y
Continue

Privacy

Privacy Policy

This policy explains how Yachtee handles personal data across the public site, app, job board, profiles, applications, reference verification, billing and email tools.

Yachtee is a recruitment platform, so profile, application and contact data may be shared with employers or crew where the platform workflow calls for it. We do not sell personal data. Please also read our Terms of Service and Cookie Policy.

Summary

Recruitment data

Crew profiles, CVs, documents, applications, references and employer listings are processed to run the recruitment platform.

Visibility

Public crew profiles are visible on the web when enabled. Employer candidate views and application views can include fuller crew data.

Service providers

We use providers for hosting, file storage, email delivery, payments, maps, analytics and AI-assisted processing.

Control

You can update profile data, visibility, communication preferences and cookie preferences, and you can contact us to exercise privacy rights.

Controller

The controller for Yachtee is Yacht Career Hub OÜ, trading as Yachtee. You can contact us at [email protected].

Employers who receive candidate data through Yachtee may also act as independent controllers for their own recruitment, hiring, employment and compliance activities. Referees who submit references should expect their comments to be visible to the crew member and to employers reviewing that crew profile where the product permits it.

Data we collect

Category
Examples
Account and auth
Email address, role, verification status, authentication sessions, device, IP address, browser and security logs.
Crew profile
Name, headline, profile photo, contact details, location, availability, date of birth, gender, height, weight, relationship status, smoking, tattoos, hobbies, social links, public username, visibility settings and profile summary.
Crew documents
CVs, passport country and expiry data, visas, residence, certificates, qualifications, references, licenses, uploaded files, parsed text, profile media and video profile files. Some documents may contain sensitive data, such as medical fitness information, if you choose to upload them.
Preferences
Desired positions, yacht types and sizes, contract types, bases, itineraries, couples preferences, salary expectations, alert preferences and communication preferences.
Applications
Cover letters, CVs, profile snapshots, availability, location, applicant email, partner applicant data for couple applications, application status, employer notes, withdrawal reasons, rejection feedback and interview scheduling details.
References
Referee name, company, position, email, phone number, relationship, verification answers, strengths, weaknesses, recommendation, decline reasons and timestamps.
Employer data
Employer contact details, job title, account type, verification state, yacht, fleet, agency, company or management-company details, job listings, recipients and hiring workflow data.
Billing
Stripe customer and subscription IDs, plan, payment status, invoices, refunds, billing address, VAT data where provided, card brand and last four digits. We do not store full card numbers.
Email and analytics
Notification preferences, job alert records, campaign recipient status, unsubscribe choices, email open and click events, imported contact consent notes, blog visit IDs, scroll depth, read time, Google Analytics page and funnel events, referrer host and UTM parameters.

Sources

  • Data you enter, upload or generate while using Yachtee.
  • Data extracted from CVs and documents you upload, including parsed text and AI-generated prefill suggestions.
  • Data submitted by employers, applicants, partner applicants, referees, notification recipients and administrators.
  • Data from service providers, such as Stripe payment status, SendGrid email events and Google Places location suggestions.
  • Public or third-party data where relevant to employer entity records, yacht or company search, security, fraud prevention or platform administration.

How we use data

Purpose
Legal basis
Accounts, authentication, onboarding and core platform use
Contract necessity and legitimate interests in operating a secure recruitment platform.
Crew profiles, public profiles, applications, employer candidate search and reference verification
Contract necessity, legitimate interests in recruitment workflows, and consent or explicit consent where required for public visibility or optional sensitive documents.
Employer verification, fraud prevention, rate limiting, abuse monitoring and security
Legitimate interests and legal obligations.
Payments, invoices, refunds, accounting and tax records
Contract necessity and legal obligations.
Notifications, job alerts, transactional emails and service messages
Contract necessity and legitimate interests. Non-essential email categories can be changed or unsubscribed from.
Marketing emails, imported email contacts and campaign measurement
Consent or legitimate interests where permitted, with opt-out and suppression controls.
Analytics, campaign attribution and product improvement
Consent where required for cookies or local storage, and legitimate interests in understanding platform performance.

Sharing

We share personal data only where needed to provide, secure, improve or comply with the platform. Categories of recipients include:

  • Employers and their authorised recipients when crew apply, are visible in candidate search or make profile data available through Yachtee.
  • Crew members and employers where reference, application, interview, rejection or hiring workflow features require it.
  • Service providers for hosting, databases, file storage, email delivery, payments, AI processing, maps, consented analytics, logging, monitoring and infrastructure operations.
  • Administrators, contractors or advisors who need access for support, moderation, accounting, legal, security or platform administration.
  • Authorities, courts, regulators or counterparties where we believe disclosure is required by law or needed to protect rights, safety, users or the platform.

Some providers may process data outside the European Economic Area. Where required, we rely on adequacy decisions, standard contractual clauses or other safeguards for international transfers.

AI and assessments

Yachtee uses AI-assisted tools to parse CVs, prefill profiles, generate optional career content, support interview preparation and assess candidate suitability for certain paid employer listings. Inputs may include profile data, CV text, job requirements, application materials and employer-defined suitability rules.

AI output is used as a support signal and should be reviewed by a person. Yachtee does not make final hiring or rejection decisions solely by automated processing. Employers remain responsible for lawful, fair and human-reviewed recruitment decisions.

Cookies and analytics

We use necessary storage for authentication, security and requested app functionality. With your consent, we also use first-party analytics storage for blog engagement, Google Analytics 4 for aggregate page and funnel measurement, and marketing attribution storage for campaign links. You can review and change choices in the Cookie Policy.

Google Analytics may receive technical information such as page URL, referrer, browser/device details, approximate location derived by Google, consent state and event parameters for sign-in, onboarding, applications and checkout. Yachtee does not intentionally send names, email addresses, CV contents or direct profile details to Google Analytics.

Email campaigns may include open pixels and tracked links so we can understand delivery, engagement and unsubscribes. You can unsubscribe from non-transactional emails through email links or account communication settings where available.

Retention

We keep personal data for as long as needed for the purposes described in this policy, including providing accounts, preserving applications, supporting employer records, complying with accounting and legal duties, resolving disputes, preventing abuse and keeping suppression lists.

  • Account, profile and employer workspace data is generally kept while the account is active, then deleted or anonymised when no longer needed unless legal or platform-safety reasons require retention.
  • Submitted applications and hiring workflow records may be kept so employers and applicants retain recruitment history and so Yachtee can operate audit, support and dispute workflows.
  • Guest application sessions expire after a short operational period, but a submitted application may remain as a recruitment record.
  • Payment, invoice, refund and accounting records are kept for legally required accounting and tax periods.
  • Suppression and unsubscribe records are retained so we can honour opt-out choices.
  • Backups and logs are deleted on rolling schedules unless they are needed for security, legal or incident response reasons.

Your rights

Depending on your location and the data involved, you may have rights to access, correct, delete, restrict, object to or port your personal data. You may also withdraw consent where processing is based on consent. Withdrawal does not affect processing that already happened lawfully before withdrawal.

To exercise rights, contact [email protected]. We may need to verify your identity before acting on a request. You also have the right to lodge a complaint with a supervisory authority. In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate.

Security

We use technical and organisational measures designed to protect personal data, including role-based access controls, JWT authentication, httpOnly refresh-token cookies, rate limiting, service-to-service secrets, file validation, private file storage patterns and administrative access controls.

No online service can be completely secure. Please use a secure email account, keep your devices protected and contact us promptly if you suspect unauthorised access.

Changes

We may update this policy as the platform, providers, laws or workflows change. When changes are material, we will take reasonable steps to notify registered users or highlight the update on the site.