Privacy Policy
1. Scope
This Privacy Policy describes how we collect, use, share, and protect personal information when you use the Proteus Crew service (the "Service") through our marketing website at proteus-marine-intelligence.com and the application at app.proteus-marine-intelligence.com.
The Service is a sailing crew-scheduling tool. We process two distinct categories of user:
- Skippers, paying account holders who manage a boat program. Skippers have an authentication account tied to their email address.
- Crew, invitees who access a skipper's program via a per-program shareable link. Crew do not create accounts and are identified by a name they provide and, optionally, an email address or web-push subscription if they opt into reminders.
The Service is currently offered to users located in the United States. Users outside the U.S. should not sign up at this time.
2. Personal information we collect
From skippers
| Category | Examples | Source |
|---|---|---|
| Account identifiers | Email address | Provided at signup via our Merchant of Record (Paddle.com Inc.) |
| Boat program data | Boat name, sail number, club, season | Entered by skipper in the app |
| Payment metadata | Subscription status, customer ID, subscription ID, billing-period end date, last 4 of card | Returned by Paddle; we do not collect or store full payment card numbers |
| Acceptance audit | Versions of Terms of Service and Privacy Policy accepted, timestamp, user agent | Recorded when the skipper completes the clickwrap acceptance gate |
| Usage data | Sign-in timestamps, IP address as observed by hosting infrastructure | Captured by our hosting and authentication provider |
From crew
| Category | Examples | Source |
|---|---|---|
| Identity | Real name (required), display name / nickname (optional) | Entered by the crew member |
| Contact (optional) | Email address (only if crew opts in to email reminders), web-push subscription (only if crew opts in to push reminders) | Entered or granted by the crew member |
| RSVP data | Per-race availability (In / Maybe / Out) | Entered by the crew member |
| Acceptance audit | Versions of Terms of Service, Privacy Policy, and "Not a Safety Device" notice accepted; reminder consent flags; user agent | Recorded at the crew clickwrap step |
Automatically collected
We use minimal first-party local storage (your browser's localStorage) to remember your session between visits, for skippers, the authentication session; for crew, the per-program context that lets them return to their RSVP page without re-onboarding. We do not use third-party analytics, advertising, or tracking cookies.
3. How we use personal information
We use the personal information we collect to:
- Provide and operate the Service, authenticate users, store boat programs, deliver RSVPs to skippers, send race-day reminders when crew have opted in.
- Process payments through Paddle.com Inc. as Merchant of Record.
- Send transactional emails, welcome messages, magic sign-in links, race reminders, billing receipts.
- Maintain a versioned audit of clickwrap acceptances as required for our Terms of Service and for compliance.
- Diagnose and fix issues, limited logs from our hosting and edge-function providers, retained for operational debugging.
- Comply with applicable law, respond to lawful requests, and protect the rights and safety of users and the Service.
We do not use personal information for advertising, profiling, automated decision-making with legal effects, or sale to third parties. We do not use customer data to train third-party AI models.
4. How we share personal information
We share personal information only with the service providers we rely on to operate the Service, and only as needed for their specific function:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase Inc. (USA) | Database, authentication, edge functions, file hosting | All account, program, crew, RSVP, and audit data |
| Paddle.com Inc. (USA / UK) | Merchant-of-Record payment processing, sales-tax / VAT collection | Skipper email, billing address, payment card data (collected by Paddle at checkout, we never see card numbers) |
| Resend Inc. (USA) | Transactional email delivery | Skipper and crew email addresses, message content |
| Vercel Inc. (USA) | Application and marketing-site hosting | IP address and request metadata as inherent to web hosting |
| Cloudflare Inc. (USA) | DNS resolution | IP address and request metadata as inherent to DNS |
| Google LLC (USA) | Operator mailbox for hello@, support@, billing@, privacy@ correspondence | Email messages sent to or from those addresses |
We do not sell personal information. We do not share personal information with third parties for their own marketing purposes.
5. Legal bases for processing
Our lawful bases for processing your personal information are:
- Contract performance, operating the Service for skippers under our Terms of Service and providing the crew-side features that paying skippers have invited you to use.
- Legitimate interests, securing the Service, debugging issues, maintaining the acceptance audit, and combating fraud or abuse, weighed against your rights.
- Consent, sending reminder emails or push notifications to crew who have opted in. You can withdraw consent at any time by toggling the relevant setting in the app or contacting us.
