Privacy Policy

Last Updated: October 26, 2025

Who We Are and What This Policy Covers

We are Cruise Chronicles LLC, a company based in Ohio that provides a cruise tracking service. Our mission is to help cruise enthusiasts track and remember their amazing cruise experiences.

This Privacy Policy applies to information that we collect about you when you use RecordMyCruise.com (our "Service").

Throughout this Privacy Policy we'll refer to our service as the "Service." Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.

Creative Commons ShareAlike License

We've decided to make this Privacy Policy available under a Creative Commons ShareAlike license. You're more than welcome to copy it, adapt it, and repurpose it for your own use. Just make sure to revise the language so that your policy reflects your actual practices.

Information We Collect

We only collect information about you if we have a reason to do so — for example, to provide our Service, to communicate with you, or to make our Service better.

We collect this information from two sources: if and when you provide information to us, and automatically through operating our Service. Let's go over the information that we collect.

Information You Provide to Us

We collect information that you provide to us directly. Here are some examples:

• Basic account information: We ask for basic information from you in order to set up your account. We require individuals who sign up for an account to provide an email address, username, and password — and that's it. You may provide us with more information, but we don't require that information to create an account.
• Cruise content information: You provide us with information when you create cruise logs, add notes about your cruises, or track cruise details (ship names, ports visited, dates, etc.).
• Communications with us: You may also provide us with information when you respond to surveys, communicate with our support team about a question, or sign up for updates. When you communicate with us via email or otherwise, we store a copy of our communications.

Sources of Personal Data

All personal data we process is collected directly from you. We do NOT obtain your personal information from:

• Third-party data brokers or data aggregators
• Public records or databases
• Social media platforms (unless you manually share content yourself)
• Marketing lists or lead generation services
• Other websites or services
• Background check services or credit agencies

The only information we collect is what you provide directly through our Service or what is automatically generated by your use of our Service (as described in the "Information We Collect Automatically" section below).

Cookies

A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. We use cookies to help us identify and track visitors, usage, and access preferences for our Service.

We use a single essential cookie for authentication and session management that keeps you logged in to our Service. This session cookie expires after 7 days or when you log out. The cookie is configured with security protections (HTTP-only, Secure, and SameSite=Strict) to protect your account.

We do NOT use third-party cookies. We do not use cookies from analytics services (such as Google Analytics), advertising networks, social media platforms, or any other third-party tracking services.

You can configure your browser to refuse cookies or to alert you when cookies are being sent. However, if you disable cookies, you will not be able to log in or use authenticated features of our Service. Please note that where third parties use cookies on our Service we have no control over how those third parties use cookies.

Information We Collect Automatically

We also collect some information automatically:

• Log information: Like most online service providers, we collect information that web browsers and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, and operating system. We collect log information when you use our Service.
• Device information: We collect information about the device you use to access our Service, including device type, operating system, and browser information. This helps us with error handling and troubleshooting technical issues.
• Usage information: We collect information about your usage of our Service. For example, we collect information about the actions that you perform (e.g., creating a cruise log, editing cruise details, deleting an entry). We use this information to provide our Service to you and to understand how people use our Service so we can make it better.
• Location information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Service from certain geographic regions.
• Information from cookies: A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. We use cookies to help us identify and track visitors, usage, and access preferences for our Service. We use only essential cookies for authentication and session management. We do NOT use third-party analytics (such as Google Analytics), advertising or marketing cookies, social media tracking pixels, or cross-site tracking technologies.

How and Why We Use Information

Purposes for Using Information

We use information about you for the purposes listed below:

• To provide our Service: For example, to set up and maintain your account, store your cruise logs, and provide customer service.
• To ensure quality, maintain safety, and improve our Service: For example, by monitoring and analyzing how users interact with our Service so we can create new features and make our Service easier to use.
• To protect our Service, our users, and the public: For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; and protecting the rights and property of Cruise Chronicles and others.
• To fix problems with our Service: For example, by monitoring, debugging, repairing, and preventing issues.
• To communicate with you: For example, by emailing you about important updates relating to your account, such as password resets or security alerts. We do NOT send marketing or promotional emails.

Legal Bases for Collecting and Using Information

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:

1. The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account. For example, we need to process your information to set up and maintain your account, provide customer service, store your cruise logs and content, send you transactional emails about your account (such as password resets and security alerts), and maintain the infrastructure that delivers our Service to you.
2. The use is necessary for compliance with a legal obligation. For example, we have a legal obligation to notify you of material changes to our Terms of Service or Privacy Policy.
3. The use is necessary in order to protect your vital interests or those of another person.
4. We have a legitimate interest in using your information. For example, we have a legitimate interest in monitoring and fixing technical errors through services like Sentry, protecting our Service and users through security monitoring and fraud prevention, and analyzing approximate geographic usage patterns from IP addresses to improve our Service. When we process data based on legitimate interest, we have carefully balanced our interests against your rights and freedoms.

