MooringMate — Privacy Policy

1. Definitions

For the purposes of this document:

1.1 “MooringMate”, “we”, “us”, or “our” means the operator of the MooringMate platform, including its subsidiaries and affiliates.

1.2 “Platform” means the MooringMate website, mobile applications, APIs, and all related digital services through which we connect Sailors with Providers and support the Ambassador Program.

1.3 “Services” means the digital intermediation, payment collection, listing, and communication services provided through the Platform.

1.4 “User” means any natural or legal person who has registered and holds an account on the Platform, in any of the roles defined below.

1.5 “Sailor” means a User who uses the Platform to discover, book, and pay for mooring services at Buoys listed by Providers.

1.6 “Provider” means a User who lists one or more Buoys on the Platform and offers mooring services to Sailors in exchange for compensation.

1.7 “Ambassador” means a Sailor enrolled in our Referral Program who refers Providers to the Platform and earns commissions on eligible bookings.

1.8 “Buoy” means a mooring point (typically a buoy, berth, or similar fixed facility) listed by a Provider on the Platform.

1.9 “Booking” means a reservation created by a Sailor for the use of a specific Buoy over defined dates.

1.10 “Booking Amount” means the total amount payable by the Sailor for a Booking, inclusive of platform commission and applicable taxes, in minor currency units (cents).

1.11 “Commission” means the percentage-based fee retained by MooringMate from each Booking Amount, or paid to an Ambassador under the Referral Program, as applicable.

1.12 “Payout” means the disbursement of funds due to a Provider or Ambassador following completion of Bookings and, where applicable, clearance of commissions and refunds.

1.13 “Personal Data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection law (including the EU General Data Protection Regulation).

1.14 “Applicable Law” means all laws, regulations, and rules applicable to the relevant User, the Platform, or the Services, including data protection, consumer protection, tax, maritime, and anti-money-laundering legislation.

2. Acceptance

By creating an account on the Platform, you represent that you have read, understood, and agreed to be bound by this document in its entirety, as it applies to your User role. If you do not agree, you must not access or use the Platform.

3. Eligibility

You may only register and use the Platform if:

• you are at least 18 years of age and have full legal capacity;
• you are not prohibited from using the Platform under Applicable Law;
• the information you provide during registration is accurate, complete, and kept current; and
• you comply, at all times, with the obligations applicable to your User role.

4. Account Security

You are solely responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify MooringMate promptly of any suspected unauthorized access or security breach. We will not be liable for any loss or damage arising from your failure to safeguard your credentials.

5. Modifications

MooringMate may amend this document from time to time. Material changes will be communicated by email or through the Platform at least thirty (30) days before they take effect. Your continued use of the Platform after the effective date of any amendment constitutes acceptance of the amended terms. If you do not accept an amendment, you must cease use of the Platform and may close your account.

6. Governing Law and Jurisdiction

This document is governed by the laws of the jurisdiction in which MooringMate is incorporated, without regard to its conflict-of-laws rules. Any dispute shall be resolved first through good-faith negotiation and, failing resolution within thirty (30) days, before the competent courts of that jurisdiction, save where mandatory consumer protection law confers an alternative forum on you.

7. Contact

Questions, complaints, data protection requests, and legal notices should be addressed to:

Email: info@mooringmate.com

Website: https://mooringmate.com

8. Data Controller

MooringMate is the data controller in respect of Personal Data processed through the Platform. Where we act as a data processor on behalf of Users (for example, in relation to messaging between Sailors and Providers), we will do so in accordance with Applicable Law.

9. Data We Collect

9.1 Data You Provide Directly

• Identity and contact data: name, email address, phone number, country, postal address, preferred language;
• Authentication data: hashed password, third-party sign-in identifiers (Google, Apple, Facebook), email verification status;
• Profile data: avatar image, display name, preferred currency, preferred units (metric/imperial);
• Role-specific data: as described in Section 12.

9.2 Data Generated Through Use

• Transaction data: Bookings, payments, Payouts, refunds, cancellations, receipts, and related timestamps;
• Communication data: in-app messages, notifications, review content, and support correspondence;
• Content you submit: photos, videos, reviews, reports, and other material uploaded to the Platform (stored on Amazon Web Services S3).

9.3 Data Collected Automatically

• Device and log data: IP address, browser type, operating system, session identifiers, referring URL;
• Usage data: pages viewed, searches, filter selections, map interactions;
• Diagnostic data: error reports and performance metrics (via Sentry, with sensitive headers redacted);
• Cookies and similar technologies: as described in our cookie notice and governed through Cookiebot consent management.

