This Privacy Policy explains what information Boatcheckin collects, how it is used and shared, how long it is retained, what rights you have over it, and how to exercise those rights. It applies to boatcheckin.com, the Boatcheckin application, and related services (together, the "Services").
Boatcheckin is a recordkeeping platform used by charter operators ("Operators") to document trips and by passengers and other participants ("Guests") to self-register for those trips. This Policy covers both groups, plus anyone who visits boatcheckin.com without creating an account.
In plain terms:
This Policy applies to the Boatcheckin Services. It does not apply to Operator websites, booking platforms, third-party insurance agents, payment processors, or any other service you reach through a link in our Services. Those operate under their own privacy notices.
The Services are operated by Oakmont Logic LLC, a limited liability company organized under the laws of Wyoming, United States, doing business as Boatcheckin ("Boatcheckin," "we," "our," or "us"). Our mailing address is 7901 4th St N, #8722, St. Petersburg, Florida 33702, United States.
For questions about this Policy, how your data is processed, or to exercise any right described below, contact us at privacy@boatcheckin.com.
The role we occupy depends on whose data is being processed.
When an Operator creates a Boatcheckin account, we act as the data controller (or "business" under US state privacy laws) for information about that Operator the person signing up, their role, contact details, billing details, and how they use our Services.
When an Operator uses Boatcheckin to document a trip, we process Guest data and trip content on the Operator's behalf as a data processor (or "service provider" under US state privacy laws). The Operator decides what waiver text to use, what safety briefing to deliver, what retention applies, and how long records are kept beyond the statutory minimum. Guests who want to exercise rights over their data should contact the Operator of record first; we support Operators in responding.
For visitors to boatcheckin.com who are not signed in, we act as the controller of the limited data described in Section 4.
We collect data in three broad categories.
We do not intentionally collect information about race, ethnicity, religion, political views, sexual orientation, union membership, or other categories treated as sensitive under GDPR Article 9 unless you specifically choose to provide it.
We use the information above for the purposes listed below, and no others.
| Purpose | What this looks like in practice |
|---|---|
| Deliver the Services | Authenticate Operator accounts, generate and deliver trip links, capture Guest registrations, produce manifests and records for Operators. |
| Compliance recordkeeping | Store signatures, attestations, and audit trails in the form Operators rely on for federal maritime rules, state charter rules, and electronic signature law. |
| Operator communications | Send trip-link deliveries, account notices, service updates, billing receipts, and security alerts. |
| Guest communications | Deliver trip links and time-sensitive operational messages related to a Guest's specific booking, using the channel the Operator configured. |
| Support and operations | Diagnose issues reported by Operators, investigate abuse reports, and respond to security disclosures. |
| Security | Detect and prevent unauthorized access, fraud, and abuse; protect the integrity of the audit trail; enforce our Terms. |
| Legal obligations | Respond to lawful requests from courts, regulators, and law enforcement; maintain records we are required by law to keep. |
| Product improvement | Analyze aggregated, non-identifying usage patterns to improve reliability, performance, and user experience. |
We do not use Guest data to train general-purpose machine learning models, and we do not sell, rent, or otherwise make Guest data available to advertisers or data brokers.
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases for each processing activity:
We share personal information only in the specific situations below.
Guest data is shared with the Operator of record for the trip. That is the point of the Services the Operator needs the record. Operators are contractually required to handle Guest data in accordance with applicable law and their own privacy notices.
We use vetted third-party providers to deliver the Services hosting, database, email and SMS delivery, payment processing, error monitoring, and similar functions. These providers act as subprocessors, receive only the information needed for the task, and are contractually bound to handle it appropriately. See Section 8.
We may disclose information where required by law, subpoena, court order, or valid governmental request; to enforce our Terms; to protect our rights, property, or safety, or those of our users or the public; or in connection with investigation of suspected abuse or fraud.
If Boatcheckin is involved in a merger, acquisition, financing, or sale of assets, user information may be transferred as part of that transaction. We will notify affected users and give meaningful choices where the law requires them.
We share information at your direction for example, when you link your account to another service, or when you explicitly authorize disclosure.
We do not share personal information with advertising networks, data brokers, credit reporting agencies, or any party for their own independent marketing purposes.
We rely on a limited number of service providers to run the Services categories include cloud hosting, managed database, email delivery, SMS delivery, payment processing, error monitoring, mapping, and bot/abuse protection. Each is bound by a written agreement that restricts their use of data to the Services we engage them for.
Operators with a formal vendor-review process can request a current list of subprocessors, including identity, processing purpose, and location, by emailing privacy@boatcheckin.com. We also make this list available through our Data Processing Addendum where one is in place.
Boatcheckin is based in the United States, and our primary systems operate from US data centers. If you access the Services from outside the United States, your information is transferred to, stored in, and processed in the United States and potentially other jurisdictions where our subprocessors operate.
