Yachtee is a recruitment platform, so profile, application and contact data may be shared with employers or crew where the platform workflow calls for it. We do not sell personal data. Please also read our Terms of Service and Cookie Policy.
Summary
Recruitment dataCrew profiles, CVs, documents, applications, references and employer listings are processed to run the recruitment platform.
VisibilityPublic crew profiles are visible on the web when enabled. Employer candidate views and application views can include fuller crew data.
Service providersWe use providers for hosting, file storage, email delivery, payments, maps, analytics and AI-assisted processing.
ControlYou can update profile data, visibility, communication preferences and cookie preferences, and you can contact us to exercise privacy rights.
Controller
The controller for Yachtee is Yacht Career Hub OÜ, trading as Yachtee. You can contact us at [email protected].
Employers who receive candidate data through Yachtee may also act as independent controllers for their own recruitment, hiring, employment and compliance activities. Referees who submit references should expect their comments to be visible to the crew member and to employers reviewing that crew profile where the product permits it.
Data we collect
Account and auth
Email address, role, verification status, authentication sessions, device, IP address, browser, approximate location, last-active metadata and security logs.
Crew profile
Name, headline, profile photo, contact details, location, availability, date of birth, gender, height, weight, relationship status, smoking, tattoos, hobbies, social links, public username, visibility settings and profile summary.
Crew documents
CVs, passport country and expiry data, visas, residence, certificates, qualifications, references, licenses, uploaded files, sanitised parsed text, guest-upload asset records, profile media and video profile files. Some documents may contain sensitive data, such as medical fitness information, if you choose to upload them.
Preferences
Desired positions, yacht types and sizes, contract types, bases, itineraries, couples preferences, salary expectations, alert preferences and communication preferences.
Applications
Cover letters, CVs, profile snapshots, availability, location, applicant email, partner applicant data for couple applications, application status, employer notes, withdrawal reasons, rejection feedback, interview scheduling details, guest application sessions, email verification state and uploaded public application assets.
References
Referee name, company, position, email, phone number, relationship, verification answers, strengths, weaknesses, recommendation, decline reasons, timestamps and minimal reference-link activity metadata such as IP address, user agent, browser, operating system, device and approximate location.
Employer data
Employer contact details, job title, account type, verification state, yacht, fleet, agency, company or management-company details, job listings, Pro listing brief requests, selected registry entity summaries, listing durations, notification recipients, admin fulfilment notes and hiring workflow data.
Billing
Stripe customer and subscription IDs, plan, payment status, checkout sessions, payment intents, invoices, refunds, discounts, billing address, VAT data where provided, card brand and last four digits, and links between payments and paid listing or Pro brief requests. We do not store full card numbers.
Email and analytics
Notification preferences, job alert records, campaign recipient status, unsubscribe choices, email open and click events, imported contact consent notes, blog visit IDs, scroll depth, read time, Google Analytics page and funnel events, referrer host and UTM parameters.
Sources
- Data you enter, upload or generate while using Yachtee.
- Data extracted from CVs and documents you upload, including parsed text and AI-generated prefill suggestions.
- Data submitted by employers, applicants, partner applicants, referees, notification recipients, Pro brief buyers and administrators.
- Data from service providers, such as Stripe payment status, SendGrid email events, Google Places location suggestions, analytics signals and AI processing responses.
- Public or third-party data where relevant to employer entity records, yacht or company search, security, fraud prevention or platform administration.
How we use data
Accounts, authentication, onboarding and core platform use
Contract necessity and legitimate interests in operating a secure recruitment platform.
Crew profiles, public profiles, applications, employer candidate search and reference verification
Contract necessity, legitimate interests in recruitment workflows, and consent or explicit consent where required for public visibility or optional sensitive documents.
Employer verification, fraud prevention, rate limiting, abuse monitoring and security
Legitimate interests and legal obligations.
Pro brief intake, administrator-created employer workspaces or listings, fulfilment notes, paid-listing operations and Pro match emails with CV attachments
Contract necessity, legitimate interests in operating paid recruitment services, and legal obligations for billing and accounting.
Payments, invoices, refunds, accounting and tax records
Contract necessity and legal obligations.
Notifications, job alerts, transactional emails and service messages
Contract necessity and legitimate interests. Non-essential email categories can be changed or unsubscribed from.
Marketing emails, imported email contacts and campaign measurement
Consent or legitimate interests where permitted, with opt-out and suppression controls.
Analytics, campaign attribution and product improvement
Consent where required for cookies or local storage, and legitimate interests in understanding platform performance.
