← Back

SEAK Tours

Privacy Policy

Last updated: April 10, 2026

Short version:

Your raw GPS coordinates (latitude/longitude) are processed on your device and never sent to our servers. We do receive which named tour stops you visited and when — see Section 3 for details.
We collect your email (via Stripe), basic session data (which stops you visited, how long you stayed), and optional survey responses.
We may sell anonymized, aggregated tour analytics to tourism industry buyers. This data cannot identify you personally.
You can opt out of data sale at any time using the "Do Not Sell My Data" toggle in the app, or by emailing privacy@seaktours.com.
We honor Global Privacy Control (GPC) browser signals automatically.

SEAK Tours LLC ("SEAK Tours," "we," "us," or "our") operates a GPS-triggered audio walking tour for cruise passengers in Ketchikan, Alaska. This policy explains what data we collect, why, how long we keep it, who we share it with, and what rights you have. We wrote this to be readable, not to hide behind legal jargon.

1. Location Data (GPS)

The app uses your device's GPS to automatically play audio narration when you arrive at a tour stop.

Your raw GPS coordinates are never transmitted to any server. All real-time location processing happens entirely on your device.
We do collect session-level behavioral data — specifically, which tour stops you arrived at, what time you arrived, and how long you stayed at each stop. This data is sent to our server to help us improve the tour and to generate anonymized tourism analytics.
We do not collect continuous GPS tracks, precise coordinates, or movement paths between stops. We only know that you reached a stop — not the route you walked to get there.
Location data is not stored on your device between sessions. When you close the app, on-device position data is discarded.
You may deny location permissions. The tour can still be used manually via the stop list, but GPS-triggered auto-play will not work.

2. Payment Data

All payment processing is handled by Stripe, Inc. SEAK Tours never sees, stores, or transmits your credit card number, bank details, or any sensitive payment information.

When you tap "Purchase Tour," you are redirected to a Stripe-hosted payment page. Your payment details are entered directly on Stripe's servers.
After payment, Stripe sends us a confirmation that the transaction was completed. We receive a session ID and your email address — no card details.
Email address. We collect and store the email address you provide during Stripe checkout. We use it solely for purchase receipts, support, and important tour updates. We do not sell or share your email with third parties for marketing.
For Stripe's privacy practices, see: stripe.com/privacy

3. Session and Behavioral Data

When you take the tour, we collect the following session data to improve the experience and generate aggregated tourism analytics:

Stop arrivals — which stops you visited and when
Dwell times — approximately how long you spent at each stop
Route choice — which tour route you selected
Tour completion — whether you finished the tour and how many stops you visited
Device type and browser — general information about the device used (e.g., "iPhone, Safari")

This data is linked to a random session ID, not to your name or email. After 30 days, raw session data is permanently deleted. Before deletion, it is aggregated into anonymized statistical summaries that cannot be traced back to any individual (see Section 5 below).

4. Optional Data (Survey and Feedback)

After the tour, you may optionally complete a survey (age range, home region, party size, cruise ship) and/or submit feedback via Google Forms. Both are entirely optional with no effect on your tour experience. Survey responses are included in anonymized analytics. Feedback is processed by Google — see Google's Privacy Policy. If you use a referral code, we record the code and whether the discount was applied — this is not shared with third parties.

5. Data Sale and Sharing — Anonymized Analytics

We want to be straightforward about this: we may sell anonymized, aggregated tourism analytics derived from session data to third-party buyers. These buyers may include: cruise line operators, port authorities, local tourism boards (e.g., Ketchikan Visitors Bureau), municipal economic development offices, academic researchers studying tourism patterns, and hospitality industry consultants.

What "anonymized and aggregated" means in plain language

Before any data is shared with a buyer, we strip out anything that could identify you. Individual session records are combined into statistical summaries — for example, "65% of visitors on Tuesday spent more than 10 minutes at the Creek Street stop." No buyer ever receives data about a specific person's tour. We apply industry-standard anonymization techniques (k-anonymity with a minimum group size of 50) and test to confirm that individuals cannot be re-identified from the published data.

What is never sold

Your name, email address, or payment information — never
Raw GPS coordinates or movement tracks — never
Any data that could identify a specific individual — never

Your right to opt out

Under the California Consumer Privacy Act (CCPA) and other privacy laws, you have the right to opt out of the sale of your personal information. Even though the analytics we sell are anonymized, we respect this right broadly. See Section 10: Your Rights below for how to opt out.

6. Data Stored on Your Device and Servers

The app stores data in your browser's localStorage: tour progress, unlock status, voice preference, and privacy settings. This data never leaves your device. You can clear it anytime via browser settings — clearing removes your unlock (contact us with your receipt to restore).

Our hosting provider (Vercel) retains standard server access logs (IP addresses, request timestamps) for security and abuse prevention per their retention policies. These are not used for marketing or analytics.

7. Your Rights

Depending on where you live, you may have some or all of the following rights:

Right to know — Request a copy of the personal data we hold about you.
Right to delete — Request deletion of your personal data (unless we have a legal obligation to retain it).
Right to opt out of data sale — Use the "Do Not Sell My Data" toggle in Privacy Settings, email privacy@seaktours.com with subject "Do Not Sell," or enable Global Privacy Control (GPC) in your browser (we honor GPC automatically).
Right to data portability (EU/UK) — Receive your data in a machine-readable format (JSON/CSV).
Right to restrict processing (EU/UK) — Request we limit processing while verifying your data or assessing our interests.
Right to non-discrimination — We will never charge more, deny service, or degrade your experience for exercising any privacy right.

