Privacy Policy

BLOCKBEACH LABS LLC (d/b/a CHARTERFY) — PRIVACY POLICY Effective Date: May 25, 2026 ──────────────────────────────────────── 1. INTRODUCTION Blockbeach Labs LLC ("Charterfy," "Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the Charterfy platform, including our websites, web applications, APIs, and related services (collectively, the "Service"). This Policy applies to all users of the Service, including charter operators who subscribe to our software ("Operators") and individuals who make bookings through our Marketplace ("Consumers" or "Guests"). By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please discontinue use of the Service. ──────────────────────────────────────── 2. INFORMATION WE COLLECT 2.1. Information You Provide Directly - Account registration: Name, email address, phone number, business name, and password when you create an account. - Operator profile: Business details, vessel information, pricing, availability, photographs, captain credentials, and other listing content. - Booking information: Guest names, contact details, trip dates, number of passengers, and special requests. - Payment information: Billing name, billing address, and payment card details. Full card numbers are collected and stored exclusively by Stripe, Inc. — Charterfy does not store raw payment card data. - Digital waivers: Signed waiver documents, electronic signatures, and associated guest identification information. - Communications: Messages you send to Charterfy support, feedback, and any other information you provide in correspondence with us. - Identity verification: Government-issued identification or license documentation submitted for compliance or verification purposes. 2.2. Information Collected Automatically - Usage data: Pages visited, features used, clicks, search queries, booking flows, session duration, and interactions with the Service. - Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, referring URLs, and language settings. - Log data: Server logs recording your interactions with the Service, including timestamps, error reports, and API requests. - Cookies and similar technologies: See Section 6 (Cookies) for details. 2.3. Information from Third Parties - Stripe: Transaction records, payout status, Connected Account information, and payment dispute data shared by Stripe in connection with payment processing. - Analytics providers: Aggregated and pseudonymous behavioral data from analytics tools we use to improve the Service. - Other Operators or Users: Information provided about you by an Operator when creating a booking on your behalf, or by another user reporting a concern. ──────────────────────────────────────── 3. HOW WE USE YOUR INFORMATION We use the information we collect for the following purposes: 3.1. Providing the Service - Creating and managing your account - Processing and managing bookings and payments - Sending booking confirmations, receipts, and waiver requests - Enabling communication between Operators and Consumers - Displaying Listings on the Marketplace 3.2. Payment Processing and Financial Operations - Facilitating payments through Stripe Connect - Processing Operator payouts and managing platform fees - Handling refunds, disputes, and chargebacks - Issuing required tax documentation (e.g., IRS Form 1099-K) 3.3. Communications - Sending transactional notifications (booking confirmations, payment receipts, reminders, security alerts) - Responding to your support requests and inquiries - Sending marketing communications where you have given consent or where permitted by applicable law - Notifying you of changes to our Terms, Privacy Policy, or the Service 3.4. Safety, Security, and Fraud Prevention - Verifying identity and preventing unauthorized access - Detecting, investigating, and preventing fraudulent transactions, abuse, and violations of our Terms of Service - Monitoring for safety incidents or patterns of harmful behavior - Complying with law enforcement requests and legal obligations 3.5. Service Improvement and Analytics - Analyzing usage patterns to improve features and user experience - Conducting internal research and product development - Generating aggregated, anonymized statistical reports (which cannot identify you individually) - Testing and debugging technical issues 3.6. Legal Compliance - Meeting obligations under applicable federal, state, and local law - Responding to valid legal process (subpoenas, court orders, regulatory requests) - Enforcing our Terms of Service and other agreements - Protecting the rights, property, and safety of Charterfy, our users, and the public ──────────────────────────────────────── 4. HOW WE SHARE YOUR INFORMATION We do not sell your personal information. We share information only in the following circumstances: 4.1. With Stripe Payment transactions are processed by Stripe, Inc. We share payment-related information with Stripe as necessary to process transactions, manage Connected Accounts, handle disputes, and comply with financial regulations. Stripe's privacy practices are governed by Stripe's Privacy Policy at https://stripe.com/privacy. 4.2. Between Operators and Consumers When a Consumer makes a booking, we share relevant booking and contact information with the Operator to enable the charter to take place. Operators receive the Consumer's name, contact details, guest count, and booking details. Consumers receive the Operator's contact information and listing details. 4.3. With Service Providers We share information with third-party vendors who perform services on our behalf, including: - Cloud hosting and infrastructure providers - Email and SMS delivery services - Analytics and performance monitoring tools - Customer support platforms - Security and fraud detection services These providers are contractually prohibited from using your information for any purpose other than providing services to Charterfy and are required to protect your information with appropriate security measures. 4.4. For Legal Reasons We may disclose your information if we believe in good faith that disclosure is necessary to: - Comply with a legal obligation, court order, subpoena, or governmental request - Protect the rights, safety, or property of Charterfy, our users, or the public - Detect, prevent, or address fraud, security, or technical issues - Enforce our Terms of Service 4.5. Business Transfers If Charterfy is involved in a merger, acquisition, asset sale, reorganization, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your information becomes subject to a different privacy policy. 