This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where control means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
• Application refers to Seaya, the software program provided by the Company.
• Company (referred to as either the Company, We, Us, or Our in this Privacy Policy) refers to Seaya International LLC, 8927 Hypoluxo Rd, Ste A4 PMB 1038, Lake Worth, FL 33467.
• Cookies are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
• Country refers to: Florida, United States.
• Device means any device that can access the Service such as a computer, a cell phone, or a digital tablet.
• Personal Data (or Personal Information) is any information that relates to an identified or identifiable individual. We use Personal Data and Personal Information interchangeably unless a law uses a specific term.
• Service refers to the Application, the Website, or both.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website refers to Seaya, accessible from https://seaya.io.
• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Cruise booking details and sailing history (cruise line, ship name, sail dates, and ports of call)
• Profile information You choose to share with other users, including profile photographs and bio information

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.

We may also collect information that Your browser sends whenever You visit Our Service or when You access the Service by or through a mobile device.

Information Collected while Using the Application

While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:

• Information regarding your location (used to enable port check-ins and to help connect You with Seamates in the same destination)
• Pictures and other information from your Device’s camera and photo library (used to enable profile photos and user-generated posts within the platform)

We use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company’s servers and a Service Provider’s server, or it may be simply stored on Your device.

You can enable or disable access to this information at any time through Your Device settings.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies We use include beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.
• Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics.

Cookies can be Persistent or Session Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

Where required by law, we use non-essential cookies (such as analytics, advertising, and remarketing cookies) only with Your consent. You can withdraw or change Your consent at any time using Our cookie preferences tool (if available) or through Your browser and device settings. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

We use both Session and Persistent Cookies for the purposes set out below:

• Necessary and Essential Cookies (Session Cookies, administered by Us): These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts.
• Cookies Policy and Notice Acceptance Cookies (Persistent Cookies, administered by Us): These Cookies identify if users have accepted the use of cookies on the Website.
• Functionality Cookies (Persistent Cookies, administered by Us): These Cookies allow Us to remember choices You make when You use the Website, such as remembering your login details or language preference.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
• For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with Us through the Service.
• To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including security updates, when necessary or reasonable for their implementation.
• To provide You with news, special offers, and general information about other goods, services, and events which We offer that are similar to those that you have already purchased or inquired about, unless You have opted not to receive such information.
• To enable Seamate connections: to help You discover and connect with fellow cruise passengers on the same sailing, at the same port, or sharing cruise history.
• To manage Your requests: To attend and manage Your requests to Us.
• For business transfers: We may use Your Personal Data to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and your experience.

We may share Your Personal Data in the following situations:

• With Service Providers: We may share Your Personal Data with Service Providers to monitor and analyze the use of our Service and to contact You.
• With cruise data partners: We share relevant booking and sailing information with our cruise data API partners (such as Widgety) strictly for the purpose of verifying sailings and enriching your in-app experience.
• For business transfers: We may share or transfer Your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your Personal Data with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
• With business partners: We may share Your Personal Data with Our business partners to offer You certain products, services, or promotions.
• With other users: When You share Personal Data or otherwise interact in the public areas of the Service with other users, such information may be viewed by all users and may be publicly distributed outside.
• With Your consent: We may disclose Your Personal Data for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Where possible, We apply shorter retention periods and reduce identifiability by deleting, aggregating, or anonymizing data. We apply different retention periods to different categories of Personal Data based on the purpose of processing and legal obligations:

• Account Information: User accounts are retained for the duration of your account relationship plus up to 24 months after account closure to handle any post-termination issues or resolve disputes.
• Customer Support Data: Support tickets and correspondence are retained up to 24 months from the date of ticket closure. Chat transcripts are retained up to 24 months for quality assurance and staff training purposes.
• Usage Data: Website analytics data, application usage statistics, and server logs are retained up to 24 months from the date of collection.

We may retain Personal Data beyond the periods stated above where required by law, to establish or defend legal claims, at your explicit request, or where data exists in backup systems scheduled for routine deletion.

When retention periods expire, We securely delete or anonymize Personal Data. Residual copies may remain in encrypted backups for a limited period and are not restored except where necessary for security, disaster recovery, or legal compliance. In some cases, We convert Personal Data into anonymous statistical data that cannot be linked back to You.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to and maintained on computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction.

Where required by applicable law, We will ensure that international transfers of Your Personal Data are subject to appropriate safeguards and supplementary measures. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service. You may update, amend, or delete Your information at any time by signing in to Your Account and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any Personal Data that You have provided to Us.

Please note, however, that We may need to retain certain information when We have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially reasonable means to protect Your Personal Data, We cannot guarantee its absolute security.

User-Generated Content

Seaya is a social platform for cruise passengers. As such, You and other users may post, share, upload, or otherwise make available content including photographs, profile information, port check-in posts, sailing history, comments, messages, and other materials (collectively, User Content).

Your Responsibility for User Content

You are solely responsible for any User Content You post or share through the Service. By submitting User Content, You represent and warrant that:

• You own or have the necessary rights and permissions to submit the User Content
• Your User Content does not infringe the intellectual property rights, privacy rights, or any other rights of any third party
• Your User Content complies with this Privacy Policy, Our Terms of Service, and all applicable laws
• Your User Content does not contain or depict anything that is illegal, harmful, abusive, harassing, defamatory, obscene, or otherwise objectionable

License You Grant to Seaya

By posting or sharing User Content on or through the Service, You grant Seaya International LLC a non-exclusive, royalty-free, worldwide, sublicensable license to use, store, display, reproduce, modify, and distribute Your User Content solely for the purposes of operating, developing, providing, and improving the Service and researching and developing new services.

You retain all ownership rights in Your User Content. The license You grant Us terminates when You delete your User Content from the Service or close your account, except where Your content has been shared with others and they have not deleted it.

Content Moderation

We actively monitor and enforce our platform using automated systems and human review to detect, prevent, and remove content that violates our policies, including child sexual abuse and exploitation. We reserve the right, but not the obligation, to take action on User Content that we determine in our sole discretion violates this Privacy Policy, our Terms of Service, or applicable laws. While we strive to review and act on reports promptly, we cannot guarantee immediate removal in all cases.

Users may report User Content they believe violates our standards. Reported content is reviewed by our Trust and Safety team, and action is taken in accordance with our content removal procedures described in the Child Safety Standards section of this policy.

Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us immediately at support@seaya.io.

If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take immediate steps to remove that information from Our servers and terminate the associated account.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Child Safety Standards and CSAE Policy

Seaya International LLC maintains a strict zero-tolerance policy toward child sexual abuse and exploitation in all forms. This section describes our standards, procedures, and commitment to child safety across our platform.

Zero Tolerance for Child Sexual Abuse Material (CSAM) and Exploitation

Seaya has an absolute zero-tolerance policy for child sexual abuse material (CSAM) and any form of child sexual abuse or exploitation (CSAE) on our platform. Any such content will be immediately removed and reported to the appropriate authorities.

Seaya International LLC strictly prohibits the following on its platform:

• Any content that depicts, describes, promotes, or facilitates the sexual abuse or exploitation of minors
• Child sexual abuse material (CSAM) of any kind, including photographs, videos, illustrations, or written descriptions
• Grooming behavior: any attempt by an adult to establish inappropriate contact with a minor or to manipulate a minor for sexual purposes
• Content that sexualizes individuals under the age of 18 in any manner
• Any communication, solicitation, or conduct designed to exploit, harm, or endanger a child
• Sharing, distributing, or linking to CSAM or CSAE material in any form

These prohibitions apply to all content types on our platform, including profile information, photographs, posts, port check-ins, private messages, and any other user-generated or system-generated content.

How to Report Child Sexual Abuse or Exploitation

If You encounter any content or behavior on Seaya that You believe involves the sexual abuse or exploitation of a minor, please report it immediately through one or more of the following channels:

• In-App Reporting: Use the report button available on any post, profile, or message within the Seaya application to flag content for immediate Trust and Safety review.
• Email: Send a detailed report to abuse@seaya.io with the subject line CSAE Report. Include as much detail as possible, such as usernames, content descriptions, and any screenshots you are able to capture.
• General Support: Contact support@seaya.io if you are unable to use the above channels.

All reports are treated with strict confidentiality. We encourage every member of our community to report suspected child safety violations without hesitation. You will never be penalized for reporting in good faith.

