Privacy Policy

Last updated: April 19, 2026

Short version:

Your live location is used by your device to trigger audio at tour stops. We do not store your continuous location on our servers — we record which named stops you reached and when.
We collect your email (via Stripe), basic session data (which stops you visited, how long you stayed), and optional survey responses.
Anonymized, aggregated tourism analytics derived from session data may, in the future, be shared with tourism-industry partners. No such sharing has commenced; this policy will be updated before any sharing begins.
You can opt out of any future data sharing at any time using the "Do Not Sell My Data" toggle in the app, or by emailing privacy@seaktours.com.
We honor Global Privacy Control (GPC) browser signals automatically.

SEAK Tours LLC ("SEAK Tours," "we," "us," or "our") operates a GPS-triggered audio walking tour for cruise passengers in Ketchikan, Alaska. This policy explains what data we collect, why, how long we keep it, who we share it with, and what rights you have. We wrote this to be readable, not to hide behind legal jargon.

1. Location Data (GPS)

The app uses your device's GPS to automatically play audio narration when you arrive at a tour stop.

Continuous location is processed on your device, not stored on our servers. The app reads your live position only to determine when you have reached the next stop.
We do collect session-level behavioral data — specifically, which tour stops you arrived at, what time you arrived, and how long you stayed at each stop. This data is sent to our server to help us improve the tour and to generate aggregated tourism analytics.
We do not store continuous GPS tracks, the route you walked between stops, or your position outside of stop arrival events.
Position data held in your browser's memory is discarded when the tour session ends.
You may deny location permissions. The tour can still be used manually via the stop list, but GPS-triggered auto-play will not work.

2. Payment Data

All payment processing is handled by Stripe, Inc. SEAK Tours never sees, stores, or transmits your credit card number, bank details, or any sensitive payment information.

When you tap "Purchase Tour," you are redirected to a Stripe-hosted payment page. Your payment details are entered directly on Stripe's servers.
After payment, Stripe sends us a confirmation that the transaction was completed. We receive a session ID and your email address — no card details.
Email address. We collect and store the email address you provide during Stripe checkout. We use it solely for purchase receipts, support, and important tour updates. We do not sell or share your email with third parties for marketing.
For Stripe's privacy practices, see: stripe.com/privacy

3. Session and Behavioral Data

When you take the tour, we collect a minimal set of session data sufficient to improve the experience and produce aggregated tourism analytics:

Stop arrivals — which stops you visited and when
Dwell times — approximately how long you spent at each stop
Route choice — which tour route you selected
Tour completion — whether you finished the tour and how many stops you visited
Technical and acquisition context — a non-identifying technical profile of the session, including device class, browser, operating system version, viewport dimensions, and (if you arrived via a marketing link) the campaign parameters appended to that link. This profile is used to ensure cross-device compatibility and to measure the effectiveness of our outreach. It is not used to track you across other websites.

Session data is associated with a randomly generated session identifier and is not linked, in our systems, to your name, email address, or payment record. Raw session data is retained on a rolling 30-day schedule, after which it is removed from active databases. System backups follow our hosting provider's standard schedule and are deleted no later than 30 days after the corresponding source records. The deletion job that enforces the 30-day window is being finalized for Season 1; until it is in place, deletion is performed on the same cadence on a manual basis.

4. Optional Data (Survey and Feedback)

After the tour, you may optionally complete a survey (age range, home region, party size, cruise ship) and/or submit feedback via Google Forms. Both are entirely optional with no effect on your tour experience. Survey responses are included in aggregated analytics. Feedback is processed by Google — see Google's Privacy Policy.

5. Data Sharing — Aggregated Tourism Analytics

SEAK Tours may, in the future, share aggregated tourism analytics derived from session data with tourism-industry partners — for example, port authorities, local tourism boards, and municipal economic-development offices. Any such sharing would consist exclusively of statistical summaries (e.g., aggregate dwell-time distributions across a route) and would not include data capable of identifying any individual.

No such sharing has commenced as of the date of this policy. We will update this Section, and provide reasonable advance notice in the app, before any sharing of analytics begins.

What is not shared

Your name, email address, or payment information — never
Continuous location data or movement tracks — never
Any data capable of identifying you as an individual — never

Your right to opt out in advance

Under the California Consumer Privacy Act (CCPA) and other privacy laws, you have the right to opt out of the sharing of your personal information. You may exercise this right preemptively. See Section 7: Your Rights below for how to opt out.

6. Data Stored on Your Device and Servers

The app stores data in your browser's localStorage: tour progress, unlock status, voice preference, and privacy settings. This data never leaves your device. You can clear it anytime via browser settings — clearing removes your unlock (contact us with your receipt to restore).

Our hosting provider (Vercel) retains standard server access logs (IP addresses, request timestamps) for security and abuse prevention per their retention policies. These are not used for marketing or analytics.

