Privacy Policy

Controller & Contact

CruiseHopper is a single-operator web application for planning cruise itineraries. For data-protection purposes, CruiseHopper is the data controller of personal data processed through this site and is operated by an independent sole developer.

Contact for privacy matters: Email mail@cruisehopper.app. To verify requester identity, a one-time sign-in link may be sent to the account email associated with the request.

Personal data collected

• Email address provided to create an account and sign in via magic link.
• Essential technical data generated by the hosting stack (e.g., IP address, user-agent, timestamps, basic error/security logs). No cross-site tracking or behavioral profiling is performed.

Sensitive categories, payment information, and location history are not collected. Third-party advertising is not used.

Purposes and legal bases

Personal data are processed to provide and secure the service (account creation, authentication, fraud prevention, troubleshooting) and to comply with legal obligations where applicable.

Legal bases: performance of a contract, legitimate interests, and (where required) legal obligation.

Cookies & local storage

Only strictly necessary cookies and/or local storage are used for authentication and session security. Analytics, advertising, and cross-site tracking cookies are not used.

Service providers (processors)

Personal data may be processed by contracted providers solely to operate the service, under appropriate data-processing terms.

• Hosting & infrastructure: Hetzner Online GmbH (EU).
• Email delivery & domain services: Namecheap, Inc., including Private Email (used to send magic-link emails and for domain operations).

This list may be updated if the infrastructure changes.

International data transfers

Data may be processed or stored outside the country of residence. Where required, appropriate safeguards are applied (e.g., standard contractual clauses, adequacy decisions, or equivalent mechanisms).

Retention

• Account data (email): retained while the account remains active. Upon account deletion or an erasure request, account-linked data are deleted or irreversibly pseudonymized within 30 days, unless retention is required to meet legal obligations or resolve disputes.
• Security/error logs: typically retained for 30–90 days (subject to extension where necessary for security, fraud prevention, or legal compliance).

Disclosures

Personal data are not sold or shared for advertising. Disclosures may occur where required by law, to protect users, or to investigate abuse or security incidents.

Your rights

Depending on jurisdiction, the following rights may be available: access, rectification, erasure, restriction, objection, and data portability. No automated decision-making producing legal or similarly significant effects is performed.

How to exercise rights: email mail@cruisehopper.app. Identity verification may be requested before completion.

California privacy notice (CPRA)

• Personal information is not sold or shared as defined by CPRA.
• Rights to know/access, delete, and correct personal information may be exercised via X DM at @cruisehopper.
• Sensitive personal information is not used or disclosed for purposes other than those permitted by CPRA.

Children

The service is not intended for children under 13 (or under 16 in certain regions). If a child's personal data is believed to have been provided, contact mail@cruisehopper.app so that it can be deleted.

Security

Reasonable technical and organizational measures are implemented (e.g., HTTPS/TLS, access controls, least-privilege, routine patching). No method of transmission or storage is completely secure.

Changes to this policy

This policy may be updated periodically. The "Last updated" date reflects the latest version, and in-app notice may be provided for significant changes.

Contact (all privacy matters): mail@cruisehopper.app.