Skip to content
AllSail
Search Destinations Blog Support List Your Boat
Log In Sign Up

Privacy Policy

Last updated: February 2026

All Sail LLC is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our services.

1. Data Controller Information

The data controller responsible for your personal data is:

All Sail LLC
Address: 1007 N Orange St. 4th Floor Suite 1960, Wilmington, Delaware 19801, United States
EIN: 30-1350820
Email: privacy@allsail.com

2. Data We Collect

We collect the following categories of personal data:

Account Data

When you register, we collect your name, email address, phone number, and password. Partners additionally provide company information, bank account details for payouts, and identity verification documents.

Booking Data

When you make a booking, we collect travel dates, guest count, selected extras, and communication preferences. We also store your booking history and any messages exchanged through the platform.

Payment Data

Payment processing is handled by Stripe. AllSail does not store your complete payment card details. We retain transaction records including amounts, dates, and booking references for accounting and legal purposes.

Usage Data

We automatically collect information about how you interact with the Platform, including pages visited, search queries, IP address, browser type, device information, and referring URLs.

Cookie Data

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies are necessary for the Platform to function. Analytics cookies are only used with your consent.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Processing and managing your bookings and payments.
  • Facilitating communication between Guests and Partners.
  • Providing customer support and responding to inquiries.
  • Verifying Partner identity and boat documentation.
  • Sending booking confirmations, reminders, and service notifications.
  • Improving the Platform through usage analytics (with your consent).
  • Preventing fraud, unauthorized access, and other illegal activities.
  • Complying with legal obligations and resolving disputes.

We process your personal data on the following legal bases under the GDPR:

  • Contract Performance: Processing necessary to fulfill our contract with you, such as booking management and payment processing.
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as fraud prevention, platform security, and service improvement.
  • Consent: Processing based on your explicit consent, such as marketing communications and analytics cookies.
  • Legal Obligation: Processing required to comply with applicable laws, such as tax reporting and anti-money laundering regulations.

5. Data Sharing

We share your personal data with the following categories of recipients:

  • Partners and Guests: When a booking is confirmed, we share necessary contact information between the Guest and the Partner to facilitate the charter. Contact details are only shared after booking confirmation, not during the inquiry phase.
  • Payment Processors: Stripe processes payments on our behalf and is subject to its own privacy policy.
  • Charter Management: Booking Manager (charter management platform) receives guest name, contact details, and booking information for processing yacht reservations with charter companies.
  • Analytics Providers: With your consent, we use Google Analytics (via Google Tag Manager) to understand how visitors use the Platform.
  • Legal Authorities: We may disclose data when required by law, court order, or to protect our legal rights.

We do not sell your personal data to third parties.

Sub-processors

We use the following sub-processors to operate the Platform:

  • Stripe (United States) — Payment processing and fraud prevention.
  • Booking Manager (Croatia) — Charter reservation management and availability data for partner yacht companies.
  • Cloudflare R2 (Global CDN) — Media file storage (boat photos, documents).
  • Flare (Belgium) — Application error tracking and monitoring to maintain platform stability.
  • Google Analytics (United States) — Website usage analytics (with your consent).

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: retained while your account is active, plus 2 years after account deletion.
  • Booking and payment data: retained for 7 years to comply with tax and accounting regulations.
  • Usage data: retained for 26 months.
  • Communication data: retained for 3 years after the last booking associated with the conversation.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data, subject to legal retention requirements.
  • Right to Data Portability: You can request your data in a structured, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests.
  • Right to Restrict Processing: You can request limitation of processing in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at privacy@allsail.com. We will respond within 30 days.

For detailed information about the cookies we use and how to manage your cookie preferences, please see our dedicated Cookie Policy page.

10. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Regular security assessments and vulnerability testing.
  • Access controls and authentication mechanisms.
  • Employee training on data protection practices.
  • Incident response procedures for data breaches.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR.
  • Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms, as required by Article 34 of the GDPR.
  • Document the breach, its effects, and the remedial actions taken in our internal incident register.

If you believe your personal data has been compromised, please contact us immediately at privacy@allsail.com.

12. Children's Privacy

The Platform is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we shared the information.
  • Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions (such as legal retention obligations for booking and payment records).
  • Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service.

To exercise any of these rights, please contact us at privacy@allsail.com or call us. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

We will respond to verifiable consumer requests within 45 days. If we need additional time, we will notify you of the extension and the reason for it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform. The date of the most recent revision is indicated at the top of this page.

15. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: privacy@allsail.com

You also have the right to lodge a complaint with your local data protection authority.

Back to top

We use cookies to enhance your browsing experience and analyze site traffic. Learn more

Cookie Settings

Necessary

These cookies are essential for the website to function properly.

Marketing & Analytics

These cookies help us understand how visitors interact with our website.