Privacy Policy

We use the information we collect for the following specific purposes:

• To respond to your inquiries: when you submit a contact form, we use your name, email, and message to reply to your question, provide travel advice, or address your feedback. We aim to respond within 48 hours
• To deliver newsletter content: if you subscribe, we send periodic emails featuring curated London recommendations, new articles, event highlights, seasonal guides, and exclusive content. Emails are sent no more than twice per week
• To personalise your experience: we use your language preference (English or Arabic) to display the Website in your chosen language and to ensure content, navigation, and layout direction (LTR/RTL) match your selection
• To improve our Website and content: we analyse aggregated, anonymised analytics data to understand which articles, guides, and recommendations are most useful, identify technical issues, optimise page load times, and plan future content
• To display relevant recommendations: analytics data helps us understand what types of London experiences our audience is most interested in, allowing us to prioritise and curate content accordingly
• To maintain Website security: we monitor for unusual traffic patterns, potential abuse, and security threats to protect both our Website and our users

We work with trusted third-party service providers who process data on our behalf or whose services are integrated into our Website:

• Google Analytics (Google LLC): provides website analytics and reporting. Google processes anonymised usage data under its own privacy policy. Data may be processed in the United States. Google is certified under the EU-US Data Privacy Framework
• Supabase (Supabase Inc.): provides our database hosting and backend infrastructure. Contact form submissions and newsletter email addresses are stored securely in Supabase-managed databases with row-level security, encryption at rest, and encrypted connections
• Vercel (Vercel Inc.): provides our web hosting, content delivery network (CDN), and serverless functions. Vercel processes server logs including anonymised request data. Vercel's infrastructure spans global edge locations for fast page delivery
• Email marketing service: we use a third-party email service to manage newsletter subscriptions and deliver emails. Your email address is shared with this provider solely for the purpose of sending you the newsletters you subscribed to
• Stripe (Stripe Inc.): processes payments for digital products and e-documents purchased through our shop. Stripe collects payment card details directly and processes them under its own privacy policy. We do not store full card numbers on our servers. Stripe is PCI-DSS Level 1 certified
• Affiliate partners (Boatbookings, Click&Boat, GetYourGuide, Booking.com, and select yacht charter and hotel booking platforms): we link to these partners within our content. When you click through, your interaction with their platform is governed by their own terms and privacy policies. We receive anonymised commission reports but no personal data about your purchases

Transparency is important to us. Please be aware of the following regarding our affiliate relationships:

• Zenitha Yachts participates in affiliate programmes with booking partners including Boatbookings, Click&Boat, GetYourGuide, Booking.com, and select yacht charter and hotel booking platforms. When you click an affiliate link on our Website and make a purchase or booking, we may earn a commission
• This commission comes from the affiliate partner, not from you. Clicking an affiliate link does not increase the price you pay. In some cases, we may be able to offer exclusive discounts or deals through our affiliate partnerships
• Our editorial recommendations are completely independent of our affiliate relationships. We recommend venues, experiences, and services based on genuine personal experience and editorial judgement. We will never recommend something solely because it offers a higher commission
• Affiliate links are clearly present within our recommendations and content. Where a page contains affiliate links, we display a disclosure notice informing you of this fact
• Commission revenue helps us sustain Zenitha Yachts as a free resource, fund our editorial team's research, and continue producing high-quality bilingual content for our readers

We retain your personal information only for as long as necessary for the purposes described in this policy:

• Contact form submissions: we retain your name, email address, and message content for 12 months from the date of submission to allow for follow-up correspondence and quality assurance. After 12 months, submissions are permanently deleted from our database
• Newsletter subscriptions: we retain your email address for as long as you remain subscribed. When you unsubscribe (via the link in any newsletter email or by contacting us), your email address is removed from our mailing list within 7 days
• Analytics data: usage data collected through Google Analytics is retained according to Google's default data retention settings (14 months for user-level data). We do not extend this retention period. Aggregated, non-identifiable analytics reports may be kept indefinitely
• Cookie consent preferences: your consent choices are stored locally in your browser and persist until you clear your browser data or update your preferences via the cookie consent banner
• Language preference: stored in your browser's local storage indefinitely until you change it or clear your browser data. This data never leaves your device

