BoatPartsManual.com Logo
BoatPartsManual.comFind exact matching boat parts at once!

Menu

Privacy Policy

Effective date: TBD · Last updated: TBD

1. Introduction

Welcome to BoatPartsManual.com ("BoatPartsManual", "we", "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data in accordance with the GDPR and the ePrivacy Directive.

For the purposes of the GDPR, we act as the Data Controller for the personal data described in this policy.

1.1 Who We Are (Data Controller)

BoatPartsManual.com is operated by:

  • Privacy Contact: privacy@boatpartsmanual.com
  • Website: https://boatpartsmanual.com

1.2 What We Do

We are an information and referral service. We do not sell products directly, process payments, or ship items. When you click an affiliate or referral link, you are redirected to a third-party retailer's site, which is governed by their own policies and terms.

2. Personal Data We Collect

2.1 Account and Profile Data

  • Required: Email address for authentication and a password hash (we do not store passwords in plain text).
  • Optional: Display name, full name, profile picture URL, bio, and boat ownership details (brand, model, year).

2.2 User-Generated Content and Community

  • Reviews, ratings, fitment/compatibility data, and fit notes.
  • Interactions such as "helpful" votes, wishlists, and chat/community messages.
  • Reports, flags, and feedback submitted by you.

Note: Public contributions (reviews/fitment) remain visible to other users.

2.3 Usage Data

  • Pages visited, products viewed, and navigation patterns.
  • Affiliate/referral link clicks, including timestamps and unique click identifiers.

2.4 Technical and Security Data

  • Identifiers: IP address and user agent string.
  • Device Data: Browser type/version, device type, and operating system.
  • Logs: Server request logs, security audit trails, and error logs.

2.5 Cookies and Consent Records

We use cookies to maintain sessions, remember preferences, and (subject to your consent) perform analytics and affiliate attribution. We store records of your cookie choices to comply with ePrivacy requirements.

3. How We Use Your Personal Data

3.1 Service Operation

  • To manage your account and provide community features (reviews, wishlists, chat).
  • To provide search and compatibility filtering.

3.2 Affiliate Referrals and Attribution

Our business model relies on referral links. We generate pseudonymous click identifiers to attribute referrals and prevent fraud. We do not share your name or email with affiliate networks during this process.

3.3 Personalization

  • To highlight products based on your boat details or site interactions.
  • To display community reputation or contribution points.

3.4 Moderation and Security

  • To detect and prevent spam, fraud, and abuse.
  • To maintain security logs and investigate reports of rule violations.

3.5 Corporate Transactions

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as a business asset subject to appropriate safeguards.

4. Legal Bases for Processing (GDPR)

Data Category Purpose Legal Basis
Account Credentials Authentication Contract (Art. 6(1)(b))
Optional Profile Fields Personalization Consent (Art. 6(1)(a))
Security/Audit Logs Abuse Prevention Legitimate Interest (Art. 6(1)(f))
Analytics/Tracking Measurement Consent (Art. 6(1)(a))
Compliance Data Legal Requests Legal Obligation (Art. 6(1)(c))

5. Sharing and Disclosure

We share data only as necessary:

  • Processors: Supabase (Database/Auth - EU region), Vercel/Google Cloud (Hosting), Google Analytics/Tag Manager (Analytics - USA with SCCs).
  • Affiliate Networks: Pseudonymous click identifiers only (Amazon Associates, Impact Radius, others).
  • Legal: When required by law or to protect safety and security.

6. International Transfers

Some providers (notably Google) may process data in the United States. Where an adequacy decision does not exist, we rely on Standard Contractual Clauses (SCCs) and supplementary security measures. You may request a copy of these safeguards by contacting us at privacy@boatpartsmanual.com.

7. Data Retention

  • Active Accounts: Retained while the account is active.
  • Deleted Accounts: Personal data is deleted or anonymized within 30 days.
  • Public Contributions: Anonymized (shown as "Deleted User") upon account closure to preserve community database value.
  • Security Logs: Retained for 90 days for fraud investigation and security purposes.
  • Analytics: Individual session data retained for up to 26 months (Google Analytics default).

8. Your Rights

Under the GDPR, you have the right to:

  • Access & Portability: Receive your data in a structured, machine-readable format (JSON or CSV).
  • Erasure & Rectification: Delete or correct your data.
  • Object/Restrict: Limit processing based on legitimate interests.
  • Withdraw Consent: Revoke consent for analytics or marketing at any time.

To exercise these rights, contact privacy@boatpartsmanual.com. We will respond within 30 days.

If unsatisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at https://www.imy.se/ or your local data protection authority if you are in another EU country.

9. Data Security

We implement technical measures including:

  • Encryption in transit: HTTPS/TLS 1.3 for all connections.
  • Password security: Strong one-way hashing using bcrypt (passwords never stored in plain text).
  • Database security: Row-Level Security (RLS) on all database tables.
  • Access controls: Admin functions require authentication and role verification.
  • API security: Rate limiting, CORS policies, and input validation.

In the event of a high-risk data breach affecting your personal data, we will notify you and the Swedish Authority for Privacy Protection (IMY) within 72 hours of discovery, as required by GDPR.

10. Children's Privacy

BoatPartsManual.com is not intended for children under 13. We do not knowingly collect personal data from children under 13.

EU Users Under 16: If you are under 16 and located in the European Union, you must have permission from a parent or guardian to create an account and use our service.

If we discover that a child under 13 (or under 16 in the EU without parental consent) has created an account, we will delete it promptly. Parents may contact us at privacy@boatpartsmanual.com to request deletion of their child's data.

11. Cookies and Tracking Technologies

11.1 Essential Cookies (Cannot Be Disabled)

Purpose: Authentication, session management, security.
Legal Basis: Strictly necessary for service delivery (GDPR Art. 6(1)(b)).
Examples: sb-access-token, sb-refresh-token, CSRF tokens.

11.2 Analytics Cookies (Can Be Opted Out)

Purpose: Usage tracking, performance measurement.
Legal Basis: Consent (GDPR Art. 6(1)(a)).
Examples: _ga, _gid, _gat (Google Analytics).
Opt-out: Cookie settings or browser settings.

11.3 Affiliate Cookies

Purpose: Track referrals for commission attribution.
Duration: 24 hours to 90 days (varies by affiliate network).
Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)).

For a complete list of cookies and management options, see our Cookie Policy.

12. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices, legal requirements, or service features.

How We Notify You:

  • Material changes: We will email all registered users at least 30 days before the changes take effect.
  • Minor changes: We will update the "Last Updated" date at the top of this policy.

Your Acceptance: Continued use of our service after the effective date of updated policy constitutes acceptance. If you do not agree to the updated policy, you should stop using the service and delete your account.

13. Governing Law

This policy is governed by Swedish law and the General Data Protection Regulation (GDPR). Any disputes will be resolved in Swedish courts.

EU Consumers: If you are a consumer habitually resident in the European Union, you retain the right to bring proceedings in the courts of your country of residence. EU consumers may also use the European Commission's Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr.

Swedish Consumers: Consumers in Sweden may also refer disputes to the National Board for Consumer Disputes (Allmänna reklamationsnämnden, ARN) where applicable.

14. Contact Us

Privacy Inquiries: privacy@boatpartsmanual.com

Response Time:

  • Rights requests (access, deletion, etc.): Within 30 days
  • General privacy inquiries: Within 7 business days

Related Policies: