Legal

Privacy Policy

Last updated June 2026

Who we are

The data controller for MarDat is MarDat Ltd., Winslow, Coolmine, Saggart, Co. Dublin, Ireland. For any privacy question or to exercise your rights, contact founders@mardat.app.

Cookies & on-device storage

We ship no advertising and no cross-site tracking. The only things stored on your device are strictly necessary to sign you in and keep you signed in; if you use Google sign-in, Google may set its own. EU rules (the ePrivacy Directive) require consent only for non-essential storage, so we show no consent banner. Our Cookie Policy describes the categories we use. If we ever add analytics, we will ask for consent first — even if it is "cookieless".

The MarDat app

The MarDat application (at /app) is a separate, account-based product. To run your boat logbook it processes:

  • Account details you provide at sign-up (e.g. email, display name).
  • Boat and maintenance data you enter (tasks, health records, notes, photos).
  • Technical data required to operate and secure the service.

How we sign you in

Authentication is handled by Google Firebase Authentication (Google's managed identity service). You can sign in with email and password or with Google, including Google's one-tap prompt; signing in with Google involves Google under its own privacy policy. To keep you signed in, we store strictly-necessary sign-in information on your device; a Keep me signed in option controls whether you stay signed in across browser restarts or are signed out when you close the browser. This is not used for tracking. We never store raw passwords, and we never sell your personal data.

Legal bases (GDPR)

  • Performance of a contract — to create your account and provide the logbook you asked for.
  • Legitimate interests — to keep the service secure, prevent abuse, and operate reliably.
  • Consent — for anything non-essential we may add later (e.g. analytics); you can withdraw it at any time.

Service providers (sub-processors)

We use a small number of providers to run MarDat:

  • Google Firebase Authentication & Google Identity Services (One Tap) — sign-in and identity.
  • Google Cloud (Cloud Storage & Cloud SQL) — hosting and your app data.
  • Google Fonts — typeface delivery (may expose your IP to Google; sets no cookie).

International transfers

Our providers (Google) may process data outside your country, including in the United States. Where required, such transfers are covered by an appropriate safeguard such as [Standard Contractual Clauses / an adequacy decision].

Retention

We keep your account data while your account is active. When you delete your account, deletion is honoured after a short grace period of [e.g. 30 days], after which your record and the associated sign-in credential are permanently removed.

Your rights

Subject to applicable law, you can access, correct, export, delete, or object to / restrict the processing of your personal data. To exercise any of these, email founders@mardat.app. You also have the right to lodge a complaint with your data protection supervisory authority [name of authority / "in your EU member state"].

Contact

Questions about privacy? Email founders@mardat.app.