In the United States, you may also report suspected child sexual exploitation directly to:

• The National Center for Missing and Exploited Children (NCMEC) CyberTipline at www.cybertipline.org or by calling 1-800-843-5678
• Your local law enforcement agency
• The FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov

How We Remove Violating Content and Take Action Against Users

Upon receiving a report of suspected CSAM or CSAE content, Seaya will take the following actions:

• Immediate Review: Reports are escalated to our Trust and Safety team for priority review as quickly as technically possible, and no later than 24 hours after receipt. Reports are prioritized and reviewed with urgency, especially where there is a risk of harm to minors.
• Temporary Suspension: If the reported content or account presents an immediate risk, the associated account may be temporarily suspended pending investigation.
• Content Removal: Any content confirmed to violate our Child Safety Standards is removed from the platform immediately upon confirmation.
• Permanent Account Termination: Any user account found to have posted, shared, or distributed CSAM or CSAE content, or engaged in grooming or exploitation behaviors, will be permanently banned from the Seaya platform without the possibility of reinstatement.
• Evidence Preservation: We preserve evidence related to confirmed violations in accordance with applicable law, including the requirements of 18 U.S.C. Section 2258A, and make such evidence available to law enforcement upon lawful request.
• Reporting to Authorities: We report all confirmed instances of CSAM to the National Center for Missing and Exploited Children (NCMEC) CyberTipline, as required under 18 U.S.C. Section 2258A, and cooperate fully with subsequent law enforcement investigations.

Commitment to Cooperate with Law Enforcement

Seaya International LLC is fully committed to cooperating with law enforcement agencies in the investigation and prosecution of child sexual abuse and exploitation. This commitment includes:

• Responding promptly to lawful requests, subpoenas, court orders, and warrants from law enforcement agencies at the local, state, federal, and international levels
• Preserving relevant records and evidence upon receipt of a lawful preservation request or hold
• Proactively reporting confirmed CSAM and CSAE content to NCMEC as required by federal law
• Designating an internal point of contact responsible for handling law enforcement requests related to child safety matters
• Cooperating with international law enforcement agencies through applicable legal frameworks where Seaya users are located in other jurisdictions

Law enforcement agencies seeking to submit legal process or make inquiries related to child safety matters should direct their requests to: abuse@seaya.io.

Child Safety Contact Information

For all child safety matters, abuse reports, or law enforcement inquiries, please use the following contacts:

• Trust and Safety Team: support@seaya.io | Child Safety and Abuse Reports: abuse@seaya.io
• General Support: support@seaya.io
• Mailing Address: Seaya International LLC, 8927 Hypoluxo Rd, Ste A4 PMB 1038, Lake Worth, FL 33467

We are committed to making Seaya a safe and positive community for all users. Child safety is a non-negotiable priority and a core value of our platform.

Rights of Users in the European Economic Area and United Kingdom (GDPR)

If You are located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) and the UK GDPR grant You specific rights regarding Your Personal Data. This section sets out those rights and how You can exercise them.

Legal Basis for Processing

We process Your Personal Data on the following legal bases as applicable:

• Performance of a contract: processing is necessary to provide the Service to You, including managing Your account and enabling Seamate connections.
• Legitimate interests: processing is necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring the security of the platform, where those interests are not overridden by Your rights.
• Legal obligation: processing is necessary to comply with a legal obligation to which We are subject.
• Consent: where We rely on Your consent for specific processing activities (such as marketing communications or non-essential cookies), You may withdraw that consent at any time by contacting us at support@seaya.io or using the opt-out mechanism provided.

Your GDPR Rights

Under the GDPR, You have the following rights:

• Right of Access: You have the right to request a copy of the Personal Data We hold about You and information about how We process it.
• Right to Rectification: You have the right to request that We correct inaccurate or incomplete Personal Data We hold about You.
• Right to Erasure (Right to Be Forgotten): You have the right to request that We delete Your Personal Data in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected or where You withdraw consent.
• Right to Restriction of Processing: You have the right to request that We restrict the processing of Your Personal Data in certain circumstances, such as where You contest the accuracy of the data.
• Right to Data Portability: You have the right to receive Your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where processing is based on consent or contract and is carried out by automated means.
• Right to Object: You have the right to object to Our processing of Your Personal Data where processing is based on legitimate interests or is carried out for direct marketing purposes.
• Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. We do not currently make automated decisions of this nature.

