YachtMaster ("we", "us", "our") is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish law.
1. Data Controller
Huldin Group AB
Org. nr: 559341-0672
Brantvägen 3, 133 42 Saltsjöbaden, Sweden
contact@yachtmaster.cloud
2. What Data We Collect and Why
2.1 Account Data
When you register, we collect your name, email address, and password (stored as a secure hash). This is necessary to provide the Service and fulfil our contract with you (legal basis: Article 6(1)(b) GDPR — contractual necessity).
2.2 Vessel and Service Data
We collect information you enter about your vessel (name, type, registration number) and any service requests you create or manage. This data is necessary to provide the core functionality of the Service (legal basis: Article 6(1)(b) GDPR).
2.3 Communications
We store messages, offers, and service request correspondence exchanged through the platform to enable the Service and maintain a record of agreements (legal basis: Article 6(1)(b) GDPR).
2.4 Technical Data
We collect IP addresses, session tokens, browser type, and usage logs for security, fraud prevention, and service improvement (legal basis: Article 6(1)(f) GDPR — legitimate interest).
2.5 Payment Data
Payment processing is handled by a third-party payment provider. We store only billing status and transaction references — not full card details.
2.6 Email Delivery
We send transactional emails (account verification, service notifications, magic links). These are necessary to operate the Service (legal basis: Article 6(1)(b) GDPR).
2.7 Data API
For the Data API, we process your account email to provide the service (legal basis: Article 6(1)(b) GDPR). Stripe acts as a separate controller for payment processing, which may involve transfers outside the EU/EEA under appropriate safeguards (see Section 5). The taxonomy data made available through the API (makes, models, engines, and related records) is not personal data.
3. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Account data | Until account deletion + 30 days |
| Service records | 7 years (Swedish accounting law) |
| Session tokens | Deleted on logout or expiry |
| Magic links & reset tokens | Deleted after use or 24 hours |
| Email logs | 90 days |
| Technical/access logs | 90 days |
4. Who We Share Data With
We do not sell your data. We may share data with:
- Email service providers — to send transactional emails on our behalf
- Hosting and infrastructure providers — to operate the Service
- Payment processors — to handle billing
- Law enforcement or authorities — if required by Swedish or EU law
All processors are bound by data processing agreements and required to maintain appropriate security measures.
5. International Transfers
Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs).
6. Cookies and Tracking
We use strictly necessary cookies only (session management and security tokens). We do not use advertising or analytics cookies. No consent banner is required for strictly necessary cookies under Swedish law (LEK).
If we add analytics in the future, we will update this policy and request consent where required.
7. Your Rights Under GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — request that we limit processing of your data
- Data portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent
To exercise any of these rights, contact us at contact@yachtmaster.cloud. We will respond within 30 days.
8. Right to Lodge a Complaint
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Swedish supervisory authority:
IMY – Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm
imy.se
+46 8 657 61 00
9. Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encrypted passwords (Argon2)
- Secure session management with short-lived tokens
- HTTPS for all data in transit
- Access controls limiting who can access personal data
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last updated" date at the top will always reflect the current version.
