Privacy Policy

Data Controller

The data controller responsible for your personal information is:

1. Information We Collect

We collect the following types of personal information in accordance with the principle of data minimization:

1.1 Information You Provide

• Account information (email address, name, password)
• Profile preferences (favorite cruises, price alert settings)
• Communication data (support inquiries, feedback)
• Payment information (processed by third-party payment processors)
• Newsletter subscription preferences

1.2 Automatically Collected Information

• Device information (browser type, operating system, device identifiers)
• Usage data (pages visited, features used, search queries)
• IP address and location data (country/region level)
• Cookies and similar tracking technologies (see Cookie Policy below)
• Cruise viewing history and saved favorites

2. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6.1.b): To provide our services, manage your account, and send price alerts
• Consent (Art. 6.1.a): For marketing communications, analytics cookies, and optional features
• Legitimate Interests (Art. 6.1.f): To improve our services, prevent fraud, and ensure security
• Legal Obligation (Art. 6.1.c): To comply with applicable laws and regulations

3. How We Use Your Information

We use your personal information for the following purposes:

• Provide and maintain our cruise tracking and price alert services
• Send you price drop notifications and alerts based on your preferences
• Manage your account and subscription
• Process payments and prevent fraud
• Improve our services, features, and user experience
• Analyze usage patterns, trends, and service performance
• Send important service updates and communications
• Provide customer support and respond to inquiries
• Comply with legal obligations and enforce our terms
• Send marketing communications (with your consent)

4. Third-Party Service Providers

We work with trusted third-party service providers who process personal data on our behalf. We do not sell or rent your personal information. Third parties we work with include:

• Supabase: Database hosting and user authentication
• Vercel: Website hosting and content delivery
• Google Analytics: Website analytics and usage tracking
• Facebook Pixel: Marketing analytics and advertising
• Email service providers: For sending notifications and alerts
• Payment processors: For subscription payments (if applicable)
• Apify: Web scraping and data collection services

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection levels
• Service providers certified under recognized privacy frameworks

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience and analyze site usage.

6.1 Types of Cookies

• Essential Cookies: Required for the website to function (authentication, security)
• Analytics Cookies: Help us understand how visitors use our site (Google Analytics)
• Marketing Cookies: Track visitors across websites for advertising purposes (Facebook Pixel)
• Preference Cookies: Remember your settings and preferences

6.2 Managing Cookies

You can control cookies through:

• Our cookie consent banner (appears on first visit)
• Your browser settings (most browsers allow you to block cookies)
• Third-party opt-out tools (Google Analytics opt-out, Facebook ad preferences)

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active, plus 30 days after deletion
• Price Alerts & Favorites: Retained while your account is active
• Usage & Analytics Data: Retained for up to 26 months
• Support Communications: Retained for 3 years for customer service purposes
• Financial Records: Retained for 7 years to comply with tax and accounting regulations
• Marketing Consent Records: Retained for 3 years after consent withdrawal

After the retention period expires, we securely delete or anonymize your personal data.

8. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: All data transmitted using SSL/TLS encryption (HTTPS)
• Access Controls: Strict role-based access to personal data
• Authentication: Secure password hashing and multi-factor authentication options
• Regular Audits: Periodic security assessments and vulnerability testing
• Data Breach Procedures: Incident response plan to notify affected users within 72 hours
• Staff Training: Regular privacy and security training for all personnel

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our safeguards.

9. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

10. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as soon as possible.

11. Marketing Communications

With your consent, we may send you marketing communications about:

• New features and service updates
• Special offers and promotions
• Cruise deals and price drops
• Newsletter and industry insights

How to Opt-Out: You can unsubscribe from marketing emails at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at support@track.cruises

Important Service Communications: Please note that even if you opt-out of marketing emails, we will still send you essential service communications (account notifications, price alerts you've requested, security updates, changes to terms or privacy policy) as these are necessary for the operation of your account.

12. Third-Party Links and Services

Our website contains links to third-party websites, including cruise line booking sites. When you click on these links and leave our website, you are subject to the privacy policies of those third-party sites.

Important: We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any website you visit before providing personal information.

Specifically, when booking a cruise through links on our site, you will be redirected to the cruise line's website, which has its own privacy policy and data collection practices.

13. Business Transfers

If Track.Cruises is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information.

14. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority.

We encourage you to contact us first so we can address your concerns directly.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

• We will post the updated policy on this page with a new "Last Updated" date
• For significant changes, we will notify you via email or a prominent notice on our website
• We may also notify you through in-app notifications

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We typically respond to inquiries within 2-3 business days. For data subject requests (access, deletion, etc.), we will respond within 30 days as required by GDPR.