4.6. With Your Consent We may share your information for any other purpose with your explicit consent. ──────────────────────────────────────── 5. DATA RETENTION We retain your personal information for as long as necessary to provide the Service, fulfill the purposes described in this Policy, and comply with our legal obligations. - Active accounts: Retained for the duration of your relationship with Charterfy plus a reasonable period thereafter. - Booking and transaction records: Retained for a minimum of seven (7) years to comply with tax, financial reporting, and legal requirements. - Digital waivers: Retained for a minimum of seven (7) years or as required by applicable law. - Marketing data: Retained until you withdraw consent or opt out. - Deleted accounts: Upon account deletion, we will delete or anonymize personal data within ninety (90) days, except where retention is required by law. ──────────────────────────────────────── 6. COOKIES AND TRACKING TECHNOLOGIES We use cookies and similar technologies (web beacons, pixel tags, local storage) to operate and improve the Service. Types of cookies we use: - Strictly necessary: Required for the Service to function (authentication, session management, security). - Functional: Remember your preferences and settings. - Analytics: Help us understand how users interact with the Service. Data collected is aggregated and pseudonymous. - Marketing: Used to measure the effectiveness of marketing campaigns where applicable. You can control or disable non-essential cookies through your browser settings. Disabling cookies may affect certain features of the Service. We do not currently respond to "Do Not Track" signals. ──────────────────────────────────────── 7. DATA SECURITY We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include: - Encryption of data in transit using TLS/SSL - Encryption of sensitive data at rest - Access controls limiting data access to authorized personnel - Regular security assessments and monitoring - Payment card data handled exclusively by Stripe under PCI DSS compliance No method of transmission over the Internet or electronic storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@blockbeachlabs.com. ──────────────────────────────────────── 8. YOUR RIGHTS AND CHOICES 8.1. Access and Correction You may access and update most of your account information directly through your account settings. For anything else, contact privacy@blockbeachlabs.com. 8.2. Account Deletion Request deletion of your account by contacting support@blockbeachlabs.com or through your account settings. We will delete or anonymize your personal data within ninety (90) days, subject to retention obligations in Section 5. 8.3. Marketing Opt-Out Opt out of marketing emails at any time via the "unsubscribe" link in any marketing email, or by contacting support@blockbeachlabs.com. Opt out of SMS by replying STOP. Opting out does not affect transactional communications. 8.4. Data Portability Operators may request an export of their business data through their account settings or by contacting support@blockbeachlabs.com. ──────────────────────────────────────── 9. CALIFORNIA RESIDENTS — CCPA/CPRA If you are a California resident, you have the following rights: - Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, how it is used, and with whom it is shared. - Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions. - Right to Correct: Request correction of inaccurate personal information. - Right to Opt Out: We do not sell or share personal information for cross-context behavioral advertising. - Right to Limit Use of Sensitive Personal Information: You may limit use of sensitive personal information to what is necessary for providing the Service. - Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights. To exercise your California privacy rights, contact us at privacy@blockbeachlabs.com. We will respond within forty-five (45) days, with one possible forty-five (45) day extension where reasonably necessary. Categories of personal information collected in the past 12 months: - Identifiers (name, email, IP address, device ID) - Commercial information (booking history, payment records) - Internet or network activity (usage data, log data) - Geolocation data (approximate location from IP) - Professional information (Operator business details, captain credentials) - Sensitive personal information (payment card data processed by Stripe; government ID for verification) ──────────────────────────────────────── 10. GDPR — EEA AND UK RESIDENTS 10.1. Legal Bases for Processing - Contract: Processing necessary to perform our agreement with you. - Legal obligation: Processing required to comply with applicable law. - Legitimate interests: Fraud prevention, security, analytics, and Service improvement. - Consent: Where relied upon (e.g., marketing), you may withdraw at any time. 10.2. Your GDPR Rights You have the right to: access your personal data; correct inaccurate data; request erasure; restrict or object to processing; data portability; and lodge a complaint with your local supervisory authority. 10.3. International Transfers We are based in the United States. Data transferred from the EEA or UK to the US is protected by appropriate safeguards, including Standard Contractual Clauses where required. To exercise your GDPR rights, contact privacy@blockbeachlabs.com. ──────────────────────────────────────── 11. CHILDREN'S PRIVACY The Service is not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact privacy@blockbeachlabs.com and we will promptly delete it. ──────────────────────────────────────── 12. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time. For material changes, we will notify you by email and/or a prominent notice on the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy. ──────────────────────────────────────── 13. CONTACT INFORMATION Privacy inquiries & data requests: privacy@blockbeachlabs.com Legal notices: legal@blockbeachlabs.com General support: support@blockbeachlabs.com Mailing address: Blockbeach Labs LLC 476 Riverside Ave. Jacksonville, FL 32202 United States ──────────────────────────────────────── Last Updated: May 25, 2026