- Legal obligation, responding to lawful requests from authorities or to enforce our Terms.
6. International data transfers
Our service providers are located in the United States. The Service is currently offered to users located in the United States. If you access the Service from outside the United States, do not provide personal information; we are not equipped to handle cross-border data transfer requirements at this time.
7. Your rights
Depending on where you live, you may have the following rights with respect to your personal information:
- Access, request a copy of the personal information we hold about you
- Correction, request that we correct inaccurate or incomplete information
- Deletion, request that we delete your personal information, subject to limited exceptions
- Portability, receive a copy of certain personal information in a structured, machine-readable format
- Restriction or objection, limit or object to certain processing
- Withdraw consent, for reminder channels you opted into
- Non-discrimination, we will not retaliate for exercising any of these rights
To exercise a right, email privacy@proteus-marine-intelligence.com from the address associated with your account or program. We may need to verify your identity before fulfilling your request, and we will respond within the time period required by applicable law.
Skippers can delete their account by emailing us. Deletion cascades to the boat program, crew records associated with that program, and acceptance audit records (after the retention period required for our legal compliance).
Crew can request removal of their crew row by emailing us with their name, the boat program name, and the skipper's email. We will verify with the skipper before removing.
California residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know, the right to delete, the right to correct, the right to opt out of "sale" or "sharing" of personal information (we do not sell or share), and the right not to be retaliated against for exercising these rights. We do not use sensitive personal information for purposes that trigger a separate right to limit.
Maryland residents
If you are a Maryland resident, you have rights under the Maryland Online Data Privacy Act of 2025 (effective October 1, 2025), including the right to confirm processing, the right to access, the right to correct, the right to delete, the right to portability, and the right to opt out of sale of personal data, targeted advertising, and profiling that produces legal effects. We do not engage in sale, targeted advertising, or such profiling. Maryland residents may also appeal a denial of a privacy request by replying to the denial email; if the appeal is denied, you may submit a complaint to the Maryland Attorney General.
8. Children's privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, contact us at privacy@proteus-marine-intelligence.com and we will delete it.
The Service has a college sailing free tier. By creating a college-tier program, the skipper or head coach represents that all participating crew members are at least 18 years old, or that parental consent has been obtained for each participating crew member under 18.
9. Data retention
| Data | Retention period |
|---|---|
| Skipper account and program data | For the life of the account; deleted within 30 days of a verified deletion request |
| Crew records | For the life of the associated boat program |
| Payment metadata | As required by tax and financial-record laws, typically 7 years |
| Clickwrap acceptance audit | 5 years from the date of acceptance, then deleted unless required for ongoing legal dispute |
| Operational logs (hosting, edge function) | 30 days |
| Email message content (Resend) | 30 days, per Resend's default retention |
| Email correspondence (Google Workspace) | Indefinitely unless deletion is requested |
10. Security
We protect personal information using industry-standard measures:
- HTTPS for all traffic between your device and the Service
- Row-level security on our database, scoped per-program
- Hashed and salted authentication credentials managed by Supabase Auth
- HMAC-signed webhooks for payment events from Paddle, validated server-side
- Per-crew revocable access tokens, so revoking a crew member terminates their access immediately
No system is perfectly secure; we cannot guarantee that personal information will never be subject to unauthorized access or disclosure. If a personal data breach affecting your information occurs, we will notify you and applicable regulators as required by law (in Maryland, within 45 days of discovery, per the Maryland Personal Information Protection Act).
11. Cookies and similar technologies
We do not use third-party advertising, analytics, or tracking cookies. We use first-party localStorage only for the essential functions described in section 2 (session persistence). Disabling localStorage will prevent the Service from working but no other tracking will be affected.
12. Third-party links
The Service may link to third-party websites such as our Merchant of Record's checkout page, the Paddle customer portal, yacht-club Notice of Race documents, or organizing-authority websites. We are not responsible for the privacy practices of those third parties. Review their privacy policies separately.
13. Changes to this policy
We will update this Privacy Policy from time to time. The effective date at the top of this page indicates when it was last revised. Material changes will trigger a re-acceptance prompt in the app, and we will email skippers at the address on file. Continued use of the Service after a change indicates acceptance of the revised policy.
14. Contact us
For questions about this Privacy Policy or to exercise any of the rights described above:
Email: privacy@proteus-marine-intelligence.com
Phone: +1 (410) 571-4932
Operator: Proteus Marine Intelligence Systems, LLC
State of formation: Maryland, USA