MooringMate — Privacy Policy
Effective Date: June 9, 2026 | Version: 2.1
We don't sell your personal data. MooringMate AG (Baar, Switzerland) is the data controller. We share data only with payment and service providers and with mooring providers as needed to deliver the service, or where required by law.
1. Definitions
For the purposes of this document:
1.1 “MooringMate”, “we”, “us”, or “our” means MooringMate AG, a company incorporated under the laws of Switzerland, with registered office at Grabenstrasse 25, 6340 Baar, Switzerland (VAT no. CHE-318.941.671), being the operator of the MooringMate platform, together with its subsidiaries and affiliates.
1.2 “Platform” means the MooringMate website, mobile applications, APIs, and all related digital services through which we connect Sailors with Providers and support the Ambassador Program.
1.3 “Services” means the digital intermediation, payment facilitation, listing, and communication services provided through the Platform.
1.4 “User” means any natural or legal person who has registered and holds an account on the Platform, in any of the roles defined below.
1.5 “Sailor” means a User who uses the Platform to discover, book, and pay for mooring services at Buoys listed by Providers.
1.6 “Provider” means a User who lists one or more Buoys on the Platform and offers mooring services to Sailors in exchange for compensation.
1.7 “Ambassador” means a Sailor enrolled in our Referral Program who refers Providers to the Platform and earns commissions on eligible bookings.
1.8 “Buoy” means a mooring point (typically a buoy, berth, or similar fixed facility) listed by a Provider on the Platform.
1.9 “Booking” means a reservation created by a Sailor for the use of a specific Buoy over defined dates.
1.10 “Booking Amount” means the total amount payable by the Sailor for a Booking, inclusive of platform commission and applicable taxes, in minor currency units (cents).
1.11 “Commission” means the percentage-based fee retained by MooringMate from each Booking Amount, or paid to an Ambassador under the Referral Program, as applicable.
1.12 “Payout” means the disbursement of funds due to a Provider or Ambassador following completion of Bookings and, where applicable, clearance of commissions and refunds.
1.13 “Personal Data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection law (including the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR)).
1.14 “Applicable Law” means all laws, regulations, and rules applicable to the relevant User, the Platform, or the Services, including data protection, consumer protection, tax, maritime, sanctions, and anti-money-laundering legislation.
2. Acceptance
By creating an account on the Platform, you represent that you have read, understood, and agreed to be bound by this document in its entirety, as it applies to your User role. If you do not agree, you must not access or use the Platform.
3. Eligibility
You may only register and use the Platform if:
- you are at least 18 years of age and have full legal capacity;
- you are not prohibited from using the Platform under Applicable Law;
- you, your business, and the services you offer are not located in, ordinarily resident in, established in, or carried out from a country or territory that is subject to comprehensive sanctions or embargoes (currently including Crimea, the so-called Donetsk and Luhansk regions, Cuba, Iran, North Korea, Russia, Belarus, and Syria), and you are not a person or entity designated on any applicable sanctions list;
- the information you provide during registration is accurate, complete, and kept current; and
- you comply, at all times, with the obligations applicable to your User role.
4. Account Security
You are solely responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify MooringMate promptly of any suspected unauthorized access or security breach. We will not be liable for any loss or damage arising from your failure to safeguard your credentials.
5. Modifications
MooringMate may amend this document from time to time. Material changes will be communicated by email or through the Platform at least thirty (30) days before they take effect. Your continued use of the Platform after the effective date of any amendment constitutes acceptance of the amended terms. If you do not accept an amendment, you must cease use of the Platform and may close your account.
6. Governing Law and Jurisdiction
This document is governed by and construed in accordance with the substantive laws of Switzerland, without regard to its conflict-of-laws rules and excluding the United Nations Convention on Contracts for the International Sale of Goods. Any dispute shall be resolved first through good-faith negotiation and, failing resolution within thirty (30) days, before the competent courts of the Canton of Zug, Switzerland, save where mandatory consumer protection law confers an alternative forum on you.
