Legal

Privacy, in plain language.

What Baited collects, why, who else touches it, and the rights you have over it. No dark patterns, no buried clauses.

Last updated June 20, 2026

01 What we collect

We collect three kinds of information, and nothing we don't need to run a booking.

Operator account info. If you run a charter on Baited, we store your business name, contact details, the trips and availability you set up, and the connection to your own payment account. This is what makes your booking page work.
Customer booking info. When an angler books a trip, we store the details that trip needs — name, contact details, party size, the date and trip chosen, and any notes you collect (such as a souls-on-board manifest).
Payment metadata. We store the amount, status, and a payment-processor reference for each deposit or payment. We never see, handle, or store card numbers — those go straight to Stripe.
Usage data. Standard technical data that comes with serving a website — IP address, browser type, and which pages were requested — used to keep the service running and secure.

02 Why we collect it

We use the information above to do the job you came here for: take a booking, settle a deposit to the operator's own account, send the confirmations and reminders a trip needs, show the marine forecast and tide for a date, and keep the platform secure and working. We do not sell your data, and we do not use it to build advertising profiles.

03 Legal bases

Where data-protection law (such as the GDPR) asks us to name a legal basis, these are the ones we rely on:

Contract. Processing a booking, settling a payment, and sending the emails tied to a trip are necessary to perform the booking you asked for.
Legitimate interests. Keeping the platform secure, preventing fraud, and understanding aggregate usage so the product works reliably.
Legal obligation. Retaining the transaction and tax records the law requires us — and operators — to keep.
Consent. Anything optional, such as analytics, only with your explicit opt-in (see Cookies & analytics).

04 Processors & subprocessors

We use a small set of trusted providers to run the service. Each one only receives the data it needs for its job, and each is bound to handle it under its own data-processing terms.

Provider Role What it receives

Stripe Payments Deposit and trip-payment metadata — amounts, status, and a Stripe token. We never see or store card numbers.

Resend Transactional email Recipient email address and the contents of booking confirmations, reminders, and reschedule notices.

NOAA / Open-Meteo Weather & tide None of your personal data. We send a location and date to fetch public marine forecast and tide — these are public data sources, not recipients of your information.

Neon Database hosting The managed Postgres database where operator accounts, bookings, and customer details are stored.

Vercel Application hosting Serves the site and API. Processes standard request metadata (IP address, user agent) as part of delivering pages.

05 How long we keep it

We keep data only as long as it serves a purpose. Active operator accounts and their bookings are retained while the account is open. Booking and payment records are kept for the period tax and accounting law requires, then deleted or anonymized. Technical logs are kept for a short rolling window for security and debugging. Close your account and we delete or anonymize your data on the schedule above — sooner where nothing legal requires us to hold it.

06 Your rights

Whatever your jurisdiction, we extend the same core rights to everyone:

Access. Ask what we hold about you and get a copy.
Export. Receive your data in a portable, machine-readable format.
Correction. Fix anything inaccurate or incomplete.
Deletion. Ask us to erase your data, subject to records we're legally required to keep.

To exercise any of these, email hey@baited.dev and we'll respond within the timeframe the applicable law sets. If an angler booked through an operator, that operator is the first point of contact for their booking data; we'll support either of you.

07 Cookies & analytics

Our cookie use is deliberately minimal. We set a session cookie so signed-in operators stay authenticated — that's strictly necessary and can't be turned off without breaking login. We do not use advertising or cross-site tracking cookies.

Analytics is opt-in and not yet enabled. If we ever turn on product analytics, it will be behind an explicit consent choice — off until you say yes — and this policy will be updated before it runs.

08 Children

Baited is a tool for charter businesses and their guests. It is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child has given us their information, contact us and we'll delete it.

09 International transfers

Our providers may process and store data in the United States and other countries. Where data moves across borders, we rely on the safeguards those providers offer — such as standard contractual clauses — so your information keeps a comparable level of protection wherever it's handled.

10 Changes to this policy

We may update this policy as the product grows or the law changes. When we do, we'll revise the "last updated" date at the top, and for material changes we'll give clear notice — for example, by email to operators — before the change takes effect.

11 Contact

Questions about this policy, your data, or any request above — reach a real person at hey@baited.dev. We answer.

Still have questions?

Talk to a human, not a ticket queue.

Privacy, data, or anything else — email us directly and a person on the team replies.

Email hey@baited.dev See pricing