Privacy Notice

Effective date: April 22, 2026

This notice explains what personal information Worldwide Yachtsman collects through worldwideyachtsman.com (the "Site"), why we collect it, what we do with it, and what rights you have over it. The Site is operated by Worldwide Yachtsman ("we," "us," or "our").

We wrote this in plain language. If you find something unclear, tell us — we will either explain it or fix it.

This notice sits alongside our Terms of Use, which govern how you may use the Site, and our Cookies Notice, which explains the small files we set on your device. The three documents together describe the full relationship between you and Worldwide Yachtsman.

A plain-language summary

If you only read one section, read this one.

We run a classified listing site for yachts. The information we collect is limited and straightforward. We collect what you type into forms. We collect standard analytics data about how people use the Site, so we can make it work better. We use cookies. We do not sell your personal information. We do not trade your email address. We do not run targeted advertising against your behavior across other sites. If you are in the EU, the UK, California, or another jurisdiction with meaningful privacy rights, those rights apply, and we honor them.

If you want the detail, the rest of this notice provides it.

Part One — Who This Notice Covers

This notice covers everyone who uses the Site — whether you are a visitor browsing listings, a seller who has created an account to post vessels, a buyer sending inquiries, or a passive reader of our content. It applies regardless of where you are located, though some of the rights described later depend on your jurisdiction.

This notice does not cover:

• Third-party websites we link to. Their privacy practices are their own.
• Personal information you provide directly to a seller outside of the Site (for example, during an in-person inspection or through a separate email exchange). Once you communicate outside our platform, we no longer control what happens to that information.
• The privacy practices of companies that advertise or integrate with the Site but operate their own data collection. Where those companies are identified, their own notices apply.

If you are applying for a job with Worldwide Yachtsman, a separate notice applies to the information you submit through our hiring process. Ask for it directly and we will provide it.

Part Two — What We Collect

We collect three categories of information: what you give us, what we observe, and what we receive from third parties.

Information you give us

When you interact with the Site, some information is provided by you directly. This includes:

Account information. If you create an account, we collect the name, email address, password, and any profile details you enter. Sellers may also provide a business name, contact phone number, and location.

Listing information. If you post a vessel, we collect everything you enter in the listing — the description, specifications, photographs, price, and any additional documents you upload. This information is intended to be public, and by posting it you are making it so.

Inquiries and messages. If you send an inquiry through our contact forms, we collect the message, the time you sent it, and the listing it relates to. We also collect your name and contact information if you provided them.

Correspondence with us. If you email us, submit a support request, or report a problem, we retain that correspondence and any information you include in it.

Information we observe

When you use the Site, we automatically collect technical and usage information. This includes:

Device and connection data. Your IP address, approximate location (derived from the IP address, not GPS), browser type and version, operating system, and device type.

Usage data. Pages you view, the time you spent on them, the order in which you visited them, how you arrived at the Site (for example, from a search engine, social media, or a direct link), and where you went when you left. We use Google Analytics and similar tools to gather this information in aggregate.

Cookie data. Small identifiers stored on your device that help us remember your preferences, keep you logged in, measure traffic, and understand how the Site is used. Our Cookies Notice explains this in more detail, including which cookies are strictly necessary and which you can decline.

Information we receive from third parties

In limited circumstances, we receive information about you from sources other than you. These include:

• Analytics providers who measure aggregate Site traffic on our behalf.
• Fraud prevention services that flag suspicious activity, accounts, or listings.
• Social media platforms, if you use a social login feature (we do not currently offer this, but we may in the future).
• Publicly available sources, used only to verify information in a listing if we have reason to doubt its accuracy.

We do not buy personal information from data brokers.

Part Three — Why We Collect It

Every category of data we collect has a purpose. We do not collect information to accumulate it, sell it, or trade it. Specifically:

To operate the Site. Account credentials let you log in. Listing data lets us display listings. Inquiry data routes messages to the right seller. Device and connection data protect against abuse and keep the Site secure.

To improve the Site. Aggregate usage data tells us which listings are hard to find, which pages are slow, and which features are actually used. None of this requires identifying individual users.

To communicate with you. When you submit an inquiry, we send you a confirmation. When you create an account, we send a welcome email. When there is a problem with your account, we let you know. We may also send occasional administrative messages — security notices, policy updates, or service announcements — that you cannot opt out of because they are part of operating the Site.

For marketing, only if you opt in. If we launch marketing emails in the future, they will be separately consented to. You will be able to opt out at any time through a link in every marketing message, or by contacting us directly. We will not repurpose your account email as a marketing channel without your explicit agreement.

