Privacy Notice
Last updated: July 14, 2026
1. Who we are
Wheelhouse is operated by Brandon Dasan Sitzes, a sole proprietor ("we", "us", "our"). We are the data controller for personal data processed through the Service. Contact us via the channel provided at sign-up for privacy inquiries.
2. Personal data we collect
- Account data — email address, display name, and authentication credentials.
- Vessel and trip data — vessel names, air draft, saved trip routes.
- Submitted content — bridge clearance readings, closure reports, passage logs, notes.
- Usage & telemetry — pages viewed, actions taken, error diagnostics, device and browser identifiers.
- IP address — used for security, abuse prevention, and rough geographic diagnostics.
- Support messages — any content you send us for support.
- Billing metadata — customer ID, subscription status, and plan (payment card data is collected directly by Paddle, not by us).
3. Purposes and legal bases
- Providing the Service — account creation, sign-in, showing you saved data (contract performance).
- Security & fraud prevention — protecting the Service and other users (legitimate interests).
- Product improvement — analyzing usage to fix bugs and improve features (legitimate interests).
- Customer support — responding to inquiries (legitimate interests / contract).
- Billing and tax compliance — via Paddle as reseller (contract / legal obligation).
- Legal compliance — responding to lawful requests (legal obligation).
4. Data sharing
We share personal data only with the following categories of recipients:
- Merchant of Record — Paddle, which handles payments, subscription management, tax compliance, invoicing, and refunds on our behalf.
- Infrastructure providers — our hosting, database, authentication, and file-storage subprocessors used to operate the Service.
- Analytics and error monitoring — service providers that help us understand usage and diagnose errors.
- Professional advisers — legal and accounting advisers, under duties of confidentiality.
- Authorities — where required by law or to protect rights, safety, or property.
We do not sell personal data.
5. Data retention
We keep account and content data for as long as your account is active, plus a reasonable period afterward for backups, dispute resolution, and legal compliance. Billing records are retained for the period required by applicable tax law. When personal data is no longer needed, we delete or anonymize it. You can request account deletion at any time.
6. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You may also withdraw any consent you have given. To exercise these rights, contact us using the details above. We will respond within the period required by applicable law.
7. Security
We use appropriate technical and organizational measures — including encryption in transit, database-level row security, and access controls — to protect personal data. No system is perfectly secure, so we cannot guarantee absolute protection.
8. International transfers
Our subprocessors, including Paddle, may process personal data outside your country of residence, including in the United States and European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
9. Cookies
We use strictly necessary cookies and local storage to keep you signed in and to remember interface preferences. We do not currently use advertising or cross-site tracking cookies. If we add analytics cookies in the future, we will update this Notice and provide appropriate controls.
10. Changes to this Notice
We may update this Privacy Notice from time to time. Material changes will be communicated through the Service or by email.