Cookie Policy

This document records every cookie and browser-storage item Sealink Bridge sets, the purpose each serves, and the legal basis on which we rely. Sealink Bridge does not deploy analytics, advertising or third-party tracking cookies.

Effective date30 May 2026Version1.0ControllerSealink

1.Scope

This policy applies to the Sealink Bridge web application served from bridge.sealink.co and to the public crew captive-portal pages served from/portal/* on the same domain. It does not cover MikroTik router-side cookies served from vessel LANs; those are governed by the equipment operator.

2.Inventory of cookies and storage items

The following table is exhaustive. Items not listed below are not set by Sealink Bridge.

abridge_sidCookie
Keeps you signed in to the hub. The cookie value is an opaque session identifier; the matching record on our server is what actually authenticates you.
Classification
Strictly necessary
Retention
Up to 30 days, refreshed on sign-in
__sealink_device_idCookie
Identifies the browser you sign in from so we can email you the first time a sign-in arrives from a device we do not recognise. Random per browser; contains no personal identifiers.
Classification
Strictly necessary (security)
Retention
12 months, refreshed on sign-in
sealink.cookie-notice.dismissedLocal storage
Records that you have dismissed the cookie notice so it is not shown on every page. Stored exclusively in your browser; never transmitted to our servers.
Classification
Strictly necessary
Retention
Until you clear browser storage

3.Legal basis

All items above are necessary for the operation of the service you have requested and qualify as strictly-necessary under Article 5(3) of the EU ePrivacy Directive (2002/58/EC, as amended) and Article 5(2)(ç) of the Turkish Personal Data Protection Law (KVKK) on the basis of legitimate interest in delivering the contracted service.

For this reason, the cookie notice presented on first visit is an informational notice and does not offer an accept/decline control. Declining strictly-necessary cookies would render the service inoperable.

4.Third parties

No third-party scripts, beacons or pixels are embedded in Sealink Bridge pages. Outbound network requests made by the web application during use are limited to the following:

  • Sealink Bridge backendOur own API at bridge.sealink.co. Operated by the controller; no data leaves Sealink systems.
  • Map tile providersOpenStreetMap and OpenSeaMap tile servers, used by the vessel and coverage map views. Each tile request discloses the requesting IP to the tile server.
  • IP geolocationipapi.co for one-off IP lookups in the audit log viewer. Results are cached on our side for seven days; the same IP is never looked up twice inside that window.

5.Controlling cookies

All modern browsers provide controls for inspecting, deleting and blocking cookies for a specific origin. Deleting the cookies listed in §2 will sign you out and cause the next sign-in to be treated as originating from a new device, which triggers an email notification.

6.Changes to this policy

We may update this policy when our processing activities change. The Effective date in the header always reflects the most recent revision. Material changes will be communicated to administrators by email at the address recorded on their account.

Contact
For questions about this policy or to exercise your rights as a data subject, contact legal@sealink.co. The full Privacy Policy sets out the wider data-processing context.