Privacy Policy
1. Controller
BayPilot (“Service”) is operated by the owner of the baypilot.app domain. For privacy inquiries, contact: support@baypilot.app.
2. Key points at a glance
- We process account data, OAuth login data, GPS location (if you enable that feature), and technical logs.
- We do this to enable login, app functionality, security, and map, weather, and route features.
- Data may be shared with login providers (Google/Facebook), map and weather providers, and hosting/infrastructure providers.
- We keep the account until deletion, logs for a reasonable technical period, and tokens or access links for short periods.
- You have the right to access, correct, and delete your data.
3. Data we process
BayPilot processes only the minimum amount of data necessary to operate the user account, authentication, maps, weather, route features, and service security.
- Account data: email and password (stored as a hash), optional first/last name and language preference.
- Device identifier (device_id) used for trial and anti-abuse limits.
- Technical data: IP address, request headers, error/security logs.
- App usage data required to provide features: route/planner/weather points and compute parameters sent to the API.
- Cookies: e.g. “lang” to remember language choice.
4. Purposes
- Provide the Service (maps, routes, planner, weather).
- Authentication, security and anti-abuse (trial, rate limits, CAPTCHA).
- Support, diagnostics and quality improvements.
4a. Legal bases for processing
We process personal data only when we have an appropriate legal basis. Depending on the situation, this may be:
- performance of a contract or taking steps prior to entering into a contract — for account operation, login, app functionality, and route planning, map, and weather features;
- our legitimate interest — for security, abuse prevention, error diagnostics, service stability, and development;
- the user’s consent — where required, for example for selected device features or specific technologies;
- a legal obligation — where the law requires us to retain or disclose specific data.
5. GPS location
BayPilot may use device location only when the user enables the map position feature or a navigation-related feature. Location is used to show the user’s current position, plan routes, calculate distance, ETA, and provide boating-related functionality.
BayPilot does not track the user’s location in the background when the app is not actively being used. BayPilot does not sell location data.
6. Sharing
We may share data with technical providers only as necessary to run the Service, for example:
- External login providers (Google/Facebook) — if you use OAuth sign-in.
- Cloudflare Turnstile — bot protection for registration.
- Map/geoservices and weather data providers (e.g. MapTiler/OSM, Open‑Meteo, Windy) — for requests performed by the app.
To the extent necessary for individual features to work, data may also be processed by providers of server infrastructure, security services, transactional email, error analysis, and other technical services used by BayPilot.
7. Technical data and third-party providers
BayPilot may process technical data such as IP address, device type, browser, operating system, server logs, and basic diagnostic information.
Some BayPilot features may rely on third-party service providers, such as map providers, weather forecast providers, login providers, or server infrastructure providers. Data shared with such providers is limited to what is necessary for the relevant feature to work.
7a. Cookies and local storage
BayPilot may use cookies and browser local storage (local storage / session storage) to remember user settings, maintain sessions, support security, ensure the correct operation of the interface, and limit abuse. These data are not used to sell information about the user.
7b. Data security
BayPilot applies appropriate technical and organizational measures to protect user data against unauthorized access, loss, destruction, disclosure, or unlawful modification.
The user’s connection with the Service is protected using SSL/TLS encryption where required by the function and technical configuration of the relevant service. We also implement measures for account security, data transmission, server infrastructure, and abuse prevention.
Despite using appropriate safeguards, no method of Internet transmission or electronic storage can guarantee complete security.
8. Retention
- Account: until deleted by the user or admin.
- Unverified accounts: automatically removed after up to 24h.
- Tokens (email verification, password reset, account deletion): expire after ~1h.
- Technical logs: retained as needed for security and diagnostics.
9. Account and data deletion
You may delete your account and related data in the app under Account → Security → Delete account or by contacting us at support@baypilot.app.
After account deletion, user data will be deleted or anonymized unless further retention is required by law or necessary to protect legitimate claims.
10. Your rights
You can access, correct, or delete your data. Delete your account in the app: /app → Account → Security → Delete account.
10a. Right to lodge a complaint
If you believe that the processing of your data violates data protection laws, you have the right to lodge a complaint with the competent supervisory authority, in particular in the country of your habitual residence, place of work, or the place of the alleged infringement.
10b. Transfers outside the EEA
Some service providers used by BayPilot may process data outside the European Economic Area. In such cases, we ensure that appropriate legal safeguards required by data protection laws are applied.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, in particular in the event of legal, technical, or organizational changes affecting the operation of BayPilot. The current version of the Privacy Policy is always available on the BayPilot website and may be read, saved, or printed by the user at any time.