Privacy Policy

We collect the following categories of personal data:

• Account data: name, email address, password (hashed), phone number, profile photo.
• Booking data: trip details, number of passengers, payment confirmation references, booking history.
• Provider data: boat details, bank account details (via Stripe Connect), licence numbers.
• Usage data: IP address, browser type, pages visited, time on site, referring URLs (collected via cookies and server logs).
• Communications: messages sent through the platform, support requests, reviews.

We use your personal data for the following purposes:

• To create and manage your account.
• To process bookings and facilitate payments via Stripe.
• To communicate with you about bookings, account activity, and platform updates.
• To verify skippers and providers.
• To improve our services through analytics.
• To comply with legal obligations (tax, anti-money-laundering).
• To send marketing emails — only with your explicit consent, which you may withdraw at any time.

The legal basis for processing is: contract performance (bookings), legitimate interest (platform security, fraud prevention), legal obligation, and consent (marketing).

We share your data only in the following circumstances:

• Skippers / providers: Your name and booking details are shared with the skipper of your booked trip.
• Stripe: Payment data is processed by Stripe Inc. Stripe is PCI DSS compliant. We do not store card numbers.
• Service providers: We use trusted third-party services for email delivery, analytics, and cloud hosting. All processors are bound by GDPR-compliant Data Processing Agreements.
• Legal requirements: We may disclose data when required by law, court order, or regulatory authority.

We do not sell your personal data.

We use the following categories of cookies:

• Essential cookies: Required for the platform to function (authentication session, CSRF protection). These cannot be disabled.
• Analytics cookies: We use anonymous analytics to understand how visitors use our site. You may opt out via our cookie banner.
• Marketing cookies: Used only if you have given explicit consent. You may withdraw consent at any time through your account settings.

You can manage cookie preferences through your browser settings or our cookie consent tool.

We retain your data for as long as necessary to provide our services and comply with legal obligations:

• Account data: retained while your account is active and for 3 years after deletion (for legal/dispute purposes).
• Booking records: 10 years (Greek tax law requirement).
• Support correspondence: 2 years.

As a data subject in the EU/EEA, you have the following rights:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request correction of inaccurate data.
• Right to erasure: You can request deletion of your data, subject to legal retention obligations.
• Right to restriction: You can request that we limit processing of your data.
• Right to portability: You can receive your data in a machine-readable format.
• Right to object: You can object to processing based on legitimate interest.
• Right to withdraw consent: Where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, contact our Data Protection Officer (see below). We will respond within 30 days.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr.

We implement appropriate technical and organisational measures to protect your personal data, including TLS encryption for all data in transit, encrypted storage, access controls, and regular security reviews.

Some of our service providers (such as Stripe and cloud hosting) may process data outside the EU. In such cases, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

For any privacy-related requests or concerns, contact our Data Protection Officer:

• Email: privacy@saltwave.gr
• Post: TalosNexa LLC, Attn: DPO, Kifisias 44, 151 25 Maroussi, Athens, Greece