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of access: you can request a copy of all personal data we hold about you. We will provide this within 30 days of your request at no charge
• Right to rectification: if any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. Contact us and we will update your information promptly
• Right to erasure ("right to be forgotten"): you can request that we delete all personal data we hold about you. We will comply within 30 days, subject to any legal obligations requiring us to retain certain data
• Right to restrict processing: you can ask us to temporarily stop processing your personal data while we address a concern or verify data accuracy
• Right to data portability: you can request your personal data in a structured, commonly used, machine-readable format (e.g. CSV or JSON)
• Right to object: you can object to our processing of your data for analytics or direct marketing purposes at any time
• Right to withdraw consent: you can withdraw your cookie consent at any time via our cookie consent banner. You can unsubscribe from our newsletter at any time via the unsubscribe link in any email. Withdrawal does not affect the lawfulness of processing carried out before withdrawal
• To exercise any of these rights, please contact us at hello@zenithayachts.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

We take the security of your personal data seriously and implement appropriate technical and organisational measures:

• SSL/TLS encryption: all data transmitted between your browser and our Website is encrypted using HTTPS (TLS 1.2+). This protects your information during transmission, including contact form submissions and newsletter sign-ups
• Secure hosting on Vercel: our Website is hosted on Vercel's enterprise-grade infrastructure with automatic DDoS protection, edge caching, and secure deployment pipelines. Vercel maintains SOC 2 Type 2 compliance
• Database security via Supabase: personal data is stored in Supabase-managed PostgreSQL databases with row-level security policies, encryption at rest (AES-256), encrypted database connections (SSL), and automatic backups
• Access controls: access to personal data (e.g. contact form submissions, newsletter subscriber lists) is restricted to authorised team members only, using strong authentication
• Regular review: we periodically review our security practices and the security postures of our third-party service providers to ensure your data remains protected

Protecting children's privacy is important to us:

• Zenitha Yachts is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13
• If you are a parent or guardian and believe your child has provided personal information to us (e.g. via the contact form or newsletter sign-up), please contact us at hello@zenithayachts.com and we will promptly delete such information
• Our Website content is designed for adults and young adults planning travel to London. While families with children may find our family-friendly guides useful, we expect a parent or guardian to manage any interaction with our services on behalf of minors

As we use international service providers, your data may be transferred outside the United Kingdom:

• Google Analytics: data may be processed by Google in the United States. Google participates in the EU-US Data Privacy Framework, providing adequate safeguards for data transfers
• Supabase: database infrastructure may be hosted in AWS data centres in the EU (Frankfurt) or US regions, depending on configuration. Supabase implements appropriate safeguards including standard contractual clauses
• Vercel: our Website is served from Vercel's global edge network, with primary processing in the United States. Vercel complies with standard contractual clauses for international data transfers
• We ensure that any international transfer of personal data is protected by appropriate safeguards as required by UK GDPR, including standard contractual clauses, adequacy decisions, or certification frameworks

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements:

• When we make material changes to this policy, we will update the "Last updated" date at the top of this page
• For significant changes that affect how we process your personal data, we may also notify you via a banner on the Website or, if you are a newsletter subscriber, via email
• We encourage you to review this policy periodically to stay informed about how we protect your information
• Your continued use of the Website after changes are posted constitutes your acceptance of the updated policy

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your information, please get in touch:

• Email: hello@zenithayachts.com
• Location: London, United Kingdom
• We aim to respond to all privacy-related inquiries within 30 days
• If you are not satisfied with our response, you have the right to contact the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113