Legal

Privacy Policy

Last updated: 7 March 2026 · Effective date: 7 March 2026

JoinMyBoat ("we", "us", "our") operates joinmyboat.net (the "Platform"). This Privacy Policy explains what personal data we collect, why we collect it, how long we keep it, and what rights you have under the EU General Data Protection Regulation (GDPR) and applicable data protection law.

For questions or data requests, contact us at privacy@joinmyboat.net.

1. Data controller

JoinMyBoat is the data controller for all personal data processed through the Platform. We are registered in the European Union and process data exclusively on EU-based infrastructure (Cloudflare EU servers).

2. What data we collect

2.1 Account registration

  • Email address — used to identify your account and communicate with you.
  • Password — stored in hashed form; never readable by staff.
  • Account creation date — for audit and security purposes.
  • Marketing consent flag — whether you opted in to platform updates.

2.2 Profile and onboarding

  • Profile type — your self-declared category (Sailor / Employer / Explorer).
  • Display name — optional name shown on your profile.

2.3 Identity verification

  • Government-issued ID photo — passport, national ID card, or driver's licence image.
  • Selfie photograph — a photo of you holding your ID document.
  • Submission date and review status — to track the verification lifecycle.

Identity documents and selfies are used exclusively for identity verification. They are never shared publicly, sold, or used for any other purpose.

3. Why we collect your data (legal basis)

DataPurposeLegal basis
Email, passwordAccount creation and authenticationContract (Art. 6(1)(b) GDPR)
Profile typePersonalise your experience and match you with relevant contentContract (Art. 6(1)(b) GDPR)
ID photo, selfieIdentity verification to protect community safetyConsent (Art. 6(1)(a) GDPR) + Legitimate interest (Art. 6(1)(f))
Marketing flagSend optional platform updates and newsConsent (Art. 6(1)(a) GDPR)
Usage data (cookies)Platform performance and securityLegitimate interest (Art. 6(1)(f) GDPR)

4. How long we keep your data

  • Account data (email, profile type) — retained for the lifetime of your account. Deleted within 30 days of account deletion request.
  • ID photos and selfies — deleted 30 days after your verification is approved. If verification is rejected, documents are deleted within 7 days of your final resubmission attempt or account deletion, whichever comes first.
  • Verification status and timestamp — retained for audit purposes for 12 months after account closure.
  • Marketing opt-in records — retained until you withdraw consent or delete your account.

5. Data storage and security

  • All data is processed and stored on Cloudflare infrastructure in the European Union.
  • Identity documents are stored with AES-256 encryption at rest.
  • Connections to the Platform use TLS 1.3 encryption in transit.
  • Access to identity documents is restricted to authorised reviewers only, under confidentiality obligations.
  • We do not sell, rent, or share your personal data with third parties for marketing purposes.

6. Who sees your data

  • You — always have access to your own data via your dashboard.
  • Reviewers — authorised JoinMyBoat staff who review identity documents see only your first name, profile type, ID photo, and selfie. They do not see your email or last name.
  • Admins — platform administrators can see full account data for support and compliance purposes.
  • Third parties — we do not share personal data with third parties except where required by law.

7. Cookies

We use the following cookies and browser storage:

  • Necessary — session identifiers and authentication tokens required to operate the Platform. Cannot be disabled.
  • Analytics (optional) — aggregate usage data to improve the Platform. Only set with your consent.

You can manage your cookie preferences at any time via the cookie banner or your browser settings.

8. Your rights

Under GDPR, you have the following rights:

  • Right of access — request a copy of all personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure ("right to be forgotten") — request deletion of your account and all associated data.
  • Right to restriction — ask us to pause processing your data while a dispute is resolved.
  • Right to portability — receive your data in a structured, machine-readable format (JSON).
  • Right to withdraw consent — for data processed on the basis of consent (ID photos, marketing), you can withdraw at any time. This does not affect processing before withdrawal.
  • Right to object — object to processing based on legitimate interests.
  • Right to lodge a complaint — with your national data protection authority (e.g. CNIL, DPA, BfDI).

To exercise any right, email privacy@joinmyboat.net. We respond within 30 days.

You can also delete your own account directly from your dashboard settings. This deletes all personal data immediately.

9. Data transfers outside the EU

We do not transfer personal data outside the European Economic Area (EEA). All processing occurs on EU-based Cloudflare infrastructure.

10. Children

The Platform is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has registered, contact privacy@joinmyboat.net and we will delete the account immediately.

11. Changes to this policy

We may update this policy as the Platform evolves. Material changes will be notified via email or a prominent banner. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For all privacy-related enquiries and data requests:

Email: privacy@joinmyboat.net
Platform: joinmyboat.net