TripTrek Operations Web Dashboard

Introduction

Welcome to the TripTrek Operations Web Dashboard. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access and use the TripTrek Operations Web Dashboard (the "Web Dashboard" or "Platform") as an authorized employee, contractor, or staff member.

The TripTrek Operations Web Dashboard is a business-to-business (B2B) web application designed for comprehensive maritime transportation operations management, analytics, and administration.

Website URL: https://ops.triptrek.com
Developer: TripTrek
Contact: webops@triptrek.travel

Information We Collect

Account and Authentication Information

• Full name, work email, work phone number
• Employee ID or staff number
• Password (encrypted and hashed)
• Two-factor authentication details (if enabled)
• Assigned role and access rights
• Operator/company affiliation

Browser and Device Information

• Browser Data: Type, version, language, plugins, user agent
• Device Info: OS, screen resolution, device type
• Network Info: IP address, ISP, geographic location (from IP)
• Session Data: Login/logout times, session duration, last activity

Usage and Activity Data

• Pages and screens viewed, features accessed
• Navigation patterns and clickstream data
• Operational actions (trip creation, payment approvals, bookings)
• Data access logs (which records viewed/downloaded)
• Search queries and report generation

Cookies and Tracking Technologies

Types of Cookies We Use

Strictly Necessary Cookies (Cannot be Disabled)

• Authentication Cookies: Keep you logged in
• Security Cookies: Protect against fraud and CSRF attacks
• Session Management: Maintain session state

Functional Cookies (Can be Disabled)

• Preference Cookies: Remember dashboard preferences
• Language Settings: Store language selection
• Theme Settings: Remember light/dark mode
• Layout Preferences: Store customized layouts

Performance Cookies (Can be Disabled)

• Analytics Cookies: Track usage patterns (anonymized)
• Error Tracking: Identify technical issues
• Load Time Monitoring: Optimize performance

Analytics Cookies (Optional)

• Google Analytics: Website traffic and usage
• Firebase Analytics: User behavior and features

Cookie Duration

• Session Cookies: Deleted when browser closes
• Persistent Cookies: Preferences (1 year), Analytics (2 years), Security tokens (30 days)

Managing Cookies

You can control cookies through:

• Browser settings (block/delete cookies)
• Cookie consent banner on first visit
• Cookie preferences: Settings → Privacy → Cookie Settings

How We Use Your Information

Operational Management

• Verify identity and enforce role-based access control
• Display relevant operational data and generate reports
• Process trip and vessel management operations
• Enable payment processing workflows
• Support crew and staff administration

Business Analytics

• Generate operational dashboards and revenue reports
• Analyze booking trends and vessel utilization
• Track key performance indicators (KPIs)
• Produce compliance and executive reports

Performance Evaluation

Employee Monitoring and Workplace Privacy

Data Processing on Behalf of Operators

When you access passenger information, you process data on behalf of your employer. You must:

• Maintain Confidentiality: Keep all data confidential
• Use Strong Security: Strong passwords, log out when away, enable 2FA
• Appropriate Use Only: Access only necessary data
• Report Breaches: Report incidents within 24 hours

Misuse may result in: immediate account suspension, employment termination, legal action, regulatory penalties, and criminal charges.

Data Storage and Security

Infrastructure

• Storage: Firebase Firestore (Singapore region)
• Encryption: TLS 1.3 in transit, AES-256 at rest
• Backups: Multi-region redundancy, encrypted backup storage

Web Application Security

• Authentication: Bcrypt password hashing, JWT tokens, 2FA support
• Authorization: Role-based access control, permission validation
• Protection: XSS protection, CSRF protection, CSP headers
• Session Security: 30-minute timeout, secure cookies (HttpOnly, Secure flags)

Network Security

• HTTPS mandatory for all connections
• HSTS (HTTP Strict Transport Security)
• Web Application Firewall (WAF)
• DDoS protection and rate limiting

Data Retention

• Active Account: All data retained while active
• Post-Termination: Access revoked immediately, credentials deleted within 30 days
• Operational Records: 7 years (financial/regulatory compliance)
• Audit Logs: 7 years (legal requirements)
• Safety Records: Indefinitely

Browser Compatibility

Fully Supported (Recommended):

• Google Chrome (latest 2 versions)
• Mozilla Firefox (latest 2 versions)
• Apple Safari (latest 2 versions)
• Microsoft Edge (latest 2 versions)

Requirements: JavaScript enabled, Cookies enabled, TLS 1.2+, Screen resolution 1280x720 minimum

Not Supported: Internet Explorer (all versions)

Third-Party Services

• Firebase/Google Cloud: Database, authentication, storage, analytics
• Google Analytics: Web analytics and behavior tracking
• Cloudflare: CDN, DDoS protection, performance
• SendGrid/AWS SES: Transactional email delivery

Your Privacy Rights

• Access: Request copies of your data
• Correction: Update personal information
• Deletion: Request deletion (subject to legal requirements)
• Portability: Receive data in structured format (JSON, CSV)

Limitations: Cannot delete audit logs, historical business records, or mandatory compliance records.

To exercise rights: Email webops-privacy@triptrek.travel or contact your employer/HR

Contact Us

• Privacy Questions: webops-privacy@triptrek.travel
• Data Protection Officer: dpo@triptrek.travel
• Security Incidents: security@triptrek.travel (24/7)
• Technical Support: webops-support@triptrek.travel

Cookie Policy Summary