Privacy Policy

Effective May 4, 2026

This Privacy Policy explains what information Boat Guru (“we”, “us”) — operated by Samuel Henderson, a sole proprietor in Virginia — collects when you use the Service, and what we do with it.

1. Information we collect

You give us

• Account information: email address and a hashed password.
• Chat content: the messages you send and the AI responses, including any photos you upload for diagnosis.
• Boat profiles (Plus/Pro): hull and engine specifications you choose to save (manufacturer, model, year, HP, HIN, notes).
• Mechanic handoff reports: generated summaries that may include symptoms, context, tests, readings, likely causes, parts considered, citations, safety notes, and share links.
• Payment information: handled by Stripe. We never see or store your full credit card number — Stripe gives us only a customer ID and last-4 / expiry for display purposes.

We collect automatically

• Usage: message counts, model selections, feature usage, error logs.
• Marketing attribution: UTM campaign parameters, landing page path, referrer, and conversion events such as signup, recall-alert subscription, checkout started, and paid subscription.
• Technical: IP address, browser, device type, approximate geolocation derived from IP (used for rate-limiting and abuse prevention).
• Cookies and local storage: a session cookie for authentication, a short campaign-attribution cookie when you arrive from a tracked link, plus minimal local storage for UI preferences (theme, input draft).

2. How we use your information

• To provide, maintain, and improve the Service.
• To generate AI responses by sending your messages (and your saved boat profile, if any) to our AI model providers.
• To process payments and manage your subscription.
• To send transactional email (receipts, payment failures).
• To enforce our Terms, detect abuse, prevent fraud, and meet legal obligations.
• To measure whether marketing campaigns lead to signups, recall-alert subscriptions, checkouts, paid subscriptions, Pro gate attempts, and handoff report usage. Where configured, we may send hashed email addresses and non-sensitive conversion metadata to advertising platforms for conversion measurement.
• With your separate consent: to send occasional product updates. You can unsubscribe at any time.

We do not sell your personal information. We do not use your chat content to train third-party AI models.

3. Shared diagnostic links and mechanic handoffs

Shared diagnostic links are designed as public read-only summaries, not raw chat exports. By default:

• Shared diagnostic links should be treated as public read-only summaries.
• Public shared links strip account details, contact details, precise location, HIN, registration or documentation numbers, trailer VIN or plate, full engine serial numbers, raw transcripts, raw images, attachments, EXIF, support notes, billing details, and unrelated personal text by default.
• Mechanic handoff reports may include contact details, exact location, full serial numbers, or identifying photos only after an explicit user action for that specific handoff.

Mechanic handoff reports may include private details only when you explicitly choose to include them for that handoff. Public shared links never include full engine serial numbers by default.

4. Service providers we share data with

Operating the Service requires sharing limited information with infrastructure providers who act as our processors:

• Vercel — application hosting, AI Gateway routing.
• Anthropic— large language model provider (Claude). Your messages and any photos are sent to Anthropic to generate responses. Anthropic's API does not train its models on submitted content.
• Neon — managed PostgreSQL database (account, chat history, boat profiles, handoff reports).
• Vercel Blob — file storage for photos you upload.
• Upstash — Redis cache used for resumable streams.
• Stripe — payments and customer billing portal.
• Google Analytics / Google Ads — analytics, advertising tags, and enhanced conversion measurement when enabled.
• Meta — advertising pixel and Conversions API measurement when enabled.
• Reddit Ads — advertising pixel measurement when enabled.

We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of users or the public.

5. International transfers

We are based in the United States, and the providers listed above primarily process data in the United States. If you access the Service from outside the U.S., you consent to your information being transferred to and processed in the U.S.

6. Data retention

• Account data: retained while your account is active and for up to 90 days after deletion to allow account recovery and to satisfy legal obligations.
• Chat history: retained per your plan (Free: 30 days visible in-app; Plus/Pro: retained until you delete it or request account deletion). You can delete individual chats or all chats from the sidebar.
• Mechanic handoff reports: retained until you delete the source chat, delete your account, or request deletion. Share links expose only the curated report artifact, not the raw chat transcript or billing data.
• Uploaded chat photos: deleted when associated chats are deleted (best-effort cleanup), and handled by the same retention policy as chat history.
• Billing records: retained as required by tax and accounting law (typically up to seven years).
• Logs and aggregated usage: retained up to 12 months for security and product improvement.

7. Your rights

You can:

• Access the chat content and boat profiles tied to your account.
• Delete chats individually or all at once.
• Delete your account and request deletion of the data associated with it at /account/delete, or email support@boatguru.ai if you cannot sign in. We will action verified requests within 30 days.
• Export a copy of your account data on request (same email above).
• Manage or cancel your subscription through the customer portal.

California residents have specific rights under the CCPA, and EU/UK residents have rights under GDPR/UK GDPR (including access, rectification, erasure, portability, objection, and the right to lodge a complaint with your supervisory authority). Contact us to exercise these rights.

8. Security

We use industry-standard measures to protect your information, including encryption in transit (HTTPS), encrypted database storage, and limited employee access. No system is perfectly secure; you use the Service at your own risk.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy with a new effective date and, for material changes, notify you by email or in-product notice.

11. Contact

Questions or requests? Email support@boatguru.ai.

See also our Terms of Service and Disclaimer.