Skip to main content
LEGAL · LAST UPDATED MAY 2026

Privacy policy.

How TideLab handles your data — what we collect, why, how long we keep it, and your rights under GDPR. Written in plain English. If something here is unclear, mail privacy@tidelab.io and we'll fix it.

SUMMARY
  • · We collect the minimum we need to run the platform.
  • · We never sell your data.
  • · Three processors — Vercel (hosting), MongoDB Atlas (database), Google (OAuth).
  • · You can delete your account and all associated data from your dashboard.

§01 · Who we are.

TideLab operates the tidelab.io platform — interactive sailing education, simulators, crew tools, and resources. Our sister site eliosail.com handles charter and is governed by a separate privacy policy.

For data-protection questions, contact us at privacy@tidelab.io.

§02 · What we collect.

If you create an account, we collect:

  • Email address — for sign-in and to contact you about your account.
  • Name and profile picture — received from Google when you sign in with Google.
  • Password hash (email/password sign-in only) — a one-way bcrypt hash; we never see your actual password.
  • Quiz history and progress — your scores, the quizzes you've taken, your study activity.

If you use the platform without signing in, we still collect:

  • Server logs — IP, browser/OS, timestamps, URLs visited. Hosted by Vercel, ~30-day retention.
  • localStorage on your device — quiz progress and UI preferences. Stays on your device unless you sign in and sync.

§03 · Why we use it.

  • Account services — authentication, your dashboard, syncing progress across devices.
  • Improving the platform — understanding which quizzes are taken and which courses are read.
  • Security and abuse prevention — detecting brute-force attempts, blocking spam.

Under GDPR, our legal bases are: contract (we need your email to give you an account), legitimate interest (security, basic analytics), and consent (for any non-essential cookies we add in future).

§04 · Who we share it with.

We use these third-party processors:

  • Vercel — hosting and request logs.
  • MongoDB Atlas — database for your account and progress.
  • Google — OAuth sign-in (only if you choose Google).

Each is bound by a data-processing agreement. We do not sell your data, ever, to anyone, for any reason.

§05 · How long we keep it.

  • Account data — until you delete your account.
  • Server logs — per Vercel's retention (~30 days).
  • Backups — Atlas backups may retain account snapshots up to 30 days after deletion.

§06 · Your rights (GDPR).

If you're in the EU, UK, or Switzerland, you have the right to access, correct, delete, port, restrict, or object to our processing of your data — and to lodge a complaint with your local data-protection authority.

To exercise any of these, mail privacy@tidelab.io. We respond within 30 days.

§07 · Cookies.

We use a session cookie for signed-in users (NextAuth) and a preference cookie for your locale. Neither is used for tracking. We ask for consent before adding any non-essential cookies — see the cookie policy.

§08 · Changes to this policy.

We'll update this page if our practices change. The “last updated” date at the top reflects the most recent change. Material changes get an email if you have an account.

COOKIES

We use cookies to keep your quiz progress and sign you in. None for advertising, none sold to anyone. Read the policy.