Privacy Policy

Last updated: February 2026

SeaHike ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use the SeaHike mobile application.

1. Data We Collect

Account Information

When you create an account, we collect your email address and password (stored as a secure hash). We also collect your first name, last name, and role (Captain or Crew).

Profile Information

You may provide additional profile details such as a profile picture, boat details (for captains), or sailing skills and experience (for crew members).

Location Data

When you use the app, we collect your current location to show you nearby sailors on the map. Your location is only shared in real-time with other users and is not stored historically. You may also set an intended destination, which is stored until you change or remove it.

Messages

When you communicate with other users through the app, we store your messages to deliver them and maintain conversation history. Messages are retained while your bond is active, plus 30 days after a bond ends, then permanently deleted.

Reviews and Ratings

Reviews and ratings you submit about other users are stored to build community trust.

Activity Data

We track your online/offline status (ephemeral, not stored) and last seen timestamp to help other users know your availability.

2. Legal Basis for Processing

We process your data based on:

• Contract: Processing necessary to provide the SeaHike service (account management, location matching, messaging, reviews).
• Consent: You consent to our Terms of Service when creating an account.

We do not process data based on legitimate interest for any purpose that users can object to.

3. How We Use Your Data

• Match captains with crew members based on location
• Enable in-app messaging between connected users
• Display user profiles and reviews
• Send transactional emails (verification, password reset)
• Maintain the security and integrity of the service

4. Data Sharing

We do not sell your data. We share data only with:

• Email service provider: Your email address and first name for transactional emails (EU-based provider with GDPR compliance).
• Cloud storage: Profile pictures are stored on EU-based S3-compatible storage with encryption at rest.

We do not use analytics, advertising, or social login services. No data is transferred outside the EU.

5. Data Retention

• Account data: Until account deletion, plus 30 days for backup recovery.
• Location: Real-time only, not stored historically.
• Messages: While bond is active, plus 30 days after bond ends.
• Reviews: Until your account is deleted. Reviews you received are anonymized upon deletion.
• Notifications: Auto-expire after 30 days.

6. Your Rights

Under GDPR, you have the right to:

• Access: Download all your data from Account Settings.
• Rectification: Edit your profile information at any time.
• Erasure: Delete your account permanently from Account Settings. All your data will be removed.
• Portability: Export your data in a machine-readable JSON format.

7. Data Security

We protect your data with:

• HTTPS encryption for all communications (TLS 1.3)
• Password hashing with bcrypt
• Encryption at rest for databases and file storage
• JWT token authentication for API access
• Role-based access control (you can only access your own data)

8. Cookies

The SeaHike website uses only essential cookies for language preference. We do not use tracking or advertising cookies.

9. Children's Privacy

SeaHike is not intended for children under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app or by email.

11. Contact

For questions about your privacy or to exercise your rights, contact us at privacy@seahike.app.