Privacy Policy
Last updated: 2026 June 10th
1. Data Controller
CRBO SAS (SIRET: 9823099570001), located at 4 rue de l'ancien four - 01130 PLAGNE, is the data controller for personal information collected through our services.
2. Our Role: Controller and Processor
CRBO SAS is the data controller for the account data of boat operators who subscribe to BookSea, and for visitors to this website.
When operators use BookSea to take bookings from their own customers, the operator is the data controller for that customer data, and CRBO SAS acts as a data processor on the operator's behalf, processing booking, contact, and payment-related data solely to provide the service.
3. Data We Collect
- Contact Information: Name, email address, phone number
- Payment Details: Transaction records (excluding credit card information)
- Calendar Data: Event details for synchronization with Google Calendar
- Technical Data: IP addresses, device information, and usage data
4. Legal Basis & Purposes
We process data based on:
- Contractual necessity for service delivery
- Legitimate interest for service improvement
- Legal compliance with French and EU regulations
Dashboard analytics use pseudonymized data sets following GDPR Article 6(1)(f) requirements.
5. Cookies & Analytics
The BookSea application uses only essential cookies, strictly necessary for authentication (session) and security (CSRF protection). We do not use advertising or cross-site tracking cookies.
Our public marketing pages use cookieless, aggregate audience-measurement tools; these do not set cookies and do not track you across websites.
6. Third-Party Sharing
We share data with:
- Stripe, for payment processing — bookings are paid through each operator's own Stripe account
- Google Calendar API for schedule synchronization
- Resend, our transactional email delivery provider
- Legal authorities when required by law
7. Data Retention
We retain personal data:
- Active users: 3 years from last activity
- Financial records: 7 years for tax compliance
- Calendar data: Until user revocation
8. Your Rights
Under GDPR, you have rights to:
- Access and portability - Download your data directly from dashboard settings
- Rectification and erasure - Update/delete records through profile controls
- Restriction of processing
- Object to processing
9. Security Measures
We implement technical safeguards including encryption, access controls, and regular security audits.
10. Contact Us
For data requests or concerns:
Romain BOURDY
Email: romain@crbo.dev
Policy version: 1.1
Effective date: 2026 June 10th
See our Terms of Service for service terms and conditions.