Privacy Policy

Last updated: 2026-05-12

This Privacy Policy explains what personal data Sailing Router (operated by Nitrox Consulting) collects when you use sailingrouter.tech, why we collect it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR). If anything here is unclear, write to privacy@nitroxconsulting.com.

1. Data Controller

Nitrox Consulting ("we", "us") is the data controller for personal data processed via sailingrouter.tech. Contact: privacy@nitroxconsulting.com.

2. What We Collect

We collect the minimum data needed to run the routing service:

Account data: email address; display name (from your OAuth provider, if you sign in via Google or Microsoft); your OAuth provider identifier; password hash (only for email/password signups, never the plaintext password).
Service usage data: the routes you compute (start, end, boat model, waypoints, departure time, comfort preferences, resulting path), credits ledger entries, harbours you submit, and routes you share. Retained while your account exists.
Technical data: server-side request logs (timestamp, IP address, user-agent, response status) retained for 30 days for abuse prevention; error reports sent to Sentry (no Authorization headers, no cookies — see §5).
Browser storage: a JSON Web Token (JWT) stored in localStorage after sign-in so you stay logged in across visits; a small lang cookie remembering your locale; Google Analytics 4 cookies (see §5).

3. Why We Collect It

We use your data for the following purposes only:

Provide the service: authenticate you, compute and store your routes, deduct credits, send route results.
Credits and refunds: track per-user credits, auto-refund failed routes, and (in the future) process subscriptions via Stripe — Stripe handles payment-card data directly and we never see card numbers.
Security and abuse prevention: rate-limit endpoints, detect duplicate signups, investigate fraud.
Service communications: send email-verification messages, password-reset links, and route results. We do not send marketing emails.

4. Legal Basis (GDPR Article 6)

We rely on contract performance (Art. 6(1)(b)) for account creation, route computation, and credit deduction — without processing these, we cannot deliver the service. We rely on legitimate interests (Art. 6(1)(f)) for security logging and error tracking, balanced against your rights. We rely on consent (Art. 6(1)(a)) for Google Analytics — see §5; you can decline by blocking analytics cookies in your browser.

5. Third-Party Processors

We share data with the following sub-processors, each acting on our behalf under a data-processing agreement (DPA) or equivalent contractual safeguards:

Google (OAuth): if you sign in with Google, we receive your email, name, and OAuth subject ID from Google's userinfo endpoint. Google Privacy Policy.
Microsoft (OAuth): same as Google when you sign in with Microsoft. Microsoft Privacy Statement.
Resend (transactional email): sends our verification and password-reset emails. US-based; relies on EU Standard Contractual Clauses. Resend Privacy Policy.
Sentry (error tracking): receives error reports with sendDefaultPii disabled, so no Authorization headers, no IP addresses, and no cookies are forwarded. US-based; relies on EU Standard Contractual Clauses. Sentry Privacy Policy.
Google Cloud (hosting): our compute and web services run on Google Cloud Run in the europe-west1 region (Belgium). Logs are stored in Cloud Logging in the same region. Google Cloud DPA.
AWS Lightsail (database): our PostgreSQL database runs on AWS Lightsail in eu-west-3 (Paris). AWS Privacy Notice.
OpenStreetMap / Nominatim (geocoding): when you type a harbour name, we forward the query to OSM's public Nominatim service to resolve it to coordinates. The query string and your IP reach OSM. OSM Foundation Privacy Policy.
Google Analytics 4: we use GA4 to understand which features are used. GA4 sets cookies and records page views; we have IP anonymization enabled at the GA4 property level. You can block this with any standard cookie blocker or by setting Do Not Track.

6. International Data Transfers

Some sub-processors are based outside the European Economic Area (EEA), primarily in the United States (Resend, Sentry, parts of Google Analytics infrastructure). Transfers rely on the European Commission's Standard Contractual Clauses (SCCs) or, where applicable, the EU-U.S. Data Privacy Framework. Our primary hosting (Google Cloud Run and AWS Lightsail) is inside the EEA.

7. Your Rights

Under GDPR, you have the right to:

Access: receive a copy of the personal data we hold about you.
Rectification: correct any inaccurate data (e.g. via your account settings, or by emailing us).
Erasure: request deletion of your account and all associated route history. Anonymised aggregate statistics may be retained.
Portability: receive your routes in a structured machine-readable format (we already export GPX, KML, and YAML on demand).
Restriction: ask us to suspend processing while a dispute is resolved.
Objection: object to processing based on legitimate interests (e.g. opt out of error tracking).
Complaint: lodge a complaint with the CNIL (France) or your local supervisory authority.

To exercise any of these rights, email privacy@nitroxconsulting.com. We aim to respond within 30 days.

8. Retention

Account data and route history are retained for as long as your account exists. If you delete your account, all personal data is purged within 30 days, except where we are required by law to retain it (e.g. invoicing records for tax purposes — currently none, as the service is free-tier). Request logs are kept 30 days. Error reports in Sentry are retained 90 days.

9. Updates to This Policy

We may update this policy as the service evolves. The "Last updated" date at the top reflects the most recent change. Material changes affecting how we use your data will be announced by email to registered users.