Galleyo·by Victual← Back home

Privacy Policy

Last updated: 26 April 2026

⚠ This is a placeholder privacy policy for the beta. A final policy reviewed by qualified counsel will replace this before public launch and live billing.

This Privacy Policy describes how Victual (“we”, “us”, “our”) collects, uses, and shares information when you use the Galleyo service (the “Service”).

1. Information we collect

  • Account info: email address, password (hashed), name, role.
  • Vessel data: vessel names, IMO numbers, flag, length overall, crew assignments.
  • Operational data: inventory, orders, recipes, menus, supplier records, guest preferences you enter.
  • Billing info: handled by Stripe; we never store full card numbers.
  • Technical info: IP address, browser type, device, log files for security and debugging.

2. How we use information

  • Provide and maintain the Service.
  • Authenticate you and protect your account.
  • Process payments via Stripe.
  • Send transactional emails (confirmation, password reset, billing).
  • Improve the product (anonymous, aggregated usage analytics only).
  • Detect, prevent, and respond to fraud or abuse.

3. Where data is stored

Your data is hosted on Supabase (Postgres) in Frankfurt, Germany (eu-central-1). Data does not leave the EU unless you explicitly request it (e.g., an export). We are GDPR-aware by default.

4. Sharing

We share data only with these processors, all under written agreements:

  • Supabase — database, auth, file storage.
  • Stripe — payment processing.
  • Email provider — transactional emails (provider TBD before launch).
  • Hosting — Vercel, for application delivery.

We do not sell, rent, or trade your data with anyone.

5. Your rights

If you are in the EU, UK, or another GDPR-aligned jurisdiction, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (right to be forgotten).
  • Export your data in a portable format.
  • Object to or restrict processing.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@galleyo.app.

6. Retention

Active account data is retained for as long as your subscription is active. After cancellation, we keep your data for 30 days to allow reactivation, then permanently delete it. Anonymised aggregate analytics may be retained longer.

7. Cookies

We use a small number of essential cookies for authentication (session management) and security. We do not use third-party advertising or tracking cookies.

8. Children

Galleyo is a B2B service intended for professional yacht crews. The Service is not directed at children under 16, and we do not knowingly collect data from children.

9. Changes to this policy

We will post material changes here and notify active users by email. Your continued use of the Service after a change constitutes acceptance of the updated policy.

10. Contact

Victual (operator of Galleyo)
Email: privacy@galleyo.app