Privacy Policy

Last updated: May 20, 2026

Effective date: January 1, 2026

1. Who we are

This privacy policy is published by:

D-ICE Engineering SAS ("D-ICE", "we", "us")

1 rue de la Noë, 44321 Nantes, France

SIREN 809 273 329 — Share capital €6,000,000 — Publication Director: Sofien Kerkeni

Phone: +33 2 40 37 53 25

Data protection contact / DPO: privacy@dice-engineering.com

General contact: contact@dice-engineering.com

D-ICE acts as data controller within the meaning of the General Data Protection Regulation 2016/679 (GDPR) and the French Loi Informatique et Libertés no. 78-17.

This policy describes how we collect, use, share, retain and protect personal data when you:

  • visit dice-engineering.com, squid-sailing.com or any of their pages;
  • use the institutional website (contact form, job applications, newsletter);
  • use our applications (web, iOS, Android, desktop), such as Squid — including when you choose "Sign in with Google".
  • This policy is the default reference framework applicable in the absence of any other agreement. It does not prevail over commercial contracts, framework agreements or specific terms negotiated between D-ICE Engineering and its professional clients. Under such contracts, the data protection provisions agreed contractually take priority. This policy applies in full to users of our products (such as Squid) who are not bound to D-ICE by a specific contract.

2. Personal data we collect

2.1 Data you provide to us

Category When Examples
Identity and contact Registration, contact form, account creation First name, last name, email address, phone, company, job title
Authentication Account creation, login Username, hashed password (where applicable), MFA secret
Payment and subscription Subscribing to a paid plan Billing name and address, VAT number, last 4 digits of payment method (full card details remain with Stripe; we never see them)
User content Use of the applications Routes, GPX tracks, polars, vessel data, waypoints, support messages, screenshots
Communication preferences Account settings Language, dark mode, notification opt-in

2.2 Automatically collected data

Category Where Purpose
IP address (truncated for audience measurement; full only in security logs) Web and application server logs Security, fraud prevention, debugging
User agent, OS, application version Logs Compatibility, support
Approximate city-level location (derived from IP) Web logs Aggregated statistics, fraud detection
Precise GPS position (mobile/desktop applications, after OS permission) On device, transmitted only when actively using a routing feature Weather routing, race tracking
Diagnostic data (crash reports, metrics) Sentry / our internal logging Incident diagnosis

2.3 Data received from Google (when you choose "Sign in with Google")

The D-ICE applications using "Sign in with Google" include in particular Squid, Tactics and Panoramics. For Tactics and Panoramics, deployed under commercial contracts, the specific data processing terms agreed contractually take priority over this policy.

When you activate "Sign in with Google" on one of our applications, Google requests your consent and then transmits to us only the data covered by the scopes below. We request no other access to your Google account.

Google scope Data received Why
openid Stable Google identifier (sub), opaque to a human To link your D-ICE account to your Google account and log you in automatically
email Email address of your Google account and email_verified boolean To create your account, send operational notifications and allow support to contact you
profile First name, last name, locale and (if available) profile photo URL To personalise the interface and display your name in shared spaces

We do not request and do not access: Gmail messages, Google Drive files, Google Calendar events, Google Contacts, Google Photos, YouTube data, Chrome history, Fitness data, Health Connect, or any other Google API.

If we were to add a new scope, we would update this policy before the new consent is deployed and notify you by email.

3. Use of Google data — "Limited Use" commitment

D-ICE Engineering's use, and transfer to any other application, of information received from Google APIs is limited to the following purposes:

  1. Providing user features of our applications (Squid, Tactics, Panoramics): creating and maintaining your account, authenticating you, displaying your name and photo, contacting you for transactional messages.
  2. Improving these features, in aggregated form or with your explicit consent for usage measurement.
  3. Complying with the law or a legally binding request.
  4. Investigating security incidents, abuse or violations of our Terms of Use.
  5. We do not:
  • use Google data for any form of advertising — targeted, personalised or retargeted;
  • sell, rent or transfer Google data to data brokers, information resellers or any third party;
  • use Google data for credit or lending decisions;
  • train, fine-tune or evaluate any artificial intelligence or machine learning model using Google data;
  • transfer or share Google data with any third party outside the cases strictly necessary for the purposes above, a legal obligation, or a restructuring in which the acquirer commits in writing to comply with this policy.
  • You may revoke access granted to D-ICE at any time at https://myaccount.google.com/permissions. This revocation does not delete the D-ICE account that was created; to delete your D-ICE account, see § 7.

3a. Aggregated and anonymised data

D-ICE Engineering may use and commercialise aggregated and anonymised data collected through the use of its services and applications — for example via Squid: maritime traffic flows, environmental data, routing or port call statistics.

This data cannot under any circumstances identify a natural person. It cannot under any circumstances identify an individual vessel.