7. Contact
Questions, complaints, data protection requests, and legal notices should be addressed to:
MooringMate AG
Grabenstrasse 25, 6340 Baar, Switzerland
VAT no. CHE-318.941.671
Email: info@mooringmate.com
Website: https://mooringmate.com
This Privacy Policy explains how we collect, use, share, retain, and protect Personal Data when you use the Platform. It applies to all Users. Role-specific provisions are set out in Section 12.
8. Data Controller
The data controller responsible for Personal Data processed through the Platform is:
MooringMate AG
Grabenstrasse 25, 6340 Baar, Switzerland
VAT no. CHE-318.941.671
Email: info@mooringmate.com
MooringMate AG determines the purposes and means of processing in respect of Personal Data processed through the Platform, in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR). Where we act as a data processor on behalf of Users (for example, in relation to messaging between Sailors and Providers), we will do so in accordance with Applicable Law. Our payment processors (Stripe and PayPal) act as independent data controllers for the processing they carry out for their own payment, fraud-prevention, identity-verification, and regulatory purposes, as described in their respective privacy notices.
9. Data We Collect
9.1 Data You Provide Directly
- Identity and contact data: name, email address, phone number, country, postal address, preferred language;
- Authentication data: hashed password, third-party sign-in identifiers (Google, Apple, Facebook), email verification status;
- Profile data: avatar image, display name, preferred currency, preferred units (metric/imperial);
- Role-specific data: as described in Section 12.
9.2 Data Generated Through Use
- Transaction data: Bookings, payments, Payouts, refunds, cancellations, receipts, and related timestamps;
- Communication data: in-app messages, notifications, review content, and support correspondence;
- Content you submit: photos, videos, reviews, reports, and other material uploaded to the Platform (stored on Amazon Web Services S3).
9.3 Data Collected Automatically
- Device and log data: IP address, browser type, operating system, session identifiers, referring URL;
- Usage data: pages viewed, searches, filter selections, map interactions;
- Diagnostic data: error reports and performance metrics (via Sentry, with sensitive headers redacted);
- Cookies and similar technologies: as described in our cookie notice and governed through Cookiebot consent management.
10. Purposes and Legal Bases
We process Personal Data for the following purposes and on the following legal bases (under the FADP and, where applicable, Article 6 GDPR):
- Performance of a contract: to register your account, operate the Platform, process Bookings and payments, execute Payouts, and provide Services you request;
- Legitimate interests: to prevent fraud and abuse, secure the Platform, improve our Services, and conduct analytics;
- Legal obligation: to comply with tax, accounting, sanctions screening, anti-money-laundering, and other regulatory obligations, and to respond to lawful requests by public authorities;
- Consent: for optional communications, cookies, and processing activities for which consent is the appropriate basis (withdrawable at any time).
11. Data Sharing and Recipients
11.1 Between Users. To enable the Services, limited Personal Data is shared between Users: for example, a Provider receives the Sailor's name, contact details, and vessel information necessary to fulfill a Booking; a Sailor sees the Provider's business name and public contact.
11.2 Payment Processors. Payments are collected, and Payouts to Providers and Ambassadors are facilitated, through our payment processors Stripe, Inc. and PayPal (Europe) S.à r.l. et Cie, S.C.A. and their group companies. These processors handle payment details, perform identity verification and fraud screening, and facilitate the flow of funds and the disbursement of amounts due to Providers and Ambassadors. They act as independent controllers for those activities under their own terms and privacy notices. MooringMate does not store raw card numbers or PayPal credentials.
11.3 Service Providers (Processors). We share Personal Data with other third-party processors acting on our instructions under written data-processing terms:
- Infrastructure: Amazon Web Services (hosting, database, storage, secrets management);
- Communications: SendGrid (transactional email);
- Monitoring: Sentry (error and performance tracking);
- Maps and analytics: Google (Maps display, Analytics, OAuth);
- Consent management: Cookiebot;
- Referral attribution: Rewardful (for Ambassadors only);
- CRM, where enabled: HubSpot.
