Privacy Policy

1. Information We Collect

Information you provide directly:

• Account information: name, email address, username, date of birth, and profile photo
• Cruise data: cruise line, ship, dates, cabin details, itineraries, ports of call, and travel companions
• Journal content: day-by-day entries, photos, mood and weather tags
• Crew records: names, roles, and descriptions of crew members you choose to log
• Cost data: optional spending records you enter for each cruise
• Ratings: star ratings and notes you assign to your cruises

Information collected automatically:

• Authentication tokens and session data (stored in cookies, used solely to keep you signed in)
• Basic usage information such as the pages you visit within the app, used to improve the Service
• Device and browser type for compatibility and security purposes

Information from third parties:

• If you sign in with Google, we receive your name, email address, and profile picture from Google in accordance with your Google account permissions

2. How We Use Your Information

We use your information to:

• Create and manage your account and authenticate your identity
• Provide the core features of M•barq, including cruise logging, stats, badges, and journal functionality
• Send transactional emails such as account confirmation, password resets, and important service notifications
• Generate aggregated, anonymized insights to improve the Service
• Respond to your support requests and communications
• Comply with legal obligations

We do not use your data for advertising, and we do not sell, rent, or trade your personal information to any third party.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for processing your personal data is:

• Contract performance: processing necessary to provide the Service you signed up for
• Legitimate interests: improving the Service, preventing fraud, and ensuring security
• Consent: where you have explicitly provided consent, such as for optional features
• Legal obligation: where required by law

4. Data Storage and Security

Your data is stored using Supabase, a managed PostgreSQL database platform. All data is protected by row-level security (RLS) policies, meaning your data is only accessible to you unless you have explicitly made it visible to others through your privacy settings.

Photos and uploaded images are stored in Supabase Storage with access controls enforced at the storage layer. We use HTTPS for all data transmission. While we implement industry-standard security measures, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell or share your personal data with third parties for their own marketing or commercial purposes. We may share your information only in the following limited circumstances:

• Service providers: trusted third-party vendors who assist in operating the Service (Supabase, Vercel, Resend, Google OAuth). These vendors are contractually obligated to handle your data only as directed by us and in accordance with applicable law.
• Legal requirements: if required by law, court order, or governmental authority, or to protect the rights, property, or safety of M•barq, our users, or the public.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will permanently delete your data from our active systems within 30 days. Some residual data may be retained in backups for up to 90 days before being purged. We may retain certain information longer if required by law or to resolve disputes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request that we correct inaccurate or incomplete data
• Deletion: request that we delete your personal data (right to be forgotten)
• Portability: request your data in a structured, machine-readable format
• Restriction: request that we restrict the processing of your data
• Objection: object to processing based on our legitimate interests
• Withdraw consent: where processing is based on your consent, withdraw it at any time

You can exercise most of these rights directly within the app through your Settings page. For requests that require additional action, please contact us at support@mbarq.app. We will respond within 30 days.

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

8. Cookies

M•barq uses cookies exclusively for authentication purposes. Session cookies are used to keep you securely signed in between visits. We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify you personally. You may configure your browser to block cookies, but doing so will prevent you from remaining signed in to the Service.

9. Children's Privacy

M•barq is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@mbarq.app and we will promptly delete the information.

10. International Data Transfers

M•barq operates primarily in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure that any such transfers are conducted in compliance with applicable data protection laws, including through the use of standard contractual clauses where required.

11. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. We encourage you to review this policy periodically. Your continued use of M•barq after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at: support@mbarq.app