BoatStays logoBoatStays

Privacy Policy

Last updated: June 2026

This policy explains what personal data BoatStays Ltd ("BoatStays", "we") collects, how we use it and the rights you have. BoatStays is the data controller for personal data processed through the platform.

1. Data we collect

  • Account data: name, email, password hash, profile photo.
  • Host data: listing details, licence and insurance references, payout account information held by Stripe.
  • Booking data: dates, guest counts, prices, messages exchanged with the other party.
  • Payment data: processed by Stripe; we do not store full card numbers.
  • Technical data: IP address, device, browser, basic usage analytics.

2. How we use it

  • To operate the platform - create accounts, list boats, take bookings, release payouts.
  • To send transactional emails (booking requests, confirmations, cancellations, payout notifications).
  • To prevent fraud, abuse and unsafe activity on UK waterways.
  • To comply with legal and tax obligations.
  • To improve the product (aggregated, non-identifying analytics).

3. Legal bases

We process your data under one or more of: performance of a contract (your bookings), legitimate interests (running and securing the platform), legal obligation (tax, anti-fraud) and consent (optional marketing).

4. Sharing your data

  • Stripe - payment processing and Connect payouts.
  • Email provider - to deliver transactional emails.
  • Hosting & infrastructure - to run the platform securely.
  • The other party to a booking - your first name, profile photo and necessary contact details once a booking is confirmed.

We do not sell your data.

5. Cookies & analytics

BoatStays is designed to set as few cookies as possible. We do not use any tracking cookies and we do not display a cookie consent banner because we set no non-essential cookies.

  • Sign-in: your session is kept in your browser's local storage, not a cookie.
  • Payments: when you book a boat, Stripe sets a small number of strictly necessary cookies to process the payment securely. These are exempt from consent under UK PECR.
  • Analytics: we use Plausible Analytics, a privacy-first, cookieless analytics tool. It records aggregate page views and key events (such as sign-ups and bookings) but does not use cookies, does not track you across sites and does not collect any personal data or IP addresses.

You can clear browser storage at any time from your browser settings.

6. Retention

We retain account and booking data for as long as your account is active and for a reasonable period afterwards to meet tax, accounting and dispute-resolution obligations.

7. Your rights

Under UK GDPR you have the right to access, correct, delete or export your personal data, restrict or object to processing, and withdraw consent. You can unsubscribe from non-essential emails at any time using the link in the email or the unsubscribe page. Security and payment emails will still be delivered.

To exercise these rights, email privacy@boatstays.org. You may also complain to the UK Information Commissioner's Office (ico.org.uk).

8. Security

We use industry-standard measures to protect your data, including encryption in transit, row-level access controls on our database and a least-privilege approach to internal access. No system is perfectly secure; please use a strong, unique password.

9. Changes

We may update this policy as the platform evolves. We will notify registered users of material changes.

10. Contact

Questions? Email privacy@boatstays.org.