AI-assisted parsing, profile prefill, career tools, interview preparation, job-specific assessment rubrics and candidate suitability support
Contract necessity and legitimate interests in providing recruitment support tools, with consent or explicit consent where required for optional sensitive inputs.
Sharing
We share personal data only where needed to provide, secure, improve or comply with the platform. Categories of recipients include:
- Employers and their authorised recipients when crew apply, are visible in candidate search or make profile data available through Yachtee.
- Crew members and employers where reference, application, interview, rejection or hiring workflow features require it.
- Service providers for hosting, databases, file storage, email delivery, payments, AI processing, maps, consented analytics, logging, monitoring and infrastructure operations.
- Administrators, contractors or advisors who need access for support, moderation, accounting, legal, security or platform administration.
- Authorities, courts, regulators or counterparties where we believe disclosure is required by law or needed to protect rights, safety, users or the platform.
Some providers may process data outside the European Economic Area. Where required, we rely on adequacy decisions, standard contractual clauses or other safeguards for international transfers.
AI and assessments
Yachtee uses AI-assisted tools to parse CVs, prefill profiles, generate optional career content, support interview preparation and assess candidate suitability for certain paid employer listings. Inputs may include profile data, CV text, job requirements, application materials and employer-defined suitability rules. For paid listing assessments, Yachtee may compile and store a job-specific assessment rubric, model version details and an evidence-map style output so later applications to the same current job version can be assessed consistently.
AI output is used as a support signal and should be reviewed by a person. Outputs shown to employers may include suitability labels or scores, short reasons, summaries, strengths, gaps, points to confirm and the source context used for assessment. Yachtee does not make final hiring or rejection decisions solely by automated processing. Employers remain responsible for lawful, fair and human-reviewed recruitment decisions.
Cookies and analytics
We use necessary storage for authentication, security and requested app functionality. With your consent, we also use first-party analytics storage for blog engagement, Google Analytics 4 for aggregate page and funnel measurement, and marketing attribution storage for campaign links. You can review and change choices in the Cookie Policy.
Google Analytics may receive technical information such as page URL, referrer, browser/device details, approximate location derived by Google, consent state and event parameters for sign-in, onboarding, applications and checkout. Yachtee does not intentionally send names, email addresses, CV contents or direct profile details to Google Analytics.
Email campaigns may include open pixels and tracked links so we can understand delivery, engagement and unsubscribes. You can unsubscribe from non-transactional emails through email links or account communication settings where available.
Retention
We keep personal data for as long as needed for the purposes described in this policy, including providing accounts, preserving applications, supporting employer records, complying with accounting and legal duties, resolving disputes, preventing abuse and keeping suppression lists.
- Account, profile and employer workspace data is generally kept while the account is active, then deleted or anonymised when no longer needed unless legal or platform-safety reasons require retention.
- Account closure deletes or anonymises active account data where possible, while submitted applications, employer listings, payments, invoices, suppression records and audit records may be retained in anonymised or minimised form where needed.
- Submitted applications and hiring workflow records may be kept so employers and applicants retain recruitment history and so Yachtee can operate audit, support and dispute workflows.
- Pro listing brief requests, admin fulfilment notes and linked listing records are kept as part of the paid recruitment service and related billing, support and audit history.
- Guest application sessions expire after a short operational period, but a submitted application may remain as a recruitment record.
- Payment, invoice, refund and accounting records are kept for legally required accounting and tax periods.
- Suppression and unsubscribe records are retained so we can honour opt-out choices.
- Backups and logs are deleted on rolling schedules unless they are needed for security, legal or incident response reasons.
Your rights
Depending on your location and the data involved, you may have rights to access, correct, delete, restrict, object to or port your personal data. You may also withdraw consent where processing is based on consent. Withdrawal does not affect processing that already happened lawfully before withdrawal.
To exercise rights, contact [email protected]. We may need to verify your identity before acting on a request. You also have the right to lodge a complaint with a supervisory authority. In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate.
Security
We use technical and organisational measures designed to protect personal data, including role-based access controls, JWT authentication, httpOnly refresh-token cookies, rate limiting, service-to-service secrets, file validation, private file storage patterns and administrative access controls.
No online service can be completely secure. Please use a secure email account, keep your devices protected and contact us promptly if you suspect unauthorised access.
Changes
We may update this policy as the platform, providers, laws or workflows change. When changes are material, we will take reasonable steps to notify registered users or highlight the update on the site.