LEGAL

Privacy Policy

Last updated: March 2026

1. Who We Are

AtMyBoat.com is operated by Skipper Don, based in Ontario, Canada. We build d3kOS — an open-source marine intelligence platform for Raspberry Pi. This Privacy Policy explains how we collect, use, and protect your personal information when you use atmyboat.com and the d3kOS mobile companion app.

Contact: skipperdon@atmyboat.com

2. What We Collect

When you create an account

  • First name and last name
  • Email address
  • Encrypted password (never stored in plain text)
  • CASL marketing consent preference (yes or no)
  • Date and time of account creation

When you use the community forum

  • Posts and replies you write (public)
  • Forum activity (topics started, replies posted)

When you pair a d3kOS Pi

  • Pi installation ID (a random identifier generated on your device)
  • Device UUID (a random identifier generated by your phone)
  • Last known GPS position (approximate — blurred to ~500 metres for the community map)
  • System health data you choose to export (engine readings, boatlog entries, alert history)
  • AI assistant usage: token counts and timestamps only. We never store the text of your questions.

When you use Fix My Pi or PDF Reports

  • Diagnostic results (service status, config validation, file integrity)
  • Stripe payment data (processed by Stripe — we receive only a transaction ID and status)

What we do NOT collect

  • The text of AI assistant questions
  • Exact GPS coordinates (positions are blurred to ~500 metres)
  • Browsing history or cookies beyond what WordPress requires
  • Any data from T0 users (T0 is architecturally offline — no data reaches us)

3. How We Use Your Information

  • Account management: To create and maintain your account, send password resets, and verify your email.
  • Community features: To show your display name on forum posts, the community map (if opted in), and the hall of fame.
  • Service delivery: To operate Fix My Pi, OTA upgrades, PDF reports, and the command queue between your phone and Pi.
  • Marketing (CASL): If you opted in, to send you product updates and community news. You can unsubscribe at any time via the link in any email.
  • Analytics: Aggregate, anonymised usage counts (number of active Pi installations, forum post volume). No individual tracking.

4. Legal Basis for Processing (GDPR)

  • Contract performance: Processing your account data to provide the services you signed up for.
  • Consent: Sending marketing emails — only with your explicit opt-in (CASL compliant).
  • Legitimate interest: Maintaining security, preventing fraud, and improving the platform.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe: Payment processing for Fix My Pi and tier subscriptions. Stripe's privacy policy applies to payment data.
  • Google (Gemini API): Your forum questions are sent to Gemini for AI responses. We send the question text and forum context. We do not store the question text after the response is returned.
  • HostPapa: Our hosting provider stores your account data on servers in Canada.

We do not share data with any other third parties, data brokers, or advertising networks.

6. Data Retention

  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Forum posts: retained indefinitely as community content. Contact us to request removal of specific posts.
  • Pi export data: retained for 12 months. Older records purged automatically.
  • Fix My Pi reports: retained for 24 months.
  • Payment records: retained for 7 years (Canadian tax requirements).

7. Your Rights

Under GDPR and PIPEDA (Canadian privacy law), you have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update inaccurate personal information (via your account settings or email request).
  • Deletion: Request deletion of your account and personal data.
  • Portability: Receive your data in a machine-readable format.
  • Withdraw consent: Unsubscribe from marketing emails at any time.
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your country's supervisory authority.

To exercise these rights, email skipperdon@atmyboat.com. We respond within 30 days.

8. Security

We use industry-standard security measures: HTTPS/TLS for all data in transit, encrypted password storage (bcrypt via WordPress), and access controls limiting who can access the database. No system is 100% secure — if you believe your account has been compromised, contact us immediately.

9. Cookies

We use only essential cookies required for WordPress to function: session cookies for login state and a nonce cookie for security. We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. No consent banner is required because we do not use non-essential cookies.

10. Children

AtMyBoat.com is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, contact us and we will delete it.

11. Changes to This Policy

We may update this policy as the platform evolves. Significant changes will be announced via email to registered users. The "Last updated" date at the top of this page reflects the current version.