Effective date: 09|01|2025

Who we are: SpinOut Yacht Club, Pier 40, South Beach Harbor, San Francisco, California

SpinOut Yacht Club respects your privacy. We do not sell your data. We do not sell aggregate data either. We may share de-identified, grouped demographics in proposals, grants, loans, and sponsorship materials. We explain how and why below.

1. Scope and who this applies to

This policy covers visitors, riders, members, gift card holders, event guests, corporate clients, and job applicants who interact with SpinOut through our website, booking platforms, email, phone, or in person.

2. The data we collect

Information you give us

  • Identity and contact details like name, email, phone, and emergency contact

  • Booking and membership data like dates, times, package type, preferences

  • Waiver and safety data like age, height, weight, swim comfort, medical considerations you choose to disclose

  • Payment details handled by our payment processor. We do not store full card numbers

  • Communications like emails, texts, call recordings if required for training and safety

  • Photos or videos captured during activities when you have not opted out

Information we collect automatically

  • Device and usage data like IP, browser, pages viewed, and approximate location

  • Cookies or similar tools for session management and analytics

Information from partners

  • Booking platforms and marketplaces that you use to book with us

  • Email service, customer support, and survey tools used to manage your account

3. How we use your data

  • To deliver services you request like bookings, rentals, classes, and events

  • To run our membership program and account features

  • To verify identity and manage safety, waivers, incident reports, and insurance

  • To send service messages like confirmations, schedule changes, and weather updates

  • To send opt-in marketing like newsletters and offers. You can unsubscribe at any time

  • To improve operations, plan staffing, and maintain equipment

  • To comply with law, tax, permits, and harbor rules

4. What we never do

  • We do not sell your personal information

  • We do not sell de-identified or aggregate information

  • We do not allow third parties to reidentify de-identified data

  • We do not use or share photos for facial recognition

5. Limited sharing with service providers

We use trusted vendors to operate our services. They process data under our instructions and cannot use it for their own purposes.

Typical providers include:

  • Booking and scheduling like PeekPro or similar

  • Waivers and forms like Smartwaiver or similar

  • Website and hosting like Squarespace or similar

  • Email service like Mailchimp or similar

  • Cloud storage and collaboration like Dropbox or similar

  • Phone and messaging like OpenPhone or similar

  • Payments through a secure payment processor

Bookings made through marketplaces like Airbnb Experiences or ClassPass are also subject to those companies’ privacy policies. They act as independent controllers for the data you give them.

6. Demographics we may share in grouped form

We sometimes share only de-identified and aggregated statistics for proposals, grants, loans, and sponsorships. Examples:

  • Total riders per season

  • Zip code or neighborhood counts

  • Age group and participation counts

  • Percentage of first-time riders

  • Scholarship and community program counts

De-identification safeguards

  • We remove direct identifiers like name, email, phone, and exact timestamps

  • We combine data into groups and only publish cohorts with at least 15 people

  • We contractually prohibit reidentification and secondary use

7. Legal bases and consent

Where required, we rely on your consent. In other cases we process data to perform a contract with you, to meet legal obligations, or for our legitimate interests like safety, fraud prevention, and improving services.

8. Cookies and analytics

We use necessary cookies for login and booking, plus analytics to understand site performance. You can control cookies in your browser. If you block all cookies some features may not work.

9. Data retention

We keep data only as long as needed for the purposes below, then delete or de-identify it.

  • Account and booking records: life of account plus 2 years

  • Waivers and incident reports: 7 years to support safety and insurance

  • Payment records and invoices: 7 years for tax and accounting

  • Marketing preferences and unsubscribes: until you ask us to remove them

  • Site analytics: 12 to 24 months, then de-identified

  • Photos used in marketing: until you opt out or request deletion

10. Your privacy choices

  • Access and portability. Ask for a copy of your data

  • Correction. Ask us to fix inaccurate information

  • Deletion. Ask us to delete data where allowed

  • Limit use of sensitive data. You can limit use of medical or safety notes you provided

  • Marketing opt-out. Unsubscribe from emails at any time. For SMS reply STOP

  • Photo opt-out. Tell us before your session or later by email and we will remove future marketing use

Contact us to exercise these rights. We will verify your request and respond within the time required by law.

11. California privacy notice

For California residents, we follow the California Consumer Privacy Act as amended by the CPRA.

  • We do not sell personal information

  • We do not share personal information for cross-context behavioral advertising

  • You can request access, correction, deletion, and limit of sensitive data

  • Authorized agents can submit requests on your behalf

  • We honor applicable browser or device signals where the law requires it

To submit a request use the contact methods below. We will verify identity before acting.

12. Children’s privacy

Our services are for people 13 and older. We do not knowingly collect data from children under 13. If we learn that we have data from a child under 13, we will delete it.

13. Security

We apply reasonable technical and organizational safeguards.

  • Encryption in transit and at rest where supported by the vendor

  • Least-privilege access and role-based controls

  • Vendor risk screening and confidentiality obligations

  • Staff training and standard operating procedures

  • Incident response plan and legal notifications if a breach creates risk of harm

No system is perfectly secure, but we work to prevent and detect issues quickly.

14. International visitors

We are based in the United States. If you access our services from outside the US, your information will be processed in the US. If required, we use appropriate safeguards for transfers.

15. Third party links and platforms

Our website and messages may link to third party sites or apps. Their privacy practices are their own. Review their policies before providing information.

16. Changes to this policy

We may update this policy to reflect changes in services or law. We will post the new date at the top. Material changes will be highlighted.

17. Contact us

Privacy requests and questions

Email: [Insert privacy email]

Phone: [Insert phone]

Address: SpinOut Yacht Club, Pier 40, South Beach Harbor, San Francisco, CA

 
Cart (0)