Privacy Policy
Last updated: 8 June 2026
This Privacy Policy explains how BRUK SHOP LTD ("we", "us", "our"), trading as SkAIpper, collects and uses your personal data when you use the SkAIpper website and app (the "Service").
Data controller: BRUK SHOP LTD (Company No. 15716483), trading as SkAIpper.
Contact: contact@skaipper.co.uk
1. What data we collect
- Account data: name, email, phone (optional), password (stored only as an encrypted hash), profile photo (optional).
- Boat & service data: boats you add, maintenance records, compliance dates and documents, manuals you upload.
- Messages: conversations between boat owners and engineers within the Service.
- Subscription & payment data: your plan and subscription status. Card payments are handled by Stripe — we never see or store your full card details.
- Technical data: authentication cookie and standard server logs (e.g. IP address) needed to run and secure the Service.
2. Why we use your data
- To provide the Service — performance of a contract.
- To manage subscriptions and payments — contract / legal obligation.
- Customer support and follow-up — legitimate interests.
- Security, fraud prevention and improvement — legitimate interests.
- Marketing about SkAIpper — consent, or soft opt-in for existing customers. You can opt out at any time via the unsubscribe link in every marketing email.
3. We do not sell your data
We do not sell, rent or trade your personal data, and we do not share it with any third party for their own marketing. We only use your data for our own customer support, follow-up and marketing as described above. We do use a small number of trusted service providers who process data on our behalf, under contract, strictly to operate the Service (see section 4). This is processing, not selling.
4. Service providers (sub-processors)
We use the following providers to operate the Service, each under a Data Processing Agreement:
- Stripe — payment processing & subscriptions.
- Supabase — database & file storage.
- Railway — API hosting.
- Vercel — website hosting.
- Resend — transactional email.
- Anthropic — AI-powered diagnosis features (Claude). Only boat and maintenance data you explicitly submit to the AI assistant is processed.
- ImprovMX — inbound email forwarding for our address.
5. International transfers
Some providers process data outside the UK (e.g. the US). Where this happens, we rely on appropriate safeguards (such as the UK–US Data Bridge or the UK extension to the EU Standard Contractual Clauses) to protect your data.
6. How long we keep your data
We keep your data for as long as you have an account. If you delete your account, we delete your personal data, except where we must retain certain records (e.g. payment and tax records) for legal or accounting purposes for the period required by law.
7. Your rights
Under UK GDPR you have the right to access, correct, delete, and receive a portable copy of your data, and to object to or restrict processing and withdraw consent. You can exercise the main rights in the app under Account & Privacy(download your data / delete your account), or by emailing contact@skaipper.co.uk. You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
We use a single strictly necessary cookie to keep you logged in securely. It does not track you and does not require consent. We do not currently use analytics or advertising cookies. If we add any in future, we will ask for your consent first.
9. Security
We protect your data with encryption in transit (HTTPS), hashed passwords, secure httpOnly authentication cookies, access controls and other appropriate measures.
10. Changes
We may update this policy. We will post the new version here and update the date above.
11. Contact
Questions about this policy or your data: contact@skaipper.co.uk.