You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. To exercise this right, please contact us at [email protected].

Sharing Information

How We Share Information

We do not share your personal information with third parties for marketing, analytics, or advertising purposes. We will only share your information in the following limited circumstances:

• Service providers: We share information with third-party service providers who need the information to provide services to us. This includes:
  • Resend - email delivery service for transactional emails (password resets, account notifications)
  • Railway - infrastructure and hosting provider for our Service and database
  • Sentry - error tracking and monitoring to help us identify and fix technical issues
  These service providers are contractually required to protect your information and may only use it to provide services to us.
• With your consent: We may share and disclose information with your consent or at your direction. For example, when you use social media sharing features to share content to external platforms.
• Legal and regulatory requirements: We may disclose information about you in response to a subpoena, court order, or other governmental request.
• To protect rights, property, and others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Cruise Chronicles, third parties, or the public at large.
• Business transfers: If Cruise Chronicles LLC is acquired by or merged with another company, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website at least 30 days before any such transfer, and you will have the opportunity to delete your account before the transfer occurs.
• Aggregated or de-identified information: We may share information that has been aggregated or de-identified, so that it can no longer reasonably be used to identify you.

Information Shared Publicly

By default, your cruise logs and information are private and are not shared publicly.

Social Media Sharing

Our Service allows you to share screenshots of your cruise maps and other content to social media platforms of your choice. This sharing is entirely user-initiated - you take screenshots and post them yourself to any platform you choose. We are not integrated with any social media platforms and do not automatically share your information with them. When you share content to social media platforms, that information becomes subject to those platforms' terms and privacy policies.

How Long We Keep Information

We generally discard information about you when it's no longer needed for the purposes for which we collect and use it — described in the section above on How and Why We Use Information — and we're not legally required to keep it.

When you delete your account:

• Your profile and personal information will be deleted from active databases within 30 days
• Your cruise data will be permanently deleted within 30 days
• We may retain limited data (email hash, deletion date) for up to 1 year to prevent abuse and fulfill legal obligations
• Backup archives may contain your data for up to 90 days, after which they are automatically purged
• If you delete your account, your data cannot be recovered

Security

While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. We monitor our Service for potential vulnerabilities and attacks.

To enhance the security of your account, we encourage you to use a strong, unique password and to log out after each session on shared devices.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Investigate the breach and take immediate steps to secure our systems
• Notify affected users by email within 72 hours of discovering the breach
• Provide details about what information was compromised
• Explain what steps we're taking to address the breach
• Offer guidance on how you can protect yourself

You can help protect your account by using a strong, unique password, logging out after each session on shared devices, and reporting suspicious activity to [email protected].

Email Communications

We send the following types of emails:

• Transactional emails (account creation, password resets, security alerts) - REQUIRED, cannot opt out
• Service announcements (changes to Terms, Privacy Policy, or critical service updates) - REQUIRED, cannot opt out

We do NOT send:

• Marketing or promotional emails
• Newsletters
• Third-party advertisements
• Partner offers

If you believe you've received an unauthorized email claiming to be from us, please report it to [email protected] immediately.

Automated Decision-Making and Profiling

Under GDPR Article 22, you have the right to not be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

We do NOT use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Specifically:

• No decisions about your account status, access, or privileges are made solely by automated means
• We do not use algorithms or AI to make decisions that significantly affect you
• We do not engage in profiling for marketing, credit decisions, or behavioral analysis
• We do not use automated systems to evaluate your personal characteristics, preferences, or behaviors
• All significant decisions affecting your account or data are made by human review

If we ever introduce automated decision-making or profiling in the future, we will update this Privacy Policy and notify you in advance, providing you with the right to opt out and request human review of any such decisions.

Choices

You have several choices available when it comes to information about you:

• Limit the information that you provide: If you have an account with us, you can choose not to provide optional information.
• Close your account: You can close your account if you no longer want to use our Service. Instructions are provided in our Terms of Service. Please keep in mind that we may continue to retain your information after closing your account as described in the "How Long We Keep Information" section above.

Your Rights

If you are located in certain parts of the world, including some US states and countries that fall under the scope of the European General Data Protection Regulation (GDPR), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data.

European General Data Protection Regulation (GDPR)

If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:

• Request access to your personal data: You can request a copy of the personal data we hold about you and information about how we process it.
• Request correction or deletion of your personal data: You can ask us to correct inaccurate data or delete your personal data under certain circumstances.
• Object to our use and processing of your personal data: You can ask us to stop using your personal data, including when we use it for legitimate interests, direct marketing, or performance of a task in the public interest.
• Request that we limit our use and processing of your personal data: You can ask us to restrict processing of your data in certain circumstances, such as while we verify its accuracy or our reasons for processing it.
• Request portability of your personal data: You can ask for a copy of your data in a structured, machine-readable format and to have it transferred to another data controller.
• Withdraw consent: If we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

You also have the right to make a complaint to a data protection supervisory authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA). Contact details for data protection authorities in the EEA are available at https://edpb.europa.eu/about-edpb/board/members_en.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request, which we do by confirming you are emailing from your registered account email address.