No personal data, no navigation data specific to a particular vessel, and no information from your private content is included in these processing activities.

Should we move towards less aggregated or potentially identifying data, we would inform you in advance and obtain your explicit consent.

4. Purposes and legal bases (GDPR art. 6)

Purpose Legal basis
Creation and management of your D-ICE account Performance of a contract (art. 6.1.b)
Authentication and security Performance of contract + legitimate interest (art. 6.1.b and 6.1.f)
Billing and subscription management Performance of a contract (art. 6.1.b)
Provision of routing, navigation and analysis features Performance of a contract (art. 6.1.b)
Operational and security logging Legitimate interest (art. 6.1.f): fraud prevention, diagnostics, service security
Service emails (transactional) Performance of a contract (art. 6.1.b)
Marketing emails (newsletter, product updates) Consent (art. 6.1.a), revocable via the unsubscribe link
Audience measurement / product analytics Consent (art. 6.1.a) or legitimate interest (art. 6.1.f) subject to CNIL exemption criteria
Use of aggregated and anonymised data Legitimate interest (art. 6.1.f) — anonymised data falls outside the scope of the GDPR
Legal obligations (accounting, tax) Legal obligation (art. 6.1.c)

5. Our technical service providers

We do not sell your personal data. Certain technical service providers process personal data in the course of providing our services. Each is bound by a GDPR-compliant data processing agreement.

Provider Role Location
Amazon Web Services Hosting and infrastructure France (Paris)
Stripe Payment and billing Ireland
Google Authentication, messaging EU / United States (SCCs)
Sentry Diagnostics and error reporting EU
Webflow Institutional website United States (SCCs)
Apple / Google Play Mobile distribution and push notifications EU / United States (SCCs)

6. International transfers

Some providers host data outside the European Union. Each transfer is governed by the Standard Contractual Clauses approved by the European Commission (decision 2021/914) and, where applicable, the recipient's EU-US Data Privacy Framework certification.

7. Retention and deletion

Category Retention period
Account identity (email, name, Google sub) Duration of account + 3 years after closure
Invoices and accounting records 10 years (French tax law)
Authentication logs 12 months
Application logs containing IP addresses 12 months
User content (routes, polars, tracks) Duration of account; deletion within 30 days of closure
Proof of marketing consent 3 years from last contact
Cookies and trackers 13 months maximum
Support tickets 3 years from closure
Diagnostic / crash data 90 days

Account deletion. You may request the deletion of your D-ICE account at any time by writing to privacy@dice-engineering.com or via the dedicated button in the application where available. Deletion is confirmed within 30 days. Certain data may be retained beyond this period solely to comply with a legal obligation.

8. Your rights

Under articles 15 to 22 of the GDPR, you have the following rights:

  • Access to your personal data (art. 15);
  • Rectification of inaccurate data (art. 16);
  • Erasure (right to be forgotten) (art. 17);
  • Restriction of processing (art. 18);
  • Objection to processing based on legitimate interest (art. 21);
  • Portability: receive your data in a machine-readable format (art. 20);
  • Withdrawal of consent at any time, without affecting prior processing.
  • To exercise these rights, write to privacy@dice-engineering.com. We respond within one month. You may also lodge a complaint with the CNIL, 3 place de Fontenoy, 75007 Paris — https://www.cnil.fr.

9. Security

We implement appropriate technical and organisational measures to protect data against unauthorised access, alteration, disclosure or destruction, including:

  • HTTPS throughout (preloaded HSTS);
  • encryption at rest for databases and object storage;
  • identity federation via our self-hosted Keycloak, mandatory MFA for staff with production access;
  • role-based access control, audit logging;
  • regular penetration testing and dependency vulnerability analysis;
  • staff bound by confidentiality obligations and trained in data protection.
  • Report any security incident to security@dice-engineering.com.

10. Cookies and trackers

The dice-engineering.com website uses cookies and similar identifiers. Strictly necessary cookies are placed without consent; all others (audience measurement, embedded media) require your consent, given via the banner on first visit. You may change your preferences at any time via the "Cookie preferences" link in the footer. Cookies have a maximum lifetime of 13 months, in line with CNIL recommendations.

11. Minors

Our products are not intended for persons under 16 years of age. We do not knowingly collect personal data relating to minors. If you believe a minor has provided us with data, write to privacy@dice-engineering.com: we will proceed with its deletion.

12. Changes

We may update this policy from time to time. The "Last updated" date at the top of the page indicates the latest revision. Any material change will be notified to you by email before it takes effect, in accordance with the commitments set out in our Terms of Use.

13. Contact

Data Protection Officer (DPO): privacy@dice-engineering.com

Post:

D-ICE Engineering SAS — DPO

1 rue de la Noë, 44321 Nantes, France