Skipperly Privacy Policy

Effective Date: June 11, 2026

Skipperly, Inc. (“Skipperly,” “we,” “us,” or “our”) cares about your privacy. This Privacy Policy explains what information we collect when you use skipperly.io and the Skipperly mobile and web applications (collectively, the “Platform”), how we use it, who we share it with, and the choices you have. By using the Platform, you agree to the practices described here.

This Policy is incorporated by reference into our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, phone number, password, and (for Captains) your role and vessel details.
• Profile and outing information: photos, bio, vessel name, home marina, outing details (date, location, meeting point), invitee lists, RSVPs, meal preferences, and life-jacket sizing.
• Waiver information: the contents of any Digital Waiver you sign, your electronic signature, and the timestamp of signing.
• Payment information: when you tip a Captain or pay for a subscription, payment details are collected and processed directly by Stripe. We receive limited metadata (amount, last four digits, payout status), not full card numbers.
• Communications: messages you send through the Platform and any support requests you send to us.

1.2 Information Collected Automatically

• Device and usage data: IP address, browser type, operating system, device identifiers, referring/exit pages, pages viewed, and timestamps.
• Cookies and similar technologies: we use cookies and local storage to keep you signed in, remember preferences, and measure how the Platform is used.
• Approximate location: derived from IP address, and (with your permission) precise location from your device for features like marine forecasts at your outing location.

1.3 Information from Third Parties

• Sign-in providers: if you sign in with Google or another provider, we receive basic profile information (name, email, avatar) from that provider.
• Weather and marine data providers: we receive forecast data tied to the location of an outing, but do not send them your personal information.
• Payments: Stripe shares transaction status and payout information with us so we can show you accurate records.

1.4 Sensitive Personal Information

Some information we collect may be considered “sensitive personal information” under U.S. state privacy laws, including: account credentials (username and password), precise geolocation (only when you grant device permission), and contents of communications you send through the Platform. We use sensitive personal information only to provide the Platform and its core features, to secure your account, and to comply with law. We do not use it to infer characteristics about you, and we do not sell or share it for cross-context behavioral advertising.

1.5 CCPA Categories of Personal Information

In the twelve months preceding the Effective Date, we collect the following CPRA-defined categories: identifiers (e.g., name, email, phone, account ID, IP address); customer records (e.g., contact and billing info); commercial information (subscriptions, tips); internet or network activity (usage and device data); geolocation (approximate, and precise with permission); audio/visual information (profile and trip photos you upload); professional or vessel information (Captain role, vessel details); sensitive personal information (as described in Section 1.4); and inferences drawn from the above (such as content preferences).

2. Legal Bases for Processing (EEA/UK Users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:

• Contract: to create your account, operate the Platform, and provide the features you request.
• Legitimate interests: to secure the Platform, prevent fraud and abuse, analyze usage in aggregate, and improve our service, where these interests are not overridden by your rights.
• Consent: for optional features such as precise device location, marketing communications, and non-essential cookies. You may withdraw consent at any time.
• Legal obligation: to comply with tax, anti-fraud, and other legal requirements.

3. How We Use Information

• Provide, operate, and maintain the Platform and its features.
• Create and manage your account and authenticate you.
• Send invitations, RSVPs, reminders, and other operational messages by email or SMS.
• Process tips, subscriptions, and payouts through Stripe.
• Deliver, store, and produce records of Digital Waivers.
• Personalize features such as life-jacket matching, checklists, and trip weather.
• Provide customer support and respond to your requests.
• Detect, prevent, and address fraud, abuse, security, and technical issues.
• Improve and develop new features (we use aggregated, de-identified data where possible).
• Comply with legal obligations and enforce our Terms of Service.
• With your consent, send product announcements and marketing communications.

No AI model training on user content. We do not use your personal information, messages, or uploaded content to train third-party generative AI models, and we do not sell your content to AI providers.

4. How We Share Information

We do not sell your personal information and do not share it for cross-context behavioral advertising. We share it only in the limited ways described below.

4.1 Between Captains and Guests

To organize an outing, certain information is shared between the Captain and their invited Guests. Captains receive Guest names, contact information, RSVP status, life-jacket sizing, dietary preferences, and waiver signatures for outings they host. Guests receive Captain and outing details. Captains agree (in the Terms of Service) to use Guest information only to organize and conduct the outing.

4.2 Service Providers

We share information with vendors that operate the Platform on our behalf, including:

• Hosting and database: our cloud infrastructure provider stores your account data and outing records.
• Payments: Stripe processes payments and payouts. Because card data is captured directly by Stripe, our systems are out of PCI-DSS cardholder data scope.
• Email and SMS delivery: providers that send invitations, reminders, and account emails.
• Analytics and error monitoring: tools that help us understand how the Platform is used and diagnose issues.
• Customer support: tools we use to respond to your messages.

These providers may only use your information to perform services for us.

4.3 Insurance Partners

If you request a quote or purchase an insurance product through the Platform, we share the information required to fulfill that request with the applicable Insurance Partner. Their use of your information is governed by their own privacy policies.

4.4 Legal and Safety

We may disclose information when we believe in good faith that disclosure is necessary to: comply with a law, regulation, subpoena, court order, or other legal process; protect the rights, property, or safety of Skipperly, our Users, or the public; investigate or prevent fraud, abuse, or security incidents; or enforce our Terms.

4.5 Business Transfers

If Skipperly is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

4.6 With Your Consent

We may share information for any other purpose disclosed to you with your consent.