How to Exercise Your GDPR Rights

To exercise any of the rights described above, please contact Us at support@seaya.io. We will respond to Your request within 30 days of receipt. We may need to verify Your identity before fulfilling Your request.

If You believe We have not complied with Your rights under the GDPR, You have the right to lodge a complaint with Your local supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu and the UK’s Information Commissioner’s Office (ICO) can be found at https://ico.org.uk.

International Transfers of EEA and UK Data

When We transfer Personal Data from the EEA or UK to a country that does not provide an equivalent level of data protection, We put in place appropriate safeguards to protect Your data, which may include Standard Contractual Clauses approved by the European Commission or the UK Government, or other lawful transfer mechanisms. You may request a copy of these safeguards by contacting Us at support@seaya.io.

Rights of California Residents (CCPA and CPRA)

If You are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants You specific rights regarding Your Personal Information. This section describes Your California privacy rights and how to exercise them.

Categories of Personal Information Collected

In the past 12 months, We have collected the following categories of Personal Information from California consumers:

• Identifiers: name, email address, phone number, IP address, device identifiers, and account credentials
• Personal information under California Civil Code Section 1798.80: name, telephone number, and profile photograph
• Commercial information: cruise booking details, sailing history, and records of services obtained
• Internet or other electronic network activity information: browsing history within the Service, app usage data, and interaction data
• Geolocation data: location data when You use port check-in features (with Your permission)
• Photos and audio or visual information: profile photographs and images You upload
• Inferences drawn from Personal Information: preferences and interests inferred from your usage of the Service

Purposes for Collecting Personal Information

We collect Personal Information for the business and commercial purposes described in the Collecting and Using Your Personal Data section of this Privacy Policy, including to provide and improve the Service, enable Seamate connections, enable port check-ins, and for analytics purposes.

Sale or Sharing of Personal Information

We do not sell Your Personal Information for monetary consideration. We may share certain identifiers and usage data with advertising or analytics partners in ways that may constitute a sale or sharing under the CCPA. You have the right to opt out of this sharing. To exercise this right, please contact us at support@seaya.io or use any opt-out mechanism We make available on our Website.

Your California Privacy Rights

California residents have the following rights under the CCPA and CPRA:

• Right to Know: You have the right to request that We disclose the categories and specific pieces of Personal Information We have collected about You, the categories of sources from which We collected it, the business or commercial purposes for which We collected it, and the categories of third parties with whom We share it.
• Right to Delete: You have the right to request that We delete Personal Information We have collected from You, subject to certain exceptions.
• Right to Correct: You have the right to request that We correct inaccurate Personal Information We maintain about You.
• Right to Opt Out of Sale or Sharing: You have the right to direct Us to not sell or share Your Personal Information to third parties.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit Our use of sensitive Personal Information (such as precise geolocation data) to what is necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against You for exercising any of Your CCPA rights. We will not deny You goods or services, charge You different prices, provide a different level of service quality, or suggest that You may receive a different price or quality of goods or services because You exercised Your rights.

How to Exercise Your California Privacy Rights

To exercise any of Your California privacy rights, please submit a verifiable consumer request by:

• Emailing Us at support@seaya.io with the subject line California Privacy Rights Request
• Including Your name, email address associated with Your account, and a description of the right You wish to exercise

We will verify Your identity before fulfilling Your request. We will respond to a verifiable consumer request within 45 days of its receipt. We may extend this period by an additional 45 days when reasonably necessary, provided We give You notice of the extension.

You may designate an authorized agent to submit a request on Your behalf. We may require the authorized agent to provide proof of authorization and verify Your identity directly.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of Personal Information to third parties for their direct marketing purposes during the immediately preceding calendar year. To make such a request, please contact Us at support@seaya.io.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third-party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and a prominent notice on Our Service prior to the change becoming effective and update the Last updated date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If You have any questions about this Privacy Policy, wish to exercise any of Your rights, or wish to report a child safety concern, You can contact Us:

By website: https://seaya.io

By email (general inquiries and privacy rights): support@seaya.io

By email (child safety, CSAE reports, and law enforcement): abuse@seaya.io

By mail: Seaya International LLC, 8927 Hypoluxo Rd, Ste A4 PMB 1038, Lake Worth, FL 33467