7. Your Rights

Depending on where you live, you may have some or all of the following rights:

Right to know — Request a copy of the personal data we hold about you, namely your purchase record (email address, Stripe transaction reference, and any correspondence you have sent us).
Right to delete — Request deletion of that purchase record, subject to any record-keeping obligations we have under tax, accounting, or fraud-prevention law.
Right to opt out of data sharing — Use the "Do Not Sell My Data" toggle in Privacy Settings, email privacy@seaktours.com with subject "Do Not Sell," or enable Global Privacy Control (GPC) in your browser (we honor GPC automatically).
Right to non-discrimination — We will never charge more, deny service, or degrade your experience for exercising any privacy right.

Scope note. Session and behavioral data described in Section 3 is collected without identifiers that link it to you in our systems, and we do not maintain a key by which it could be linked back to your purchase record. Access and deletion rights therefore apply to the purchase record described above; behavioral data is, by design, not subject to individual access or deletion requests because it cannot be associated with you. You may, however, opt out at any time from any future inclusion of session data in shared analytics, as described above.

How to submit a request: Email privacy@seaktours.com. We verify identity via your Stripe receipt email. Response time: 45 days for California residents (CCPA); 45 days for all other requests.

8. Data Retention

We keep different types of data for different lengths of time:

Data Type	Retention Period
Raw session data (stop arrivals, dwell times)	30 days, then permanently deleted
Anonymized aggregate analytics	Kept indefinitely (cannot identify individuals)
Email address (from Stripe)	Until you request deletion, or 3 years after your last purchase, whichever comes first
Stripe session ID	Same as email address
Payment records held by Stripe	Retained by Stripe under its own retention schedule, including periods required by tax, accounting, and anti-money-laundering law (typically up to 7 years). These obligations override any individual deletion request.
Survey responses (optional)	30 days as raw data, then aggregated
Feedback (Google Forms)	Retained by Google per their policies; we review and delete our copy within 1 year
Server logs (Vercel)	Per Vercel's retention policy (typically 30 days)
System backups	Follow our hosting provider's standard schedule and are deleted no later than 30 days after the corresponding source records.
localStorage (on your device)	Until you clear your browser's site data

9. Categories of Personal Information (CCPA Disclosure)

The following table describes the categories of personal information we collect, as defined by the California Consumer Privacy Act:

Category	Examples	Collected	Sold
Identifiers	Email address, Stripe session ID	Yes	No
Geolocation data	Stop arrival events (not continuous coordinates)	Yes	Not currently; aggregated sharing is planned — see Section 5
Internet or electronic network activity	Device type, browser, pages viewed	Yes	Not currently; aggregated sharing is planned — see Section 5
Commercial information	Purchase record	Yes	No
Inferences	Tour completion rate, dwell time patterns	Yes	Not currently; aggregated sharing is planned — see Section 5
Demographic information (optional survey)	Age range, home region, party size	Only if you choose to submit a survey	Not currently; aggregated sharing is planned — see Section 5
Financial information	Credit card details	No — handled entirely by Stripe	No
Sensitive personal information	Health data, biometrics, precise geolocation	No	No

In the preceding 12 months, we have not sold personal information that directly identifies any individual. Aggregated tourism analytics derived from session data may, in the future, be shared with the categories of partners described in Section 5; no such sharing has commenced as of the date of this policy.

Audio narration on the tour is produced with the assistance of synthetic voice technology.

10. Cookies, Tracking, and GPC

SEAK Tours does not use cookies for tracking or advertising. No Google Analytics, no Facebook Pixel, no tracking scripts. Our payment processor (Stripe) and hosting provider (Vercel) may set functional cookies. We honor Global Privacy Control (GPC) signals automatically — if your browser sends GPC, we treat it as an opt-out of data sale.

11. Children's Privacy

SEAK Tours is a general-audience walking tour designed for adults. We do not knowingly collect personal information from children under 13 years of age.

The app does not require account creation or registration by any user.
Purchase is made through Stripe, which requires a valid payment method (effectively restricting purchase to adults).
If we learn that we have collected personal information from a child under 13, we will delete that information promptly.
If you believe a child has provided us with personal information, please contact us at privacy@seaktours.com.

12. International Visitors

SEAK Tours is a United States business. Your data is processed and stored in the United States. By purchasing and using the tour, you consent to the transfer, processing, and storage of your data in the United States, and you agree that the privacy practices described in this policy apply to you regardless of your country of residence.

13. Data Breach Notification

In the event of a data breach compromising your personal information, we will notify affected individuals without undue delay by email, notify the relevant authorities as required by California Civil Code § 1798.82 and any other applicable U.S. law, and provide a clear description of the breach, the data affected, and the measures taken. Because we collect minimal personal data (email and pseudonymous session data only), breach scope is inherently limited — we store no passwords, no payment card numbers, and no continuous location data.

14. Changes to This Policy

For material changes (new data collection categories, new sharing types), we will notify you in the app at least 14 days before changes take effect. The "Last updated" date at the top reflects the most recent revision.

15. Privacy Officer and Contact

Privacy Officer, SEAK Tours LLC

Privacy questions, data requests, or complaints:

privacy@seaktours.com

We will respond to verified privacy requests within 45 days.