5. Cookies and Tracking

We use the following categories of cookies and similar technologies:

• Strictly necessary: required to operate the Platform and keep you signed in. These cannot be disabled without breaking core functionality.
• Functional: remember preferences and settings such as time zone and unit display.
• Analytics: measure aggregate usage so we can improve the Platform.
• Advertising: we do not currently use advertising cookies and do not share personal information for cross-context behavioral advertising.

You can control non-essential cookies through your browser settings. We honor the Global Privacy Control (GPC) signal as a valid request to opt out of any “sale” or “sharing” of personal information under U.S. state laws. We do not separately respond to legacy “Do Not Track” signals.

6. SMS and Voice Communications (TCPA)

When a Captain invites a Guest by phone number, we send SMS messages on the Captain’s behalf for outing invitations, RSVP requests, and trip reminders. By providing your mobile number or accepting an invite, you consent to receive these transactional SMS messages from Skipperly at the number provided. Message frequency varies by outing activity. Message and data rates may apply. Reply STOP to any message to opt out, or HELP for help. Opting out of operational SMS may limit your ability to receive outing communications. We never share mobile numbers with third parties for their marketing purposes.

7. Data Retention

We keep your personal information for as long as your account is active and as needed to provide the Platform, comply with legal obligations, resolve disputes, and enforce agreements. Waiver records (including electronic signatures and timestamps, retained pursuant to the E-SIGN Act and UETA) and payment records may be retained for longer periods where required by law. When information is no longer needed, we delete or de-identify it.

8. Your Rights and Choices

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your information.
• Request a portable copy of certain information.
• Object to or restrict certain processing.
• Withdraw consent where we rely on consent.
• Opt out of marketing emails or SMS at any time using the unsubscribe link, replying STOP, or contacting us.

You can manage most of your information directly in your account settings. To exercise any of these rights, email privacy@skipperly.io. We may need to verify your identity before responding. You have the right to lodge a complaint with your local data protection authority (for example, your EU member-state supervisory authority or the UK Information Commissioner’s Office).

9. California Residents

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the rights described in Section 8, including:

• The right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
• The right to delete personal information we collected from you.
• The right to correct inaccurate personal information.
• The right to data portability.
• The right to limit the use and disclosure of sensitive personal information (described in Section 1.4) to purposes necessary to provide the Platform.
• The right to opt out of any “sale” or “sharing” of personal information. We do not sell or share.
• The right not to be discriminated or retaliated against for exercising these rights.

How to submit a request. Email privacy@skipperly.io with the request type and the email address tied to your account. We will respond within the timeframes required by law.

Authorized agents. You may designate an authorized agent to submit a request on your behalf. The agent must provide signed written permission from you (or a valid power of attorney), and we may require you to verify your identity directly with us before fulfilling the request.

Global Privacy Control. We treat a GPC signal from your browser as a valid request to opt out of any “sale” or “sharing.”

Notice of financial incentive / Shine the Light. We do not offer financial incentives in exchange for personal information and do not share personal information with third parties for their own direct-marketing purposes.

10. Other U.S. State Residents

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Florida, or another U.S. state with a comprehensive consumer privacy law, you have rights similar to those described in Section 9, which may include: the right to confirm processing and access your personal data; the right to correct inaccuracies; the right to delete; the right to a portable copy; the right to opt out of targeted advertising, sale, or certain profiling (we do not engage in these activities); and the right to limit processing of sensitive data.

Right to appeal. If we decline your privacy request, you may appeal our decision by replying to our response or emailing privacy@skipperly.io with the subject line “Privacy Appeal.” We will respond within the period required by your state’s law. If your appeal is denied, you may contact your state attorney general.

11. International Users and Data Transfers

Skipperly is operated from the United States, and your information is stored and processed in the United States and in other countries where our service providers operate. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in jurisdictions whose data protection laws may differ from those of your country.

Where we transfer personal information out of the EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable). You may request a copy of the safeguards in place by contacting privacy@skipperly.io.

12. Children

The Platform is not directed to children under sixteen (16), and we do not knowingly collect personal information from children under sixteen. Consistent with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under thirteen (13). Users between sixteen and eighteen must have parent or guardian consent as described in our Terms of Service. If you believe a child under sixteen has provided us with personal information, please contact privacy@skipperly.io and we will delete it.

13. Security and Breach Notification

We use reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, role-based access controls, and database row-level security. No system is ever 100% secure, and we cannot guarantee the absolute security of your information. Notify us immediately of any suspected unauthorized access to your account.

In the event of a personal data breach affecting your information, we will notify affected users and the appropriate regulatory authorities as required by applicable law (including U.S. state breach-notification statutes and Article 33/34 of the GDPR), without undue delay.

14. Automated Decision-Making and Profiling

We do not engage in solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning you. Features such as life-jacket matching and weather flags are informational aids that do not make legally significant decisions on your behalf.

15. Accessibility

If you need this Privacy Policy in an alternative accessible format, contact privacy@skipperly.io and we will provide a reasonable accommodation.

16. Third-Party Links and Services

The Platform may link to or integrate with third-party services (for example, Stripe, weather providers, or calendar apps). This Policy does not apply to those services. Review their privacy policies before providing information.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Platform and updating the “Effective Date” above, and, where required, by email. Your continued use of the Platform after the changes take effect constitutes your acceptance of the updated Policy.

18. Contact Us

Skipperly, Inc.
Email: privacy@skipperly.io
Website: https://skipperly.io

Last Updated: June 11, 2026