Privacy Policy

This Privacy Policy explains how Nautog ("we", "us", "our") collects, uses, and discloses personal information when you use our mobile application(s), website (nautog.com), and related account and subscription services (the "Service").

We are based in New South Wales, Australia. We handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), where they apply to us.

• Account and authentication: email address and credentials (e.g. password stored as a secure hash). We may collect a display name or similar if you choose to provide it.
• App and vessel data: information you enter, such as passages, locations when you actively record a passage, maintenance tasks, engine hours, notes, and photos you attach.
• Technical and usage: device type, app version, diagnostic logs, and similar data needed to operate, secure, and improve the Service.
• Payments: billing is processed by third parties (e.g. Stripe, Apple, Google). We do not store full payment card numbers on our servers; we may receive limited billing identifiers and subscription status from those providers.

If you contact us (e.g. support email), we collect the content of your message and your contact details as needed to respond.

We do not sell your personal information. We do not disclose your email address, phone number, or full legal name to third parties for their own marketing or for unrelated commercial lists.

We only use those identifiers to operate the Service (e.g. login, support, billing notices), meet legal obligations, or share with service providers who process data strictly on our instructions (see section 6), and only to the extent necessary for those purposes.

We may use de-identified or aggregated data for internal analytics, product improvement, and scientific or research purposes, provided the data does not reasonably allow identification of you. Examples include statistical summaries of passage distances, anonymised usage patterns, or aggregated maintenance trends.

Before using data for research, we take steps to remove or separate direct identifiers (such as account email, phone, and full name) so the dataset is not reasonably linkable back to an individual. We do not publish or share your email, phone, or full name as part of any scientific or research output.

• To provide, maintain, and secure the Service (including authentication and cloud sync for eligible plans).
• To send service-related messages (e.g. email confirmation, password reset, billing receipts).
• To send optional notifications you enable (e.g. maintenance reminders).
• To analyse and improve the Service, including using anonymised or aggregated data as described above.
• To comply with law, respond to lawful requests, and protect rights, safety, and integrity of users and the Service.

We use reputable infrastructure and service providers who may process personal information on our behalf, including for example hosting and authentication (e.g. Supabase), payments (e.g. Stripe), app distribution and push notifications (e.g. Apple, Google, Expo), and email delivery. They may be located in Australia or overseas. We require them to protect information appropriately and use it only for the services they provide to us.

We may disclose information if required by law, court order, or to respond to valid requests by public authorities.

Some of our providers store or process data outside Australia (for example in the United States or other regions). Where we disclose personal information overseas, we take reasonable steps to ensure overseas recipients handle it in line with the APPs, subject to exceptions under the Privacy Act.

We use technical and organisational measures appropriate to the nature of the data (including encryption in transit where standard for the Service). No method of transmission or storage is completely secure; we cannot guarantee absolute security.

We retain personal information only as long as needed for the purposes above, including legal, accounting, and dispute resolution requirements, then de-identify or delete it where practicable.

Under the APPs, you may request access to personal information we hold about you and ask for corrections. Contact us at the email below. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

The Service is not directed at children under 13, and we do not knowingly collect personal information from children under 13 without parental consent as required by law. If you believe we have collected such information, please contact us so we can delete it.

Our website may use essential cookies or similar technologies needed for basic operation. Any analytics or non-essential cookies will be described in any cookie notice we provide and, where required, only used with your consent.

We may update this Privacy Policy from time to time. We will post the new version on this page and update the "Last updated" date. For material changes, we may provide additional notice (e.g. in-app or email) where appropriate.

Privacy questions or requests: hello@nautog.com.

For terms of use, see our Terms of Service.