Privacy Policy

Crew the Boat ("Crew the Boat", "we", "us", or "our") operates a UK-based online platform that connects UK boat owners and skippers with sailors looking for genuine, non-commercial crew opportunities. We prioritise trust and safety, avoid commercial charter activity, and comply with UK GDPR and the Online Safety Act. Crew the Boat is operated by ACADEMIA IMPERIALIS LTD (company number 16477045), registered in England and Wales.

For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), ACADEMIA IMPERIALIS LTD t/a Crew the Boat is the data controller for personal data processed through our website, apps, and services (the "Platform").

• Registered company: ACADEMIA IMPERIALIS LTD (No. 16477045)
• Registered office: 2nd Floor, College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom
• Contact (privacy): support@crewtheboat.com

We have not formally appointed a Data Protection Officer. For all privacy queries, please contact us using the details above.

ICO registration: pending.

This Privacy Policy applies to personal data processed when you browse our website, create an account, build a sailing profile, post or respond to listings, use messaging, purchase paid features (featured listings, boosts, alert subscriptions), undergo qualification verification, choose to complete optional identity verification, or otherwise interact with the Platform.

We collect and process the following categories of personal data:

• Account data: name, email address, date of birth (18+ verification), password hash, user type (e.g., boat owner, sailor).
• Profile data: sailing experience (roles, miles), skills, qualifications, verification status/badges, home port/region, preferred sailing, a short bio, and optional profile photos.
• Qualification & verification data: details and images of sailing certificates (e.g., RYA/MCA), evidence uploaded to verify qualifications, and related review metadata (who verified, when). If you choose to complete optional identity verification, our provider (Stripe Identity) may process images of your ID and liveness/facial similarity checks; we receive the verification result and related metadata.
• Listings & content: listing details, departure/arrival ports and routes, crew requirements, non-commercial cost-sharing information, messages and other content you submit.
• Payments & billing: purchase history for featured listings, boosts and alerts. Card details are handled by Stripe; we store tokens and transaction metadata, not full card numbers.
• Safety & moderation data: user reports, flags, automated and human review outcomes, rate-limit events, sanctions (scope, reason, duration), and appeal records.
• Technical & usage data: IP address, device and browser info, pages and features used, session identifiers, cookies, error logs, and approximate location derived from search radius and map interactions.

We do not seek special category data (e.g., health, ethnicity, religion). Please do not include sensitive data in profiles, listings, or messages.

• Directly from you when you register, complete your profile, create listings, message others, or contact support.
• Automatically via cookies and similar technologies when you use the Platform.
• From service providers for payments (Stripe) and, where applicable, qualification verification metadata and optional identity verification results (from Stripe Identity) if you choose to verify.

• Provide the Platform: account registration, profiles, listings, messaging, notifications, and support.
• Verification: validate sailing qualifications and maintain verification badges; provide optional identity verification and trust badges if you choose to verify.
• Safety & moderation: detect and prevent commercial chartering, illegal content, harassment, and spam; apply tailored rate limits; manage reports and sanctions consistent with the Online Safety Act.
• Payments: process transactions for featured listings, boosts, alerts; maintain a seven‑year audit trail for financial records.
• Improvements & analytics: understand usage, fix issues, and improve reliability and performance.
• Legal compliance: respond to lawful requests and meet regulatory, tax, and safety obligations.
• Marketing (optional): send product updates or newsletters where you have opted in; you may unsubscribe at any time.

• Contract (Article 6(1)(b)): to create your account, operate profiles, listings, messaging, and deliver paid features you purchase.
• Legitimate interests (Article 6(1)(f)): platform safety and abuse prevention; qualification verification; improving and securing our services; handling reports and sanctions; protecting our community and business. We balance these interests against your rights and expectations.
• Legal obligation (Article 6(1)(c)): tax and accounting record‑keeping; responding to lawful requests; Online Safety Act duties.
• Consent (Article 6(1)(a)): optional marketing emails, any non‑essential cookies, and optional identity verification (Stripe Identity). We will ask for your explicit consent for identity verification. You can withdraw consent at any time.
• Vital interests (Article 6(1)(d), rare): where we reasonably believe there is a serious and imminent risk to life or safety.