11.4 Legal and Regulatory Disclosure. We may disclose Personal Data where required by Applicable Law, legal process, or to protect the rights, property, or safety of MooringMate, our Users, or others.
11.5 Business Transfers. Personal Data may be transferred in connection with a merger, acquisition, reorganization, or sale of assets, subject to confidentiality and continuity of protection.
11.6 No Sale of Personal Data. We do not sell Personal Data.
12. Role-Specific Data Processing
12.1 Sailors
Additional data processed for Sailors:
- Vessel data for each registered boat: name, brand, model, boat type, dimensions (LOA, beam, draft, weight), hull material, registration number, IMO, MMSI, flag state, port of registry, radio call sign;
- Owner and skipper data: owner contact information, skipper name and phone, emergency contact, insurance carrier, policy number, insurance expiry;
- Vessel documents: registration and insurance certificates, stored on AWS S3;
- Payment methods: tokenized card references and PayPal vault identifiers (we never store raw card numbers or PayPal passwords);
- Booking content: check-in/check-out dates, vessel snapshot at time of booking, booking status history.
12.2 Providers
Additional data processed for Providers:
- Business and tax data: business name, business address, public contact email, tax identifiers, and any additional information required for tax reporting;
- Onboarding and verification data: information collected to vet Providers before onboarding and to satisfy sanctions, anti-money-laundering, and payment-processor know-your-customer (KYC) requirements;
- Buoy listing data: name, description, GPS coordinates, vessel acceptance limits, pricing model and rates, seasonal pricing, discounts, cancellation terms, amenities, photos;
- Payment account data: Stripe Connect account identifiers, PayPal merchant identifiers, verification status, capabilities, and payout history;
- Team data: invited team member names, email addresses, and assigned permissions.
12.3 Ambassadors
Additional data processed for Ambassadors:
- Program data: ambassador status, enrollment dates, agreed commission rate, referral identifier (Rewardful);
- Payout account data: Stripe Connect Express (EU/UK) or PayPal (other regions) account details and verification status;
- Referral and earnings data: referred Providers, their bookings, monthly earnings aggregates, payout status, transfer identifiers.
13. International Transfers
We are established in Switzerland. Where Personal Data is transferred outside Switzerland or the European Economic Area to a country that does not provide an adequate level of protection, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses, together with the Swiss addendum recognized by the Swiss Federal Data Protection and Information Commissioner) to ensure a level of protection equivalent to that required under the FADP and the GDPR.
14. Retention
We retain Personal Data only for as long as necessary to fulfill the purposes set out in this Privacy Policy, or as required under Applicable Law (including tax and accounting retention obligations). In particular:
- Active account data is retained for the duration of the account;
- Deleted account data is soft-deleted and retained for a reasonable period to satisfy legal, accounting, and dispute-resolution obligations;
- Financial records are retained as required by Applicable Law;
- Records associated with Stripe or PayPal accounts may be subject to the retention requirements of those processors.
15. Security
We implement appropriate technical and organizational measures to protect Personal Data, including encryption in transit (TLS), hashed password storage (bcrypt), role-based access control, input validation, parameterized database queries, and credential management through AWS Secrets Manager. No system is perfectly secure; you must also take reasonable steps to protect your account.
16. Your Rights
Subject to the conditions set out in Applicable Law, you have the following rights:
- Access — to obtain a copy of Personal Data we hold about you;
- Rectification — to correct inaccurate or incomplete data;
- Erasure — to request deletion of Personal Data, subject to retention obligations;
- Restriction and Objection — to limit or object to certain processing;
- Portability — to receive Personal Data in a structured, machine-readable format;
- Withdraw Consent — where processing is based on consent;
- Lodge a Complaint — with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, where the GDPR applies, your competent EU data protection authority.
To exercise these rights, contact info@mooringmate.com. We will respond within the timeframes required by Applicable Law (typically thirty (30) days).
17. Children
The Platform is not directed to, and may not be used by, persons under the age of 18. We do not knowingly collect Personal Data from minors.
Last Updated: June 9, 2026
Contact: info@mooringmate.com