Privacy Policy

CrewFindr ("we", "us") is the data controller for personal data processed through this service. You can reach us at [email protected].

• Account data: email, display name, optional phone number, optional avatar.
• Captain data: boats, trips, invites, crew contacts you add, join requests, and crew interest you receive.
• Technical data: a session cookie for keeping you signed in, and IP / user-agent metadata recorded by our authentication provider for security purposes. Short error logs.

• Performance of a contract: running the service so you can plan trips and coordinate crew.
• Legitimate interests: security, abuse prevention, and basic service improvement.
• Consent: for any non-essential cookies (we do not use any today; if that changes we will ask you first).

• Captains see crew and RSVP responses for their own trips.
• Other signed-in users only see public boats and public trips, plus the public part of your profile (display name and avatar). Your email and phone are never shown to other users.
• Processors: Lovable Cloud / Supabase (hosting, authentication, database — EU region) and the email provider used to send RSVP links. These processors act on our documented instructions.
• We do not sell your data, do not show ads, and do not transfer data outside the EEA beyond what these processors disclose.

If you are a captain and you add a person to your crew list, you are jointly responsible for that data with us. You must have a lawful basis to add them (typically their consent or a clear legitimate interest) and you should be ready to inform them on request. Crew members can ask the captain — or us — to remove their details at any time.

• Account data: until you delete your account.
• Trips and invites: up to 24 months after the trip date, then anonymised.
• Security and error logs: at most 90 days.

You can at any time:

• Access the data we hold about you.
• Correct inaccurate data (Settings → Profile).
• Delete your account and data (Settings → Your data).
• Restrict or object to certain processing.
• Withdraw consent where processing is based on consent.
• Export your data in a machine-readable format (see section 8).
• Lodge a complaint with your national data protection authority.

For any of these, email [email protected] or use the in-app tools in Settings.

Under Regulation (EU) 2023/2854 (the Data Act) you have the right to receive, and to have transferred to another provider, the data you have generated or co-generated using CrewFindr — in a structured, commonly used and machine-readable format. You can download a full JSON export of your data at any time from Settings → Your data → Export.

We do not impose unreasonable obstacles on switching to another provider or on porting your data. If something is missing from your export, tell us and we will add it.

CrewFindr sets one essential cookie that keeps your session signed in. We do not use analytics, advertising, or tracking cookies. You can change your cookie choice any time in Settings → Cookie preferences.

Data is encrypted in transit. Database access is protected by row-level security so that captains can only read and write their own records. Passwords are hashed by our authentication provider; we never see your password.

CrewFindr is not directed to children under 16.

We will update the "Last updated" date above when this policy changes. For material changes we will notify you in the app.