EU and UK Representative

As a U.S.-based organization, we have assessed our obligations under GDPR Article 27 and UK GDPR Article 27 regarding the appointment of an EU or UK representative.

We currently do not appoint an EU or UK representative because we qualify for the exemption under Article 27(2), as:

• Our processing of personal data from EU and UK residents is occasional and small-scale
• We do not process special categories of personal data (such as health, genetic, or biometric data) or criminal conviction data at large scale
• Our processing is unlikely to result in a risk to the rights and freedoms of individuals, given the nature of our cruise tracking service

We continuously monitor our user base and business activities. Should our processing activities change such that we no longer qualify for this exemption, we will appoint appropriate representatives and update this policy accordingly.

EU and UK residents may contact us directly at [email protected] for all inquiries, complaints, or requests regarding their personal data.

US Privacy Laws

Laws in some US states require us to provide residents with additional information about the categories of personal information we collect and share, where we get that personal information, and how and why we use it.

In the last 12 months, we collected the following categories of personal information:

• Identifiers (like your name, email address, username, and device identifiers)
• Internet or other electronic network activity information (such as your usage of our Service)
• Geolocation data (approximate location based on your IP address)

We collect personal information for the business purposes described in the "How and Why We Use Information" section. We share this information only in the limited circumstances described in the "Sharing Information" section. We retain this information for the length of time described in our "How Long We Keep Information" section.

In some US states you have additional rights, including the right to:

• Request a copy of the specific pieces of information we collect about you
• Request deletion of personal information we collect or maintain
• Request correction of personal information we collect or maintain
• Receive a copy of your information in a readily portable format
• Not receive discriminatory treatment for exercising your rights

Right to Opt Out

We never sell your personal information. We do not share your information with advertising, marketing, or analytics vendors.

Contacting Us About These Rights

You can usually access, correct, or delete your personal data using your account settings, but if you aren't able to or you'd like to contact us about one of the other rights, please email us at [email protected].

When you contact us about one of your rights under this section, we'll need to verify that you are the right person before we disclose or delete anything. For example, we will need you to contact us from the email address associated with your account.

Controllers and Responsible Company

Cruise Chronicles LLC, based in Ohio, United States, is the controller of personal information collected through our Service. This means that Cruise Chronicles LLC is the company responsible for processing that information.

Cruise Chronicles LLC
Ohio, United States
Email: [email protected]

Data Protection Officer

We are not required to appoint a Data Protection Officer under GDPR Article 37, as we are not a public authority, our core activities do not involve large-scale systematic monitoring of individuals, and we do not process special categories of sensitive data on a large scale.

For all privacy-related inquiries, data protection questions, or to exercise your rights under GDPR, please contact us at [email protected].

How to Reach Us

If you have a question about this Privacy Policy, or you would like to contact us about any of the rights mentioned above, please contact us:

Email: [email protected]
Website: recordmycruise.com

Transferring Information

Our Service is based in the United States and primarily intended for users in the United States. However, we comply with international privacy standards including GDPR to ensure the highest level of data protection for all users.

If you are located in the European Union, UK, or elsewhere outside of the United States, please be aware that information we collect will be transferred to and stored in the United States. By using our Service, you acknowledge this transfer.

When providing information about you to entities outside the EEA, we take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include:

• Standard Contractual Clauses: We use Standard Contractual Clauses approved by the European Commission for transfers to our service providers in the United States, including Railway (infrastructure hosting), Resend (email delivery), and Sentry (error monitoring).
• Encryption: All data transferred between your device and our servers is encrypted in transit and at rest.
• Contractual protections: Our service providers are contractually prohibited from accessing your data except as necessary to provide services to us.

You have the right to request information about the safeguards we use for international transfers, including copies of the Standard Contractual Clauses. To request this information, contact us at [email protected].

Privacy Policy Changes

Although most changes are likely to be minor, Cruise Chronicles may change its Privacy Policy from time to time. We encourage you to frequently check this page for any changes to our Privacy Policy. If we make changes, we will notify you by revising the "Last Updated" date at the top of this policy, and in some cases, we may provide additional notice (like adding a statement to our homepage or sending you an email notification). Your continued use of the Service after a change to our Privacy Policy will be subject to the updated policy.

Translation

This Privacy Policy was originally written in English (US). We may translate it into other languages, and in the event of a conflict between a translated version and the English version, the English version will control.