Privacy Policy

This policy applies wherever you interact with the Services — whether you visit the website directly, use a mobile application, or use a white-label deployment run by one of our partners. Where a partner operates a white-label version, that partner may act as an independent or joint controller of your personal data in addition to us; please also check the partner's own privacy notice.

The Services are operated under the cruise-port.com brand. You can reach us with any privacy questions or requests at hello@cruise-port.com.

We only collect data we actually need. Depending on how you use the Services, this may include:

• Information you give us directly, such as your name and email address when you contact us, sign up to be notified about a feature, or submit community feedback about a port.
• Technical information collected automatically, such as your IP address, browser type, device type, language preference and referring page.
• Usage information such as which pages you visit, the search terms you use and the cookie consent you've given. Analytics data is only collected after you opt in.
• Content you contribute, such as port feedback, photos you upload, or text you submit in forms.

We do not ask for, and actively avoid storing, special-category data such as health or political opinions.

We use personal data to:

• Operate, maintain and improve the Services.
• Reply to your questions or feedback.
• Notify you about features you've asked to be notified about (for example, the Plan my day launch).
• Understand how the Services are used, in aggregate, so we can make them better.
• Keep the Services safe and prevent abuse.
• Comply with legal obligations.

We do not sell your personal data, and we do not use it for profiling or automated decision-making that produces legal effects on you.

Under the GDPR, we rely on the following lawful bases:

• Consent — for analytics cookies and optional email notifications. You can withdraw consent at any time.
• Legitimate interests — for keeping the Services running safely, preventing abuse, and for limited anonymous usage measurement where consent is not required by law.
• Performance of a contract — where you sign up for a specific feature that requires an account.
• Legal obligations — where we are required by law to retain or disclose certain information.

We share data only with service providers who help us run the Services, and only for that purpose. These include:

• Hosting and infrastructure providers that store our data and serve our Services.
• Database providers (Supabase) that host our port content and any feedback you submit.
• Email and form providers (FormSubmit) that deliver messages you send via our contact forms.
• Analytics providers (Google Analytics) — only where you have given consent.
• White-label partners, where the Services are offered under a partner's brand, for the limited purpose of providing the Services to you.

We do not share your personal data with advertisers and we do not sell it.

Some of our service providers operate outside the European Economic Area (EEA) — notably Google (United States). Where we transfer personal data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions. You can ask us for more information about these safeguards at any time.

We keep personal data only as long as we need it:

• Contact messages and feedback: up to 3 years, then deleted unless we have a legal reason to keep them.
• Notify-me signups: until the feature launches and we contact you, or until you unsubscribe — whichever comes first.
• Analytics data: up to 26 months in an aggregated, non-identifiable form.
• Cookie consent records: up to 12 months so we can prove the choice you made.

When these periods expire, we delete or anonymise the data.

Subject to the conditions set out in the GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct data that is inaccurate or incomplete.
• Delete your data (the "right to be forgotten").
• Restrict how we use your data.
• Object to processing based on our legitimate interests.
• Portability — receive your data in a common, machine-readable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with a supervisory authority in the EU country where you live or work.

To exercise any of these rights, email hello@cruise-port.com. We will respond within 30 days.

The Services are not directed at children under the age of 16, and we do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We use appropriate technical and organisational measures to protect your personal data — including encrypted transport (HTTPS), access controls on our databases, and service providers that meet recognised security standards. No online service can be perfectly secure, but we work hard to minimise the risk.

We use a small number of cookies and similar technologies. For a full description of what we use, why, and how to manage your preferences, please see our Cookie Policy.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of the page. For significant changes, we will also give notice through the Services (for example, via a banner) so you have a chance to review the changes.

If you have any questions about this Privacy Policy or how we handle your personal data, email hello@cruise-port.com. We will do our best to address your question or request promptly.