Privacy Policy.

Super Yacht Eats is operated from France. For any privacy enquiry, write to privacy@superyachteats.com.

We collect: (a) account info — name, email, role, language; (b) profile info you provide — business name, photos, descriptions, ports served, certifications, languages spoken; (c) usage data — pages viewed, RFQs sent and received, quotes submitted; (d) technical data — IP address, browser, device, timestamps. We never see or store payment card numbers — payments are processed by Stripe.

To operate the Service (account, RFQs, payments via Stripe), to provide the directory listing and search, to send transactional emails (welcome, RFQ notifications, billing receipts), to detect and prevent abuse, and to comply with legal obligations (accounting, anti-fraud).

We process personal data on the basis of: (a) contract — when you sign up and use the Service; (b) legitimate interest — for security, fraud detection, product improvement; (c) consent — for non-essential cookies and marketing emails (you can withdraw consent at any time); (d) legal obligation — for accounting, KYC.

We share data only with the processors strictly needed to run the Service:· Stripe (Ireland) — payments & subscriptions· Supabase (USA / EU) — database hosting· Vercel (USA) — application hosting· Brevo (France) — transactional email· Anthropic (USA) — AI assistance for catalog parsing and AI builders (Crew Pro)We never sell your data and never share it with advertisers.

Some processors are based outside the European Economic Area. Transfers rely on Standard Contractual Clauses approved by the European Commission.

Account data is retained while your account is active and for up to 3 years after closure, except where longer retention is required by law (accounting: 10 years in France). RFQ message contents are deleted 24 months after the RFQ is closed.

You have the right to access, correct, port, restrict, or delete your personal data, and to object to processing. Email privacy@superyachteats.com to exercise any of these rights. You also have the right to file a complaint with the CNIL (the French data-protection authority) at cnil.fr.

All traffic is encrypted in transit (TLS 1.3). Database access is restricted by row-level security policies. We follow standard SaaS security practices and review our posture regularly. Passwords are hashed (we recommend magic links). We never store payment card data.

We use a minimal number of cookies — see our cookies policy for details. Analytics uses a privacy-friendly service that doesn’t profile users.

We may update this policy. Material changes will be announced by email.