How to submit a request: Email privacy@seaktours.com. We verify identity via your Stripe receipt email. Response time: 45 days (California/CCPA), 30 days (EU/UK/Canada/all others).

8. Data Retention

We keep different types of data for different lengths of time:

Data Type	Retention Period
Raw session data (stop arrivals, dwell times)	30 days, then permanently deleted
Anonymized aggregate analytics	Kept indefinitely (cannot identify individuals)
Email address (from Stripe)	Until you request deletion, or 3 years after your last purchase, whichever comes first
Stripe session ID	Same as email address
Survey responses (optional)	30 days as raw data, then anonymized into aggregates
Feedback (Google Forms)	Retained by Google per their policies; we review and delete our copy within 1 year
Referral code usage	1 year for program measurement, then deleted
Consent records	5 years for legal and audit purposes
Server logs (Vercel)	Per Vercel's retention policy (typically 30 days)
localStorage (on your device)	Until you clear your browser's site data

9. Categories of Personal Information (CCPA Disclosure)

The following table describes the categories of personal information we collect, as defined by the California Consumer Privacy Act:

Category	Examples	Collected	Sold
Identifiers	Email address, Stripe session ID	Yes	No
Geolocation data	Stop arrival events (not raw GPS coordinates)	Yes	Only in anonymized, aggregated form
Internet or electronic network activity	Device type, browser, pages viewed	Yes	Only in anonymized, aggregated form
Commercial information	Purchase record, referral code usage	Yes	No
Inferences	Tour completion rate, dwell time patterns	Yes	Only in anonymized, aggregated form
Demographic information (optional survey)	Age range, home region, party size	Only if you choose to submit a survey	Only in anonymized, aggregated form
Financial information	Credit card details	No — handled entirely by Stripe	No
Sensitive personal information	Health data, biometrics, precise geolocation	No	No

In the preceding 12 months, we have not sold personal information that directly identifies any individual. Anonymized aggregate analytics derived from session data may be sold to the categories of buyers listed in Section 6.

10. Cookies, Tracking, and GPC

SEAK Tours does not use cookies for tracking or advertising. No Google Analytics, no Facebook Pixel, no tracking scripts. Our payment processor (Stripe) and hosting provider (Vercel) may set functional cookies. We honor Global Privacy Control (GPC) signals automatically — if your browser sends GPC, we treat it as an opt-out of data sale.

11. Children's Privacy

SEAK Tours is a general-audience walking tour designed for adults. We do not knowingly collect personal information from children under 13 years of age (or under 16 for residents of the EU/UK).

The app does not require account creation or registration by any user.
Purchase is made through Stripe, which requires a valid payment method (effectively restricting purchase to adults).
We do not knowingly sell the personal information of consumers under 16 years of age.
If we learn that we have collected personal information from a child under 13, we will delete that information promptly.
If you believe a child has provided us with personal information, please contact us immediately at privacy@seaktours.com.

12. International Visitors and Cross-Border Data Transfers

SEAK Tours serves cruise passengers from around the world, including visitors arriving from Canada, the EU/UK, and other international ports. Your data is processed and stored in the United States.

Legal basis for data processing

We process your data under the following legal bases:

Contract performance — Processing your email address (via Stripe), purchase verification, and basic tour delivery is necessary to perform the contract you entered into when purchasing the tour. This applies regardless of your country of residence.
Consent — Collection of session analytics (which stops you visited, dwell times) and any sale of anonymized aggregated data is based on your consent, provided through the consent dialog before the tour begins. You may withdraw consent at any time without affecting the lawfulness of prior processing or your ability to use the tour.
Legitimate interest — Server logs and basic security monitoring are processed under our legitimate interest in maintaining service availability and preventing abuse.

Cross-border transfer safeguards

EU/UK visitors (GDPR/UK GDPR): The transfer of your data to the United States is necessary for the performance of the contract between you and SEAK Tours — specifically, the delivery of the tour you purchased — pursuant to Article 49(1)(b) of the GDPR. For data processed under consent (analytics), the transfer is based on your explicit consent pursuant to Article 49(1)(a). You have the right to lodge a complaint with your local data protection authority.
Canadian visitors (PIPEDA): We collect and use your data only for the purposes described in this policy, and only with your knowledge and consent. Your data is transferred to the United States for processing. We take reasonable steps to ensure your data is protected in accordance with PIPEDA's accountability principle.
Other international visitors: By purchasing and using the tour, you consent to the transfer, processing, and storage of your data in the United States. We apply the same privacy protections described in this policy to all users regardless of their country of origin.

13. Data Breach Notification

In the event of a data breach compromising your personal information, we will: notify affected individuals without undue delay via email, notify relevant data protection authorities within 72 hours (GDPR) and per California Civil Code § 1798.82, and provide a clear description of the breach, data affected, and measures taken. Because we collect minimal personal data (email and anonymous session data only), breach scope is inherently limited — we store no passwords, payment details, or raw GPS coordinates.

14. Changes to This Policy

For material changes (new data collection categories, new sharing types), we will notify you in the app at least 14 days before changes take effect. The "Last updated" date at the top reflects the most recent revision.

15. Privacy Officer and Contact

Privacy Officer: Doug, Founder & Privacy Officer, SEAK Tours LLC

Privacy questions, data requests, or complaints:

privacy@seaktours.com

California residents: We will respond within 45 days.
EU/UK residents: We will respond within 30 days.
All others: We will respond within 30 days.