10. Purposes and Legal Bases

We process Personal Data for the following purposes and on the following legal bases (Article 6 GDPR where applicable):

• Performance of a contract: to register your account, operate the Platform, process Bookings and payments, execute Payouts, and provide Services you request;
• Legitimate interests: to prevent fraud and abuse, secure the Platform, improve our Services, and conduct analytics;
• Legal obligation: to comply with tax, accounting, anti-money-laundering, and other regulatory obligations, and to respond to lawful requests by public authorities;
• Consent: for optional communications, cookies, and processing activities for which consent is the appropriate basis (withdrawable at any time).

11. Data Sharing and Recipients

11.1 Between Users. To enable the Services, limited Personal Data is shared between Users: for example, a Provider receives the Sailor's name, contact details, and vessel information necessary to fulfill a Booking; a Sailor sees the Provider's business name and public contact.

11.2 Service Providers (Processors). We share Personal Data with third-party processors acting on our instructions under written data-processing terms:

• Payment processors: Stripe, Inc. and PayPal Holdings, Inc. (payment collection, Provider and Ambassador Payouts, identity verification);
• Infrastructure: Amazon Web Services (hosting, database, storage, secrets management);
• Communications: SendGrid (transactional email);
• Monitoring: Sentry (error and performance tracking);
• Maps and analytics: Google (Maps display, Analytics, OAuth);
• Consent management: Cookiebot;
• Referral attribution: Rewardful (for Ambassadors only);
• CRM, where enabled: HubSpot.

11.3 Legal and Regulatory Disclosure. We may disclose Personal Data where required by Applicable Law, legal process, or to protect the rights, property, or safety of MooringMate, our Users, or others.

11.4 Business Transfers. Personal Data may be transferred in connection with a merger, acquisition, reorganization, or sale of assets, subject to confidentiality and continuity of protection.

11.5 No Sale of Personal Data. We do not sell Personal Data.

12. Role-Specific Data Processing

12.1 Sailors

Additional data processed for Sailors:

• Vessel data for each registered boat: name, brand, model, boat type, dimensions (LOA, beam, draft, weight), hull material, registration number, IMO, MMSI, flag state, port of registry, radio call sign;
• Owner and skipper data: owner contact information, skipper name and phone, emergency contact, insurance carrier, policy number, insurance expiry;
• Vessel documents: registration and insurance certificates, stored on AWS S3;
• Payment methods: tokenized card references and PayPal vault identifiers (we never store raw card numbers or PayPal passwords);
• Booking content: check-in/check-out dates, vessel snapshot at time of booking, booking status history.

12.2 Providers

Additional data processed for Providers:

• Business and tax data: business name, business address, public contact email, tax identifiers, and any additional information required for tax reporting;
• Buoy listing data: name, description, GPS coordinates, vessel acceptance limits, pricing model and rates, seasonal pricing, discounts, cancellation terms, amenities, photos;
• Payment account data: Stripe Connect account identifiers, PayPal merchant identifiers, verification status, capabilities, and payout history;
• Team data: invited team member names, email addresses, and assigned permissions.

12.3 Ambassadors

Additional data processed for Ambassadors:

• Program data: ambassador status, enrollment dates, agreed commission rate, referral identifier (Rewardful);
• Payout account data: Stripe Connect Express (EU/UK) or PayPal (other regions) account details and verification status;
• Referral and earnings data: referred Providers, their bookings, monthly earnings aggregates, payout status, transfer identifiers.

13. International Transfers

Where Personal Data is transferred outside the European Economic Area, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) to ensure a level of protection equivalent to that required under GDPR.

14. Retention

We retain Personal Data only for as long as necessary to fulfill the purposes set out in this Privacy Policy, or as required under Applicable Law (including tax and accounting retention obligations). In particular:

• Active account data is retained for the duration of the account;
• Deleted account data is soft-deleted and retained for a reasonable period to satisfy legal, accounting, and dispute-resolution obligations;
• Financial records are retained as required by Applicable Law;
• Records associated with Stripe or PayPal accounts may be subject to the retention requirements of those processors.

15. Security

We implement appropriate technical and organizational measures to protect Personal Data, including encryption in transit (TLS), hashed password storage (bcrypt), role-based access control, input validation, parameterized database queries, and credential management through AWS Secrets Manager. No system is perfectly secure; you must also take reasonable steps to protect your account.

16. Your Rights

Subject to the conditions set out in Applicable Law, you have the following rights:

• Access — to obtain a copy of Personal Data we hold about you;
• Rectification — to correct inaccurate or incomplete data;
• Erasure — to request deletion of Personal Data, subject to retention obligations;
• Restriction and Objection — to limit or object to certain processing;
• Portability — to receive Personal Data in a structured, machine-readable format;
• Withdraw Consent — where processing is based on consent;
• Lodge a Complaint — with your competent data protection authority.

To exercise these rights, contact info@mooringmate.com. We will respond within the timeframes required by Applicable Law (typically thirty (30) days).

17. Children

The Platform is not directed to, and may not be used by, persons under the age of 18. We do not knowingly collect Personal Data from minors.

Last Updated: April 22, 2026

Contact: info@mooringmate.com