1. Privacy Policy

Legal

Privacy Policy

Last updated: March 3, 2026

YachtMaster ("we", "us", "our") is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish law.

1. Data Controller

Huldin Group AB
Org. nr: 559341-0672
Brantvägen 3, 133 42 Saltsjöbaden, Sweden
contact@yachtmaster.cloud

2. What Data We Collect and Why

2.1 Account Data

When you register, we collect your name, email address, and password (stored as a secure hash). This is necessary to provide the Service and fulfil our contract with you (legal basis: Article 6(1)(b) GDPR — contractual necessity).

2.2 Vessel and Service Data

We collect information you enter about your vessel (name, type, registration number) and any service requests you create or manage. This data is necessary to provide the core functionality of the Service (legal basis: Article 6(1)(b) GDPR).

2.3 Communications

We store messages, offers, and service request correspondence exchanged through the platform to enable the Service and maintain a record of agreements (legal basis: Article 6(1)(b) GDPR).

2.4 Technical Data

We collect IP addresses, session tokens, browser type, and usage logs for security, fraud prevention, and service improvement (legal basis: Article 6(1)(f) GDPR — legitimate interest).

2.5 Payment Data

Payment processing is handled by a third-party payment provider. We store only billing status and transaction references — not full card details.

2.6 Email Delivery

We send transactional emails (account verification, service notifications, magic links). These are necessary to operate the Service (legal basis: Article 6(1)(b) GDPR).

2.7 Data API

For the Data API, we process your account email to provide the service (legal basis: Article 6(1)(b) GDPR). Stripe acts as a separate controller for payment processing, which may involve transfers outside the EU/EEA under appropriate safeguards (see Section 5). The taxonomy data made available through the API (makes, models, engines, and related records) is not personal data.

3. How Long We Keep Your Data

Data typeRetention period
Account dataUntil account deletion + 30 days
Service records7 years (Swedish accounting law)
Session tokensDeleted on logout or expiry
Magic links & reset tokensDeleted after use or 24 hours
Email logs90 days
Technical/access logs90 days

4. Who We Share Data With

We do not sell your data. We may share data with:

  • Email service providers — to send transactional emails on our behalf
  • Hosting and infrastructure providers — to operate the Service
  • Payment processors — to handle billing
  • Law enforcement or authorities — if required by Swedish or EU law

All processors are bound by data processing agreements and required to maintain appropriate security measures.

5. International Transfers

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs).

6. Cookies and Tracking

We use strictly necessary cookies only (session management and security tokens). We do not use advertising or analytics cookies. No consent banner is required for strictly necessary cookies under Swedish law (LEK).

If we add analytics in the future, we will update this policy and request consent where required.

7. Your Rights Under GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — request that we limit processing of your data
  • Data portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at contact@yachtmaster.cloud. We will respond within 30 days.

8. Right to Lodge a Complaint

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Swedish supervisory authority:

IMY – Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm
imy.se
+46 8 657 61 00

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encrypted passwords (Argon2)
  • Secure session management with short-lived tokens
  • HTTPS for all data in transit
  • Access controls limiting who can access personal data

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last updated" date at the top will always reflect the current version.

11. Contact

contact@yachtmaster.cloud

enfisv