Privacy Policy

OpenSail ("we", "our", "OpenSail") is operated from the United States. This policy explains what personal data we collect when you use opensail.io, why we collect it, how we handle it, and the rights you have over it. If you are a resident of the European Economic Area (EEA), the United Kingdom, California, or another jurisdiction with data-protection laws, additional rights may apply to you; those are called out below.

We collect the minimum data needed to run the service.

• Account data — email address, display name, and a bcrypt-hashed password. We do not store passwords in plaintext.
• Vessel data — hull type, rig type, length, beam, draft, displacement, sail area, and optional stability parameters that you enter to configure routing.
• Route data — origin, destination, waypoints, departure time, and the computed route segments, weather values, and comfort scores associated with each route you compute.
• Voyage data — if you choose to enable voyage tracking, we collect timestamped GPS positions you push via the tracking API or browser. You control whether a voyage is private or shared via a public link.
• Billing data — we use Stripe for payment processing. Stripe stores your card information directly; we only store a customer identifier, subscription status, and invoice metadata. We never see your card number, CVV, or bank details.
• Developer API data — if you create API keys, we store only a prefix and a hashed secret. The full secret is displayed to you once and is unrecoverable by us.
• Server logs — request paths, response status codes, IP addresses, user-agent strings, and error traces for diagnostic and abuse-prevention purposes. These are retained for 30 days and then deleted.
• Cookies — a single first-party cookie stores your session bearer token. We do not use third-party tracking or advertising cookies.

We do not collect data about your children; the service is not intended for users under 16. If you believe we have collected data from a minor, contact us and we will delete it.

• Contract — account, vessel, route, voyage, and billing data are processed because you asked us to provide the service. Without them we cannot route, render, or charge.
• Legitimate interest — server logs and rate-limit counters are processed to keep the service reliable, detect abuse, and protect other users. We do not profile you or sell inferences.
• Legal obligation — tax, payment, and fraud records retained as required by financial regulation.
• Consent — any marketing email, if you opt in. You can withdraw consent at any time from the account page.

We share the minimum data needed with these service providers, each contractually bound to handle it as a processor on our behalf.

• Stripe, Inc.(United States) — payment processing and subscription billing. Governed by Stripe's privacy policy.
• Sentry (United States) — application error reporting. We send anonymized stack traces and limited request metadata; we do not send route geometry or vessel names.
• Resend (United States) — transactional email for verification and password reset. We send your email address and display name only.
• Anthropic(United States) — the AI route explanation feature sends a brief summary of your route's weather profile (wind speeds, wave heights, mode) to Anthropic's Claude API. We do NOT send your email, password, name, or vessel-identifying information. You can disable AI explanations in account settings.
• DigitalOcean (United States) — infrastructure hosting. Your data resides on servers operated by DigitalOcean under their security and privacy commitments.

We do not sell your personal data. We do not share it with advertising networks or data brokers.

Our servers are located in the United States. If you access OpenSail from the EEA or the UK, your personal data will be transferred to and processed in the United States. Transfers rely on Standard Contractual Clauses (SCCs) with each U.S. sub-processor and, where available, supplementary technical measures (encryption in transit and at rest).

• Account, vessel, route, and voyage data: for the life of the account, then deleted within 30 days of account deletion.
• Billing records: 7 years, as required by financial regulation.
• Server logs: 30 days.
• Voyage position snapshots shared via public link: retained while the voyage is public; deleted when you make it private.
• Backups: incremental backups are retained for up to 14 days; monthly full backups up to 12 months.

You have the following rights regardless of jurisdiction:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data from your account page.
• Erasure — delete your account and all associated data (below).
• Portability — receive your data in a machine-readable JSON format.
• Restriction — ask us to pause processing while a complaint is resolved.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — at any time, for processing that relies on consent.

You can exercise access and portability rights yourself by calling GET /v1/account/data-export while authenticated, or by using the Download My Data button on the account page. You can exercise erasure by using the Delete My Account button on the account page or by calling DELETE /v1/account.

If you are in the EEA or UK, you also have the right to lodge a complaint with your national data-protection supervisory authority. We would rather resolve concerns directly — please contact us first.

• All client traffic is served over HTTPS with TLS 1.2 or higher.
• Passwords are hashed with bcrypt and a per-user salt; the plaintext never touches our database.
• API tokens are short-lived (30-minute access tokens, 30-day refresh).
• Developer API keys are stored as hashes; the raw secret is shown once and is unrecoverable.
• We perform automated nightly database backups to a separate region, encrypted at rest.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you without undue delay and in any event within 72 hours of becoming aware, as required by GDPR.

We will update this policy from time to time. The effective date above will reflect the most recent change. Material changes will be announced by email to account holders at least 14 days before they take effect.

Privacy questions or requests: privacy@opensail.io. For security issues, please see our security contact.