• Other users: information you choose to include in your profile and listings is visible to other users.
• Service providers (processors): payment processing, cloud hosting and storage, email delivery, error monitoring, and security services. Processors act under our instructions and appropriate contracts.
• Law enforcement and regulators: when required by law or to protect you, us, or others.

We do not sell personal data.

Our key service providers include (non‑exhaustive):

• Hosting & infrastructure: Hetzner (Germany/EU) – cloud hosting and VPN infrastructure for secure network operations.
• Email delivery (transactional): Brevo (EU) – sends account and service emails.
• Payments & verification: Stripe – processes payments for paid features and provides optional identity verification services (Stripe Identity) if you choose to verify.

We primarily host and store data in the UK or EEA. Where data is transferred outside the UK (for example, to the United States by certain service providers such as Stripe), we use UK‑approved transfer safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum, together with additional measures where appropriate.

We keep personal data only as long as necessary for the purposes described above:

• Account & profile: kept while your account remains active; deleted within 30 days of confirmed account deletion, subject to the exceptions below.
• Payments & invoices: 7 years from the end of the financial year of the transaction (HMRC requirement).
• Qualification and identity verification results: kept while verification is active and for up to 12 months after expiry or removal to support re‑verification and audit. We do not store raw identity document images processed by Stripe Identity in our systems.
• Messages: kept for the life of the account; you may delete individual conversations. Deleted accounts remove messages from your view; limited server copies may persist briefly in backups.
• Moderation records: kept for as long as reasonably necessary to uphold safety decisions and prevent evasion (serious cases may be retained for longer).
• Logs & telemetry: typically up to 12 months, unless needed to investigate security incidents.

Under UK GDPR you have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Erase data (subject to legal obligations and our safety duties).
• Restrict or object to certain processing, including where based on legitimate interests.
• Portability of data you provided to us.
• Withdraw consent where processing is based on consent.

You can exercise many rights in Settings → Privacy. Otherwise email support@crewtheboat.com. We may need to verify your identity before responding. You also have the right to complain to the UK Information Commissioner's Office (ICO).

• We use a combination of automated signals (e.g., rate‑limits, keyword checks) and human review to enforce policies that prevent commercial charter activity, block fare advertising, and protect users.
• We may apply scoped sanctions (e.g., chat‑only or site‑wide) with auto‑expiry. You can appeal decisions via support.
• We do not make automated decisions that produce legal or similarly significant effects about you. Ranking (e.g., featured listings first, then by distance) is profiling for relevance, not a significant automated decision.

We use essential cookies for authentication, security, and core features. With your consent, we may use non‑essential cookies (e.g., analytics) to help improve the Platform. You can review or change your preferences at any time in Cookie settings. See our Cookie Policy for details.

• Payments for featured listings, boosts, and alert subscriptions are processed by Stripe as our payment processor. We do not store your full card details.
• Optional identity verification: to increase trust and safety, you may choose to complete identity verification via Stripe Identity. Stripe may process images of your government‑issued ID and perform facial similarity and liveness checks to verify that the document belongs to you. We do not store the raw identity document images in our systems; Stripe provides us with the verification result and related metadata.
• We will request your explicit consent before starting identity verification. You can refuse or withdraw consent; refusal will not prevent you from using the Platform but may mean you do not receive trust badges or higher rate limits.
• Stripe may act as an independent controller for certain activities and a processor for others. See the Stripe Privacy Policy and Stripe Identity documentation for details.
• We maintain a seven‑year financial audit record as required by UK law.

We implement appropriate technical and organisational measures including encryption in transit, access controls, rate‑limiting, monitoring, and regular reviews. No system is 100% secure; please use strong, unique passwords and keep your device software up to date.

Crew the Boat is for adults aged 18 and over. We do not knowingly collect data from children. If you believe a child is using the Platform, contact us immediately.

We may update this Privacy Policy to reflect changes to our processing or legal requirements. We will post the updated version here and, if the changes are material, notify you through the Platform or by email.

Questions, requests, or complaints about privacy can be sent to support@crewtheboat.com. You may also complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.