For transfers of personal data originating in the European Economic Area, the United Kingdom, or Switzerland, we rely on lawful transfer mechanisms including the Standard Contractual Clauses (SCCs) adopted by the European Commission, and equivalent mechanisms under UK and Swiss data protection law. Additional safeguards encryption in transit, encryption at rest, access controls, and contractual restrictions on subprocessor use apply in every case.
We retain personal information for no longer than necessary for the purposes set out in this Policy, with specific periods as follows.
| Category | Retention period | Reason |
|---|---|---|
| Compliance records (waivers, safety attestations, manifests) | Period set by Operator, bounded by the statute applicable to the Operator's jurisdiction. Default minimum: 5 years from trip completion. | Charter operators typically need these available well beyond the trip itself for regulatory, insurance, and litigation contingencies. |
| Trip operational data (route configuration, captain logs, non-signature artifacts) | Duration of the Operator account plus 1 year. | Supports Operator history and reporting. |
| Operator account data | Duration of the account, plus time necessary to close billing and comply with tax/accounting rules. | Account continuity and legal obligations. |
| Marketing-linked Guest data | Rolling 90 days from trip completion unless the Guest has opted in to Operator communications. | Minimize persistence of non-compliance data. |
| Technical logs | 90 days for general logs; up to 1 year for security and audit-trail logs. | Incident investigation and security posture. |
| Backups | Rolling window up to 35 days for point-in-time recovery. | Disaster recovery and integrity verification. |
When the applicable period ends, personal information is deleted or irreversibly anonymized. Where we are required by law to retain specific information longer (for example, accounting records under tax law), we retain only the specific information required and continue to protect it.
You have rights over your personal information. The rights available to you depend on where you are located; below we describe the rights we extend globally, followed by jurisdiction-specific detail.
In addition to the above, you have the rights under GDPR / UK GDPR / Swiss FADP to object to processing, restrict processing, data portability, and to withdraw consent where we rely on it. You may lodge a complaint with your local supervisory authority.
California residents have the right to know what categories and specific pieces of personal information we have collected, sold, or shared; the right to request deletion; the right to correct inaccurate information; the right to opt out of sale or sharing of personal information for cross-context behavioral advertising; and the right not to be discriminated against for exercising these rights.
Boatcheckin does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have the rights conferred by those laws, including access, correction, deletion, opt-out of targeted advertising and sale, and appeal of denied requests. We honor these rights on the same footing as our CCPA obligations.
Operators can request access, correction, export, or deletion from the Operator dashboard or by emailing privacy@boatcheckin.com.
Guests seeking to exercise rights over trip records should contact the Operator of record first, since the Operator controls that data. We will support the Operator in responding, and we will process requests directly where we act as the controller.
We verify requests before responding in order to protect the information from unauthorized disclosure. We respond to verified requests within the period required by applicable law, and in no event later than 45 days for US state privacy law requests, extended by 45 additional days where reasonably necessary with notice.
Boatcheckin is designed for use by adults Operators operating commercial vessels and Guests boarding those vessels. The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent.
Where Operators collect information about minor Guests (for example, a family charter that includes children) as part of the trip record, the information is collected from and entered by an adult responsible for the minor. Operators are responsible for obtaining any parental consent required by applicable law.
If you believe we have inadvertently collected information from a child under 13 without appropriate consent, contact us at privacy@boatcheckin.com and we will delete it.
We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These measures are described in our Security page, and include encryption in transit (TLS 1.3) and at rest, least-privilege access controls, cryptographic hashing of signed records, audit logging, and routine review of our practices.
No system can be guaranteed 100% secure. If a security incident affects your personal information, we will notify you and any applicable regulators in accordance with law.
We use cookies and similar technologies that are strictly necessary to operate the Services, plus a limited set of functional and analytics technologies. Our Cookie Notice explains what we use, why, and how to manage your preferences.
Some browsers transmit a "Do Not Track" signal. Because there is no common industry standard for how to respond, we do not currently change our behavior based on DNT. Where our Services receive a Global Privacy Control (GPC) signal from a compatible browser or extension, we honor it as a valid opt-out request for applicable personal information categories under US state privacy laws.
We may update this Policy from time to time. When we do, we will update the "Effective date" at the top of the Policy and, for material changes, give notice through the Services or by email to registered Operators. Your continued use of the Services after the effective date of a change constitutes acceptance of the updated Policy.
Older versions of this Policy are available on request.
If you have questions about this Policy, want to exercise a right, or have a complaint about how your personal information is handled, contact us.
Mail
Boatcheckin · Privacy
7901 4th St N, #8722
St. Petersburg, FL 33702 · United States
Response target
Acknowledgment within 10 business days; full response within the window required by applicable law.