Privacy Policy

We collect information you provide when creating an account, listing a boat, making bookings, or communicating on our platform:

1.2 Information Collected Automatically

When you use our platform, we automatically collect certain technical information:

• Usage Data: Pages visited, features used, time spent on platform, search queries
• Device Information: Browser type, operating system, device type, screen resolution
• Log Data: IP address, access times, referring URLs, error logs
• Location Data: Approximate geographic location (from IP address) for search results and local content

1.3 Information from Third Parties

We may receive information from third-party services when you use them in connection with Aquavora:

• Payment Processors (Stripe): Payment verification, transaction success/failure, fraud detection signals
• Authentication Services: If you sign in using third-party authentication (future feature)
• Analytics Providers: Aggregated usage statistics and performance metrics (see Section 6)

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

• Contract Performance: Processing necessary to provide our services and fulfill our contract with you
• Legitimate Interests: Improving our platform, preventing fraud, ensuring security
• Legal Obligations: Complying with applicable laws and regulations
• Consent: Where required by law, such as for marketing communications (you can withdraw consent anytime)

When you use Aquavora to rent or list boats, certain information is shared with other users to facilitate transactions:

Privacy Note: We never share your email address publicly or with other users unless you explicitly include it in messages. Payment information is never shared - all payments are processed securely through Stripe.

3.2 Service Providers & Business Partners

We share information with trusted third-party service providers who help us operate the platform:

Data Processing Agreements: All service providers are contractually required to protect your data and use it only for the purposes we specify.

3.3 Legal Requirements & Safety

We may disclose your information when required by law or to protect rights and safety:

• To comply with legal obligations, court orders, or regulatory requests
• To respond to law enforcement or government agency requests
• To enforce our Terms of Service or other agreements
• To investigate suspected fraud, abuse, or security issues
• To protect the rights, property, or safety of Aquavora, our users, or the public
• In connection with legal proceedings or investigations

3.4 Business Transfers

If Aquavora is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the new entity. We will notify you of any such change and your options regarding your information.

3.5 Aggregate & De-Identified Data

We may share aggregate, anonymized, or de-identified information that cannot reasonably be used to identify you. For example:

• Platform usage statistics and trends
• Aggregate booking patterns by region
• General performance metrics

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy. Specific retention periods vary by data type:

After Retention Periods: When information is no longer needed, we securely delete or anonymize it. Some backup copies may persist in our systems for disaster recovery purposes but are not actively used.

Legal Holds: If information is subject to legal proceedings, investigations, or regulatory requirements, we may retain it longer than the standard retention period.

Depending on your location, you have certain rights regarding your personal information:

5.1 Rights for All Users

5.2 Additional Rights (GDPR - European Users)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under GDPR:

• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances
• Right to Restriction of Processing: Limit how we use your data in certain situations
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing based on consent (doesn't affect prior lawful processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

5.3 Additional Rights (CCPA - California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information (subject to legal exceptions)
• Right to Opt Out of Sale: We do not sell personal information, but you have the right to opt out if practices change
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

5.4 Limitations on Rights

Note: These rights are not absolute. We may deny requests that are manifestly unfounded, excessive, or where we have compelling legal grounds to continue processing. For example, we may retain financial records for tax compliance even after account deletion.

Aquavora uses only essential cookies required for platform functionality. We do not use tracking cookies, advertising cookies, or other non-essential cookies.

6.2 Privacy-Focused Analytics

To understand how users interact with our platform and improve the experience, we use Plausible Analytics - a privacy-focused analytics service that:

• Does not use cookies - No tracking cookies stored on your device
• Does not collect personal data - No IP addresses, unique identifiers, or cross-site tracking
• Fully GDPR & CCPA compliant - No consent banners required
• Aggregated statistics only - We see page views and traffic trends, not individual user behavior
• Open source and transparent - View their code at github.com/plausible/analytics

6.3 Your Control Over Analytics

Because Plausible doesn't use cookies or collect personal data, you don't need to opt in or accept anything. However, you can still opt out if you prefer:

• Browser Extensions: Use privacy-focused browsers or extensions like uBlock Origin
• Do Not Track: Enable "Do Not Track" in your browser settings (we honor this signal)
• Ad Blockers: Most ad blockers automatically block analytics scripts

6.4 No Third-Party Advertising

We do not use advertising cookies, tracking pixels, or any third-party advertising networks. You will never see targeted ads based on your Aquavora activity.

6.5 Managing Cookies

You can control cookies through your browser settings:

• Most browsers allow you to view, manage, and delete cookies
• You can block all cookies, but this may prevent you from logging in
• We recommend allowing essential cookies for proper platform functionality

Aquavora integrates with several trusted third-party services to provide core functionality. These services have their own privacy policies that govern how they handle your data:

We take data security seriously and implement industry-standard technical and organizational measures to protect your personal information:

Payment Security

Your Security Responsibilities

While we implement robust security measures, your cooperation is essential:

• Strong Passwords: Use unique, complex passwords (8+ characters with uppercase, numbers, and symbols)
• Keep Credentials Private: Never share your password or account access with others
• Logout on Shared Devices: Always log out when using public or shared computers
• Report Suspicious Activity: Contact us immediately if you suspect unauthorized access
• Update Contact Info: Keep your email address current for security notifications

Security Incident Response

If we discover a security incident that affects your personal information, we will:

• Notify affected users within 72 hours (or as required by law)
• Provide details about the nature of the breach
• Explain steps we're taking to mitigate harm
• Offer guidance on protective measures you can take
• Cooperate with regulatory authorities as required

COPPA & Age Restrictions

Our platform complies with the Children's Online Privacy Protection Act (COPPA) and international regulations regarding children's data:

• Age Requirement: You must be at least 18 years old to create an Aquavora account or use our services
• Age Verification: By creating an account, you represent and warrant that you are 18 or older
• Parental Consent Not Offered: We do not offer mechanisms for parental consent because our services are not designed for users under 18

If We Learn of Underage Users

Reporting Underage Users

If you believe someone under 18 has created an account on Aquavora, please contact us immediately at:

For European Users (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland:

• Legal Basis: Data transfers to the US are based on your consent and our legitimate interests in operating a global platform
• Safeguards: We implement appropriate safeguards, including:
  • Standard Contractual Clauses (SCCs) with service providers
  • Technical security measures (encryption, access controls)
  • Regular data protection assessments
• Data Protection Rights: You maintain all rights under GDPR regardless of where data is processed
• Supervisory Authority: You can file complaints with your local data protection authority

International Service Providers

Some of our service providers operate globally and may process data in multiple countries:

• Stripe: Processes data globally with servers in US, EU, and other regions
• Supabase: Data stored in US data centers with global CDN delivery
• Vercel: Edge network with global points of presence

Your Consent to Transfer

By creating an account and using Aquavora, you:

• Consent to the transfer of your personal information to the United States and other countries
• Acknowledge that US and other countries' laws may differ from your home country
• Agree that disputes will be governed by Minnesota law (see Terms of Service)

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. You can always find the current version at:

Your Options After Changes

If you don't agree with changes to this Privacy Policy:

• You may stop using the platform
• You may request deletion of your account (see Section 5 - Your Privacy Rights)
• You may exercise any applicable data protection rights

Previous Versions

If you would like to review a previous version of this Privacy Policy, please contact us at info@aquavora.com.