Skip to main content
eliosail

Privacy Policy

Last updated: May 2026

This policy explains how eliosail handles your personal data when you use eliosail.com. We aim to collect the minimum we need, hold it only as long as we need to, and never sell it to anyone.

Who we are

eliosail is the charter property operated by TideLab. We arrange skippered sailing voyages and charters across the Mediterranean. Our sister site tidelab.io handles sailing education and is governed by a separate privacy policy.

For data-protection questions, contact us at privacy@eliosail.com (replace this address with your real contact before launch).

What we collect

When you submit a charter inquiry through the form, we collect:

  • Name and email — to contact you about your inquiry.
  • Destination, dates, charter type, and message— to understand what you're looking for.

If you create an account, we additionally collect:

  • Profile — name and profile picture from Google (if you sign in with Google).
  • Password hash (if you use email/password sign-in) — one-way bcrypt hash; we never see your actual password.

If you visit without signing in or submitting, we collect:

  • Server logs — IP address, browser and OS, timestamps, the URLs you visit. Hosted by Vercel.

Why we use it

  • Charter inquiries — to respond to you with details and to plan voyages.
  • Account services — authentication and your dashboard.
  • Improving the platform — understanding which destinations get interest.
  • Security and abuse prevention — detecting spam submissions, blocking brute-force sign-in attempts.

Under GDPR, our legal bases are: contract (responding to your inquiry, providing your account), legitimate interest (security, abuse prevention, basic analytics), and consent (any non-essential cookies we add — see the cookie policy).

Who we share it with

We use these third-party services as “processors”:

  • Vercel — hosting and request logs.
  • MongoDB Atlas — database where your inquiries and account are stored.
  • Google — OAuth sign-in (only if you choose Google sign-in).

For charter operations, we may share your contact details with partner charter operators (e.g. a local skipper or boat owner) once you proceed beyond the inquiry stage. We'll tell you who before we share. We do not sell your data.

How long we keep it

  • Inquiry data— 24 months from the date of your last contact, then deleted unless you've become a customer.
  • Customer data — retained for the duration of tax record-keeping obligations (typically 7 years in EU jurisdictions where TideLab operates).
  • Account data — until you delete your account.
  • Server logs— per Vercel's retention (30 days at the time of writing).

Your rights (GDPR)

If you're in the EU, UK, or Switzerland, you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Have your data deleted (“right to be forgotten”)
  • Receive a copy of your data in a portable format
  • Restrict or object to how we process your data
  • Lodge a complaint with your local data-protection authority. In Romania this is ANSPDCP (www.dataprotection.ro).

To exercise any of these, email privacy@eliosail.com. We'll respond within 30 days.

Cookies

We use a session cookie for signed-in users and a preference cookie for your locale. Neither is used for tracking. See the cookie policy for details.

Changes to this policy

We'll update this page if our practices change. The “Last updated” date at the top reflects the most recent change.

Draft notice:this policy is a starting template, not vetted by a lawyer. Before launch, replace the contact address, confirm the processor list against reality, and get a Romanian lawyer's review of both the English source and the Romanian translation — this is the EU/Romanian charter customer-facing document.
We use a small set of cookies to keep you signed in and remember your preferences. We don't use third-party analytics by default — when we do, you'll be asked again. Cookie policy.