1. What Are Cookies and Similar Technologies?

Cookies are small text files stored on your device (computer, tablet, or mobile) when you visit a website. They help websites remember information about your visit, making the site more efficient and personalized. We also use similar technologies like localStorage and sessionStorage in your browser to store data locally for functionality.

Cookies can be "first-party" (set by us) or "third-party" (set by our service providers). They may be session-based (expiring when you close your browser) or persistent (remaining until deleted or expired).

2. Why We Use Cookies and Similar Technologies

We use these technologies to ensure our Service works properly, enhance user experience, and analyze usage patterns. We categorize them as follows:

Strictly Necessary Cookies

These are essential for the core functionality of our Service and cannot be disabled. They enable features like authentication, session management, and secure payments. Without them, you may not be able to sign in, create listings, or complete transactions.

• Authentication Cookies (via Supabase): Maintain your login sessions and verify your identity. Names include sb-access-token, sb-refresh-token, and other Supabase session cookies. These are HTTP-only, secure cookies with session-based and persistent durations (with auto-refresh enabled). They allow access to protected features like user profiles and boat listing management.
• Session Management: Tracks your sessions using UUID-based identifiers stored in localStorage and sessionStorage. This supports chat continuity, search history, and user preferences across browser sessions.
• Stripe Payment Cookies: Handle secure payment processing and fraud prevention during listing activations. Set by Stripe (third-party), with varying session and persistent durations. Used for checkout flows and webhook-based fulfillment.

Functional Cookies

These improve usability and personalization, such as remembering preferences or saving drafts. They are optional but enhance your experience.

• Geolocation Preferences: Store your location search preferences (latitude, longitude, and locationEnabled flag) in localStorage or context state. This enables opt-in, proximity-based boat searches. You can toggle this in the search interface.
• Listing Creation State: Saves draft boat listing data (e.g., form inputs, images, features) in localStorage during the multi-step creation process. This prevents data loss and persists until the listing is published or deleted.

Analytics and Performance Cookies

These help us understand how users interact with our Service to improve it. We do not use them for advertising.

• Elastic Behavioral Analytics: Tracks search patterns, clicks, page views, and interactions using the @elastic/behavioral-analytics-javascript-tracker package. Each session gets a unique identifier. Data includes search queries and navigation patterns, with persistent durations up to 2 years for aggregated reporting.

Targeting or Advertising Cookies

We do not use targeting cookies or integrate with advertising networks. No cookies are set for building interest profiles or showing ads on other sites.

3. Third-Party Cookies and Services

We work with trusted third-party providers who may set cookies through our Service:

• Supabase (supabase.co): Provides authentication, database, and storage services. Sets auth-related cookies for session management and token storage.
• Stripe (stripe.com): Handles payment processing for listing activations ($99.00 per listing). Sets cookies for secure checkout and fraud detection.
• Elastic (elastic.co): Powers behavioral analytics for search and interaction tracking.
• Vercel (vercel.com): Hosting platform that may set performance cookies for CDN caching and optimization.
• Next.js: Our framework may use minimal cookies for server-side rendering state.

These third parties process data according to their own privacy policies, but we ensure they align with our privacy standards. We do not share your data with advertisers or allow cross-site tracking.

4. How We Manage Data from Cookies

• Data Flow: Cookies support user journeys like AI-powered searches (session IDs for query tracking), seller flows (drafts and payments), and authentication (token refresh for persistent logins).
• Retention: Authentication data persists until you sign out or delete your account. Search sessions are temporary. Drafts last until published or deleted. Analytics data is retained for up to 2 years for performance insights. Payment records are kept for legal compliance.
• Security: We use HTTPS encryption, HTTP-only cookies for sensitive data, and middleware to protect routes. We do not store payment card details on our servers or sell user data.

5. Your Choices and Controls

You control cookies and similar technologies:

• In-App Controls: Toggle geolocation in searches, sign out to clear auth cookies, or delete drafts to remove stored data.
• Browser Settings: Most browsers let you block or delete cookies. Visit your browser's help section for instructions. Note: Blocking essential cookies may limit Service functionality.
• Clear Browser Data: Manually clear localStorage and sessionStorage via browser tools.
• Do Not Track: We honor browser "Do Not Track" signals for analytics where applicable.
• Account Deletion: Request via our contact page to delete your data, including associated cookies.

For more on privacy, see our Privacy Policy.

6. Updates to This Policy

We may update this policy to reflect changes in our practices, technology, or legal requirements. We'll post updates here with the new effective date. Check back periodically.

7. Contact Us

Questions about this policy? Email us at privacy@boatr.ai