Privacy Policy

MV Boats (“we,” “us,” or “our”) operates mvboats.com (the “Site”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit or interact with the Site. By using the Site, you consent to the practices described in this policy.

1. Information We Collect

a) Information You Provide Directly

We may collect personal information that you voluntarily provide when you:

• Submit a contact or inquiry form (name, email address, phone number, group size, preferred dates, and details about your desired experience)
• Make a booking or purchase through our online checkout (name, email address, billing information processed securely by our payment processor)
• Subscribe to our newsletter or mailing list (email address)
• Submit a review or testimonial (name, rating, and review content)
• Create or access an account (email address, booking reference)
• Join a waitlist for a fully booked experience (name, email address, experience details)
• Correspond with us via email or other channels

b) Information Collected Automatically

When you visit the Site, certain information is collected automatically through cookies and similar technologies:

• Device & browser data: Browser type and version, operating system, device type, screen resolution, and language preferences
• Usage data: Pages visited, time spent on each page, click paths, referral source (the website or search engine that directed you to our Site), and exit pages
• IP address: Used for approximate geographic location (country/region level), security monitoring, and fraud prevention
• Cookies and local storage: Small data files stored on your device to remember preferences and analyze traffic (see Section 5 below)

c) Information from Third Parties

We may receive limited information from third-party services we integrate with (e.g., payment confirmation status from our payment processor, or analytics aggregates from Google Analytics). We do not purchase personal information from data brokers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To respond to your inquiries, process bookings, connect you with local boat operators, and provide customer support
• Payment processing: To facilitate secure transactions through our third-party payment processor (we never store your full credit card number on our servers)
• Communications: To send booking confirmations, reminders, follow-up emails, and (with your consent) promotional newsletters. You may opt out at any time.
• Site improvement: To understand how visitors use the Site through aggregated analytics, enabling us to improve content, navigation, and user experience
• Security & fraud prevention: To protect the Site from malicious activity, enforce our Terms of Service, and comply with legal obligations
• Legal compliance: To meet applicable legal or regulatory requirements, respond to lawful requests from public authorities, and protect our legal rights

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Consent: Where you have given explicit consent (e.g., for analytics cookies or marketing emails). You may withdraw consent at any time.
• Contractual necessity: Where processing is necessary to fulfill a booking or respond to your inquiry
• Legitimate interests: Where processing is necessary for our legitimate business interests (e.g., fraud prevention, Site security, improving our services), provided those interests are not overridden by your rights
• Legal obligation: Where processing is required to comply with applicable law

4. Information Sharing & Disclosure

We may share your information in the following circumstances:

• Boat operators: When you request a booking or inquiry, we share relevant details (name, contact information, dates, group size) with the operator to facilitate your experience
• Service providers: We use trusted third-party services to operate the Site (see Section 6). These providers access your information only as needed to perform their services and are contractually obligated to protect it.
• Legal requirements: We may disclose your information if required by law, subpoena, court order, or governmental regulation, or to protect the rights, property, or safety of MV Boats, our users, or others
• Business transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify you via a prominent notice on the Site and/or email before your information becomes subject to a different privacy policy.

We do not share your information with advertisers or ad networks.

5. Cookies & Tracking Technologies

Our Site uses cookies and similar technologies. Upon your first visit, we present a cookie consent banner allowing you to accept or decline non-essential cookies.

Types of Cookies We Use

Analytics cookies are only loaded after you consent. If you decline, no analytics cookies will be set and no usage data will be sent to Google.

You can also manage cookies through your browser settings. Note that disabling essential cookies may affect the Site’s functionality.

For more information about Google Analytics and your choices, visit the Google Analytics Opt-out Browser Add-on or review the Google Privacy Policy.

6. Third-Party Services

We use the following categories of third-party service providers to operate and improve the Site. Each provider processes personal data only as necessary to perform its function and in accordance with its own privacy policy:

• Analytics: Google Analytics (GA4) — collects aggregated, anonymized usage data to help us understand traffic patterns and improve the Site. Data is processed by Google LLC under their Privacy Policy.
• Payment processing: Stripe — processes payments securely. We never store your full credit card details. Stripe is a PCI DSS Level 1 certified processor. See Stripe’s Privacy Policy.
• Database & authentication: Our backend database provider stores booking records, reviews, and account information using industry-standard encryption at rest and in transit.
• Email communications: Transactional and marketing emails (booking confirmations, reminders, newsletters) are sent through a secure email delivery platform that processes your email address and message content.
• Web fonts: Google Fonts — loads typography assets. Google may collect limited technical data (IP address) when fonts are loaded. See Google’s Privacy Policy.
• CDN & libraries: We load select open-source JavaScript libraries from content delivery networks (CDNs) to ensure performance and reliability. CDN providers may log IP addresses as part of standard operations.
• Hosting & infrastructure: The Site is hosted on a secure, enterprise-grade cloud platform. Our hosting provider may process limited technical data (IP addresses, access logs) as part of normal server operations. All data is transmitted over HTTPS/TLS encryption.

7. Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect your personal information, including:

• HTTPS/TLS encryption for all data in transit
• Encryption at rest for stored personal data
• Access controls and authentication on administrative systems
• Regular review of our data collection, storage, and processing practices
• Rate limiting and monitoring to prevent unauthorized access
• Content Security Policy (CSP) headers to mitigate cross-site scripting and injection attacks

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify affected users and relevant authorities in the event of a data breach, as required by applicable law.

8. Data Retention

• Contact inquiries: Retained for as long as reasonably needed to respond and for our records, then archived or deleted
• Booking records: Retained for as long as necessary for legal, accounting, and tax purposes (typically up to 7 years)
• Reviews & testimonials: Retained until you request removal
• Newsletter subscriptions: Retained until you unsubscribe
• Analytics data: Retained per Google Analytics default settings (14 months)
• Cookie consent preferences: Stored locally on your device until cleared

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

For All Users

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of marketing communications at any time
• Opt out of analytics tracking (via our cookie banner or browser settings)

Additional Rights for EEA/UK Residents (GDPR)

• Right to data portability (receive your data in a structured, commonly used format)
• Right to restrict processing
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal
• Right to lodge a complaint with a supervisory authority

Additional Rights for California Residents (CCPA/CPRA)

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of personal information
• Right to opt out of the “sale” or “sharing” of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Right to non-discrimination for exercising your privacy rights
• Right to limit the use of sensitive personal information

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner if required by applicable law). We may request verification of your identity before fulfilling your request.

10. International Data Transfers

Our Site is operated in the United States. If you access the Site from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Site, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required by applicable law.

11. Children’s Privacy

Our Site is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately at [email protected].

12. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. Our Site responds to DNT signals by not loading analytics cookies when DNT is enabled, consistent with our cookie consent approach. If you have declined cookies through our consent banner, no analytics tracking will occur regardless of your DNT settings.

13. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will post the updated policy on this page with a revised “Last updated” date and, where appropriate, notify you via email or a prominent notice on the Site. Your continued use of the Site after any changes constitutes your acceptance of the updated policy. We encourage you to review this page regularly.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MV Boats
Email: [email protected]
Edgartown, Martha’s Vineyard, MA 02539
United States

For GDPR-related inquiries, you may also contact your local data protection authority.