payment information.
Pelagos does not use marketing cookies, advertising cookies, retargeting cookies, or tracking pixels.
You can control cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or be notified when a new cookie is set. If you disable essential cookies, some features of the Service may not function properly.
For EU-based users, analytics cookies are only set with your consent. You can manage your cookie preferences through the cookie consent banner displayed when you first visit Pelagos.
We use appropriate technical and organizational measures to protect your personal data from unauthorized access, use, and disclosure. These include encryption of data in transit using TLS, encryption of stored data through our infrastructure providers, role-based access control, and logical data isolation between customer organizations.
For a detailed description of our security practices, please see our Security page.
While we work to protect your data, no method of transmitting data over the internet or storing data is completely secure. You should also help protect your data by keeping your account credentials confidential and notifying us if you suspect unauthorized access.
We retain your personal data for as long as you have an active account with Pelagos or as otherwise necessary to provide you with the Service.
Account data — Retained until you delete your account.
Compliance documents — Retained until you delete them.
Analysis results, disputes, and submissions — Retained until you delete them.
Automatically collected data (usage analytics, error traces) — Retained according to the policies of our service providers (PostHog, Sentry).
Payment data — Retained by Stripe according to their policies and legal obligations.
You can delete your account at any time from within the Pelagos application. When you delete your account, we remove all associated personal data from our database and document storage within 30 days. Some data may persist in encrypted backups for up to 30 days before being permanently removed.
You can also request deletion of your data by contacting us at privacy@getpelagos.com.
Depending on where you reside, you may have certain rights regarding your personal data. Pelagos supports the following rights for all users, regardless of location:
Access — You can request information about the personal data we hold about you.
Rectification — You can update your personal data at any time through your account settings, or by contacting us.
Deletion — You can delete your account and all associated data from within the application, or by contacting us.
Data Portability — You can export your data from Pelagos at any time through the export functionality in the application.
Objection and Restriction — You can contact us to object to or request restriction of certain processing of your personal data.
To exercise any of these rights, contact us at privacy@getpelagos.com. We will respond to your request within 30 days.
Pelagos is operated by NiekaLab Pte. Ltd., registered in Singapore. Our primary infrastructure is hosted on Amazon Web Services in Tokyo, Japan (ap-northeast-1 region). Your data may also be processed by our service providers in other jurisdictions, including the United States (where Anthropic, OpenAI, Stripe, PostHog, and Sentry are based).
By using Pelagos, you acknowledge that your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.
For EU-based users, we ensure that any transfer of personal data outside the European Economic Area is protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission. You may request a copy of these safeguards by contacting us at privacy@getpelagos.com.
If you are a resident of the European Union, United Kingdom, Liechtenstein, Norway, or Iceland, you may have additional rights under the General Data Protection Regulation (“GDPR”).
NiekaLab Pte. Ltd. is the controller of your personal data processed in connection with the Service. Where we process personal data on behalf of our customers (for example, personal data contained within compliance documents uploaded by our customers), we act as the processor. If we are the processor of your personal data, please contact the relevant Pelagos customer (the controller) in the first instance to address your rights.
We process your personal data on the following lawful bases:
Contractual Necessity — We process your account data, compliance documents, and analysis results because it is necessary to perform our contract with you and provide the Service. Without this processing, we cannot provide you access to Pelagos.
Legitimate Interest — We process automatically collected data (usage analytics, error traces, device and connection data) based on our legitimate interest in improving the Service, ensuring its security, and fixing bugs. We balance these interests against your rights and freedoms.
Legal Obligation — We may process personal data when required to comply with applicable laws, regulations, or legal processes.
Consent — We process analytics cookies based on your consent, which you can withdraw at any time through the cookie consent banner or your browser settings.
In addition to the rights listed in the “Your Rights” section above, EU residents have the following rights:
Withdrawal of Consent — Where we process your personal data based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint — You have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.
Pelagos is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children under 18. If we learn that we have collected personal data from a child under 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us with personal data, please contact us at privacy@getpelagos.com.
We may update this Privacy Policy from time to time as we improve the Service or as required by law. If we make material changes, we will notify you by email or by placing a notice within the Service before the changes take effect.
Your continued use of Pelagos after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
For customers who require a Data Processing Agreement (DPA) under GDPR or other applicable data protection laws, we offer a DPA upon request. Please contact us at privacy@getpelagos.com to request a copy.
If you have any questions or concerns about this Privacy Policy, how we collect and use your personal data, or your rights regarding your data, please contact us at: