Privacy Policy

1. About this policy

This Privacy Policy describes how TidePilot LLC, a Washington limited liability company (“TidePilot,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects information when you use the TidePilot service at tidepilot.ai and related mobile-web surfaces (the “Service”).

For purposes of applicable privacy laws, TidePilot is the “controller” (or, in Canada, the organization accountable for the personal information) of the data described in this policy. Our service providers act on our instructions and are described by category in §8 Service providers and data sources.

Questions about this policy or your data can be sent to privacy@tidepilot.ai.

2. Who and where this covers

This policy applies to anyone who uses the Service in the United States or Canada, including:

• Captains who create an account and use TidePilot to plan trips;
• People who receive trip-watch email or SMS alerts that a captain set up;
• People who view a public trip share link or leave a comment on one;
• People who participate in the referral program.

The Service is offered only to residents of the United States and Canada. We do not knowingly direct the Service to or accept signups from users in the European Union, the United Kingdom, or other jurisdictions outside the US and Canada. If you are outside the US or Canada, please do not use the Service.

3. Information we collect

We collect the following categories of information.

3.1 Account information

• Email address, password (stored as a hash by our authentication provider, Clerk — we never see your password in cleartext), and any OAuth metadata you choose to provide when signing in through a third-party identity provider.
• Account creation timestamp and last sign-in timestamp.

3.2 Captain profile

• Phone number in E.164 international format, if you opt in to SMS alerts.
• Home timezone.
• Boat profile: vessel type, length, draft, cruise and max speed, fuel capacity, and other characteristics you enter.
• Captain preferences (such as comfort thresholds and routing posture).

3.3 Trip planning and usage data

• Conversations with TidePilot’s routing advisor, including the text of your queries, the briefs returned to you, and any edits or refinements you make.
• Route plans you create, including waypoints, planned departure windows, conditions surfaced, recommendations, fuel reserve figures, and the edit lifecycle of each plan (initial, captain-edit, auto-refresh, captain-refresh).
• Trip watches you create, including the channel you chose (in-app, email, SMS), cadence preference, and a record of alerts sent.
• API call counts and feature usage, used to enforce subscription entitlements.

3.4 Referral attribution

• Referral source (share link, referral link, or manual code) and status lifecycle: clicked, signed up, trial started, subscribed, paid, rewarded.

3.5 User-generated content on trip shares

• When you create a public share link for a trip, the route plan and a snapshot of the boat profile become publicly viewable to anyone with the link.
• Comments left on a share page (by you or by other people), including the commenter’s display name (if any), comment text, timestamp, and IP address. We retain IP address for abuse handling, rate limiting, and security investigations.

3.6 Payment information

• Billing email, plan, status, invoice and payment history. Stripe, our payment processor, collects and stores your card number, expiration date, and CVV directly. TidePilot never sees or stores your full card details.See Stripe’s privacy policy for how they handle payment information.

3.7 Device and connection information

• IP address, browser type and version, operating system, device type, screen size, language, and referring URL, collected automatically through standard web request headers and server logs.

4. Where the information comes from

We collect information from the following sources:

• Directly from you when you sign up, enter your boat profile, plan a trip, share a trip, leave a comment, opt in to SMS, or subscribe.
• From Clerk, our authentication provider, when you authenticate (account metadata, OAuth claims if used).
• From Stripe, our payment processor, when you start a free trial, subscribe, or update billing.
• Automatically from your device through standard web request headers and analytics events.
• Derived from your activity— for example, when we query NOAA, Windy, Open-Meteo, the National Weather Service, or MSC Canada for conditions along your planned route, that route itself becomes inferred location data tied to your account.

5. How we use your information

We use the information described above to:

• Operate the Service, including authentication, account management, and customer support;
• Plan trips and generate captain briefs that fuse weather, sea state, tide, current, and boat profile;
• Run trip watches and deliver alerts you have asked for through your chosen channel;
• Process payments, run free trials, meter usage, and enforce subscription entitlements;
• Operate the referral program, including attribution and reward issuance;
• Send transactional and (with your consent) marketing communications;
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Use;
• Comply with legal obligations and enforce our agreements;
• Improve the Service and our routing models, using de-identified data as described in §7.

For Canadian users, our legal basis for these uses is your consent (provided when you create an account and accept this policy) and our legitimate business interest in delivering the Service you requested. Where Quebec Law 25 requires express consent for a specific use (for example, certain communications), we obtain that consent at the point of collection.

6. AI processing

TidePilot uses an AI model from Anthropic (currently Claude Sonnet 4.6) to draft routing briefs and recommendations. When you plan a trip, the following data is sent to Anthropic to generate your brief:

• The text of your routing query and any follow-up edits;
• Your boat profile and relevant preferences;
• Environmental data we have already gathered from NOAA, Windy, Open-Meteo, the National Weather Service, and MSC Canada for the route you are planning.

Anthropic processes that data under its commercial API terms and does not retain it to train its general models. The brief returned to you is generated by the AI and is not professional navigation advice. As stated throughout the Service and in our Terms of Use, the captain is the sole decision- maker and must independently verify conditions before acting on any brief.

This is not “solely automated decision-making with a legal or similarly significant effect” because every output requires your independent verification and decision. You have the right to request an explanation of how an AI-generated brief was produced; contact privacy@tidepilot.ai.

7. Improving TidePilot with de-identified data

TidePilot relies on real captain routing data to make the Service better. We reserve the right to use de-identified versions of your routing conversations, route plans, edit history, boat profile fields, and feature usage to:

• Evaluate model quality and detect regressions;
• Fine-tune and improve TidePilot’s routing intelligence;
• Build new features and benchmarks;
• Produce aggregate research and product analytics.

De-identified means we remove direct identifiers before this use, including your name, email address, phone number, account ID, payment information, and the exact coordinates of your home port. We commit not to attempt to re-identify de-identified data, and we contractually require third parties that handle de-identified data to do the same.

You cannot opt out of de-identified use. This is a core part of how TidePilot is built. If you do not want your routing data used in de-identified form to improve the Service, do not use TidePilot.

We do not sell de-identified data to data brokers, advertisers, or other third parties for their own commercial use.

8. Service providers and data sources

We use third-party service providers to operate the Service, including providers for authentication, application hosting, database infrastructure, payments, email and SMS delivery, product diagnostics, AI routing assistance, map/geocoding services, and marine/weather data. Each provider handles only the categories of data needed to perform its function and must provide appropriate confidentiality and security safeguards.

When we query third-party marine, weather, map, or geocoding providers for conditions and context along your route, those outbound queries may include route, viewport, search, or station information, such as latitude/longitude, tile coordinates, search text, or station identifiers. We do not include your name, email, or TidePilot account identifiers in those provider queries unless the provider needs that information to perform an account, payment, support, or communication function.

9. How we share information

We share information only as described below:

• Service providers (sub-processors). We share information with providers in the categories described in §8 so they can perform their function.
• Legal compulsion. We may disclose information to comply with a valid subpoena, court order, government investigation, or other legal obligation, and to enforce our Terms or protect our rights, property, or safety, or the rights, property, or safety of others.
• Business transfers.If TidePilot is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, information may be transferred as part of that transaction, subject to the acquirer’s commitment to honor this policy in all material respects.
• With your direction. Trip share links and public comments are visible to anyone with the link; that is the point of the feature.
• Aggregated or de-identified data as described in §7.

We do not sell your route plans, boat profile, routing conversations, or other personal informationto third parties for their own marketing or commercial use, and we do not “share” personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act.

10. Trip sharing and public comments

When you create a public share link for a trip, the route plan and a snapshot of the boat profile you selected become viewable by anyone who has the link. Anyone who has the link can leave a comment on the share page.

Information on a public share page may be cached, indexed, or archived by search engines and third parties outside our control. Even if you later delete the share link or your account, copies held by third parties may persist. Do not include in a share link anything you would not be comfortable making public.

We retain the IP address of anyone who leaves a comment on a share page for abuse handling, rate limiting, and security investigations. We may remove comments at any time, with or without notice, and we are not obligated to monitor comments.

11. SMS notifications

If you opt in to SMS trip-watch alerts, you expressly consent to receive automated text messages from TidePilot to the mobile number you provide. By opting in, you confirm that the number is yours and that you authorize TidePilot and its messaging provider (Twilio) to send messages to it.

• Message frequency: up to ten (10) messages per active trip watch, depending on how conditions change.
• Message and data rates may apply. Standard carrier rates apply to all messages you send and receive.
• Carrier disclaimer: mobile carriers are not liable for delayed or undelivered messages.
• To stop: reply STOP to any TidePilot SMS. To get help, reply HELP or contact support@tidepilot.ai.

Important: SMS alerts are best-effort and may be delayed, undelivered, or missed because of carrier conditions, outages, or other causes outside our control. Do not rely on SMS alerts as a safety system or as a substitute for direct observation of conditions.

12. Email communications

We send two kinds of email through Postmark, our transactional email provider:

• Transactional email— account confirmations, password resets, trip watch alerts you have asked for, billing receipts, and similar service messages. You cannot opt out of essential transactional email while your account is active.
• Marketing email— product updates, referral nudges, captain stories, and similar messages. Every marketing email contains an unsubscribe link. Canadian recipients receive these only after express opt-in as required by Canada’s Anti-Spam Legislation (CASL).

13. Cookies, local storage, device identifiers

We use a small number of cookies and similar storage technologies, all of which are essential to operating the Service:

• Clerk session cookies to keep you signed in;
• Stripe fraud detection cookies to protect against payment fraud during checkout;
• Progressive Web App storage to cache assets and let the Service run reliably on mobile.

13.1 Product session replay (LogRocket)

For signed-in captains, we use LogRocket to record session-level product interactions (clicks, scrolls, page navigation, and JavaScript errors) so we can diagnose bugs and improve the Service. Sessions are tied to your Clerk user ID, email address, and name so we can connect a recording to the captain whose session it is. Form-field values are masked at capture so we do not store the literal text you type into form inputs.

We do not use LogRocket for marketing, advertising, or to share session data with third parties beyond LogRocket itself. To request that LogRocket data associated with your account be deleted, contact privacy@tidepilot.ai.

We do not use advertising cookies, cross-site tracking pixels, or third-party behavioral advertising trackers. If we ever add analytics that fall outside the categories above, we will update this policy and provide appropriate notice or controls.

14. International data transfers

TidePilot is based in Washington State and many of our service providers operate from the United States. If you use the Service from Canada, your information will be transferred to and processed in the United States and other jurisdictions where our service providers operate.

We rely on contractual safeguards with each service provider to protect personal information in transit and at rest, consistent with the requirements of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec Law 25. You consent to these transfers when you create an account.

15. Data retention

We keep information only as long as we need it for the purposes described in this policy. The general schedule is:

We may retain information longer when required by law, to comply with a legal hold, to resolve disputes, or to enforce our agreements.

16. Your rights

16.1 Rights available to all US and Canadian users

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct information that is inaccurate or incomplete.
• Deletion: ask us to delete your account and the personal information associated with it, subject to §17.
• Portability: request an export of your information in a structured, machine-readable format.
• Withdrawal of consent: withdraw consent for uses that depend on consent (such as marketing email or SMS); this will not affect prior processing.
• Complaint: lodge a complaint with the appropriate regulator.

16.2 California (CCPA / CPRA)

California residents have the rights described above and the right to know what personal information we have collected, used, and disclosed. We do not sell personal information and we do not “share” personal information for cross-context behavioral advertising. California residents may designate an authorized agent to make a request on their behalf.

16.3 Canada (PIPEDA)

Canadian residents may access and correct their personal information held by TidePilot and may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) if they believe we have not complied with PIPEDA.

16.4 Quebec (Law 25)

Quebec residents have the right to know which categories of personal information we collect and use, to receive their information in a portable format, to ask for an explanation of any automated decision, and to lodge a complaint with the Commission d’accès à l’information du Québec (cai.gouv.qc.ca). For Quebec privacy matters, you may contact our Privacy Officer at privacy@tidepilot.ai.

16.5 How to exercise your rights

Send a request from the email address associated with your account to privacy@tidepilot.ai. We will respond within 30 days, or within the shorter period required by applicable law. We may ask for additional information to verify your identity before acting on a request.

17. Account and data deletion

You can request deletion of your account at any time in the TidePilot app, or by emailing privacy@tidepilot.ai from the email address tied to your account. Once we verify or receive the authenticated request, we will:

• Remove your account data from primary production systems within 30 days;
• Purge backups containing your data within 90 days as those backups roll off;
• De-identify or delete public share-page metadata associated with your account;
• Retain billing and tax records for the period required by law (currently 7 years);
• Retain de-identified versions of routing data created before deletion as described in §7.

Deletion is permanent. We cannot restore an account once it has been processed.

18. Minors

The Service is intended for adults aged 18 and older. We do not direct the Service to children, we do not knowingly collect personal information from anyone under 18, and we do not allow users under 18 to create accounts.

If you believe a minor has provided personal information to TidePilot, please contact privacy@tidepilot.ai and we will delete it.

19. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including:

• Row-level security on our application database so each captain’s data is isolated;
• Credentials managed by Clerk, an SOC 2 Type II auditied identity provider;
• TLS encryption in transit;
• Payment data handled by Stripe so we do not store card numbers ourselves;
• Access controls and least-privilege practices for our personnel and contractors.

No security program is perfect. We cannot guarantee absolute security of information transmitted to or stored by the Service. You are responsible for keeping your account credentials secure and for notifying us promptly if you suspect unauthorized access.

20. Breach notification

If we determine that a security breach has affected your personal information in a way that creates a real risk of significant harm, we will notify you and applicable regulators within the timeframes required by Washington RCW 19.255, California Civil Code §1798.82, Canada’s PIPEDA Breach of Security Safeguards Regulations, and other applicable laws.

21. Changes to this policy

We may update this policy from time to time. When we make material changes, we will provide at least 30 days’ advance notice by email to active account holders and by posting an updated version on this page with a new effective date. Continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree to the changes, you can stop using the Service and request deletion of your account before the effective date.

22. Contact us

For questions, requests, or complaints about this policy or your data:

• Email: privacy@tidepilot.ai
• Mail: TidePilot LLC, 240 2nd Ave S, Seattle, WA 98104, USA