Privacy Policy

How we protect and handle your personal information

Last updated: January 2025

Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Account Information

  • Email address and password
  • Boat information and maintenance records
  • Usage data and preferences
  • Payment information (processed securely by Stripe)
  • Financial data including maintenance costs, expenses, and forecasting information
  • Vessel specifications and system configurations
  • Task schedules and maintenance history

Automatically Collected Information

  • Device information and IP address
  • Usage patterns and feature interactions
  • Performance and error data
  • App analytics and crash reports
  • Location data (if you enable location-based features)

How We Use Your Information

We use the information we collect to provide, maintain, and improve our services:

  • Provide personalized maintenance recommendations
  • Send important updates and notifications
  • Process payments and manage subscriptions
  • Improve our AI recommendations and features
  • Provide customer support
  • Generate financial forecasts and cost analysis
  • Analyze app performance and user experience
  • Comply with legal obligations

Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties, except as described in this policy:

  • Service providers: We share data with trusted service providers who assist in our operations (e.g., Stripe for payments, Firebase for data storage, analytics providers)
  • Legal requirements: We may disclose information when required by law or to protect our rights
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred (with notice to users)
  • Analytics and advertising: We may share anonymized, aggregated data for analytics purposes

Data Security

We implement appropriate security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: All data is encrypted in transit and at rest using industry-standard protocols
  • Secure servers: Data is stored on secure, cloud-based servers with regular security audits
  • Access controls: Strict access controls limit who can access your personal information
  • Financial data protection: Financial information is processed through PCI DSS-compliant payment processors
  • Regular security audits: We conduct regular security assessments and updates

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Retained while your account is active and for 30 days after deletion
  • Financial data: Retained for 7 years to comply with tax and accounting requirements
  • Maintenance records: Retained for 10 years to provide historical maintenance data
  • Analytics data: Retained for 2 years in anonymized form
  • Support communications: Retained for 3 years to provide ongoing support

Cross-Border Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Data is primarily stored in the United States
  • We use standard contractual clauses and other appropriate safeguards for international transfers
  • We comply with applicable data protection laws in all jurisdictions where we operate

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Your Rights

You have the right to:

  • Access and update your personal information
  • Delete your account and associated data
  • Export your maintenance records and data
  • Opt out of marketing communications
  • Request correction of inaccurate data
  • Restrict processing of your data
  • Data portability (receive your data in a structured format)

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

GDPR Compliance (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data processing
  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision making and profiling

Financial Data Protection

We take extra precautions to protect your financial information:

  • Payment processing is handled by PCI DSS-compliant providers (Stripe)
  • We do not store credit card information on our servers
  • Financial data is encrypted using industry-standard protocols
  • Access to financial data is strictly limited and audited
  • We comply with applicable financial data protection regulations

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification
  • Displaying a notice in our app

Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

  • Email: privacy@gettelltale.com
  • Address: Telltale, [Your Business Address]
  • Data Protection Officer: privacy@gettelltale.com

For EU users, you also have the right to lodge a complaint with your local data protection authority.