To prevent fraud and abuse. We analyze patterns that suggest fake listings, spam inquiries, account takeovers, or scraping. This is in everyone's interest — yours included.

To comply with the law. We respond to valid legal process, preserve records when required, and disclose information when we have a legal obligation to do so.

Legal bases for processing (EU and UK residents)

If you are in the European Economic Area or the United Kingdom, we rely on the following lawful bases under the GDPR and UK GDPR:

• Contract. Processing necessary to provide the Site to you — displaying listings, routing inquiries, maintaining your account.
• Legitimate interests. Security, fraud prevention, analytics, product improvement, and limited internal administration. We have assessed these interests against your rights and believe our use is proportionate; if you disagree, you can object.
• Consent. Non-essential cookies, future marketing communications, and any processing we describe elsewhere as requiring your permission.
• Legal obligation. Tax records, law enforcement response, regulatory compliance.

You can withdraw consent at any time for activities that rely on it, without affecting the lawfulness of processing before you withdrew it.

Part Four — Who We Share It With

We share information only when we have a reason to, and only with parties who are either necessary to the Site or required by law. Specifically:

Other users, when you make information public. If you post a listing, the content of that listing is visible to anyone who visits the Site. If you send an inquiry, the seller of the vessel you asked about receives the message and whatever contact information you included in it. This is how the Site works, not a backdoor.

Service providers. We use third-party vendors to host the Site, deliver email, process analytics, protect against fraud, and perform other operational functions. These vendors receive only the information they need to perform their service and are contractually required to protect it. Current categories include:

• Hosting and infrastructure
• Email delivery
• Analytics (currently Google Analytics)
• Error monitoring and security
• Customer support tools

A list of our current service providers is available on request.

Law enforcement and legal process. We disclose information when we have a good-faith belief that disclosure is necessary to comply with a valid legal demand, to protect the rights or safety of users or the public, to enforce our Terms of Use, or to investigate fraud or abuse. Where legally permitted, we notify affected users in advance.

Business successors. If Worldwide Yachtsman is acquired, merged, or reorganized, user information may transfer to the successor as part of the transaction. The successor will be bound by this notice or will notify you of material changes and give you a chance to object.

What we do not do

• We do not sell personal information in any sense that a reasonable person would call a "sale."
• We do not rent, trade, or share your contact information with advertisers for their own marketing.
• We do not allow third-party advertisers to build behavioral profiles of you across other sites using our data.
• We do not repurpose information given for one reason (say, account registration) for a completely different reason (say, marketing to you without consent).

Part Five — Cookies and Tracking

The Site uses cookies and similar technologies. Some are strictly necessary to operate the Site (for example, keeping you logged in). Others are optional and help us understand how the Site is used.

Our full Cookies Notice explains which cookies we set, what they do, how long they persist, and how you can control them. You can also manage cookie preferences through the cookie banner that appears when you first visit the Site, and you can change those preferences at any time through your browser settings.

We honor Global Privacy Control (GPC) signals from browsers that send them. If your browser indicates that you do not consent to the sale or sharing of personal information, we treat that as a valid opt-out.

We do not currently use behavioral advertising cookies or cross-site tracking pixels. If this changes, we will update this notice and the Cookies Notice, and we will require affirmative opt-in consent from EU and UK residents before activating any such tracking.

Part Six — How Long We Keep It

We keep information only as long as we need it. Specific retention periods:

• Account data. For as long as your account is active, plus up to 24 months after account closure for fraud prevention, dispute resolution, and legal compliance.
• Listing data. For as long as the listing is live, plus up to 12 months after removal. Archival copies of completed or expired listings may be retained indefinitely in a de-identified form for analytics.
• Inquiry and message data. 24 months from the date of the message, then deleted unless subject to a legal hold.
• Analytics data. Aggregated and anonymized. Individual-level raw data from analytics providers is retained according to their defaults (typically 14 months for Google Analytics).
• Correspondence with support. 36 months from the date of the last interaction.
• Marketing opt-out records. Indefinitely, so we can honor your opt-out.
• Records required by law. For the period required by applicable law (for example, financial records are typically retained seven years).

When retention periods expire, we delete or anonymize the information. Deletion from backups may take longer than deletion from active systems — up to 90 days — and that is normal and acceptable under most privacy frameworks.

Part Seven — How We Protect It

We use reasonable technical, administrative, and physical safeguards to protect the information we hold. These include encryption in transit, access controls, activity logging, and vendor diligence on the third parties we work with.

We cannot guarantee perfect security. No service can. What we can promise is that we take the responsibility seriously, respond promptly to incidents, and notify affected users and regulators when required by law.

If you are reusing a password from another site, change it. If a service you use has been breached, your Site account may be at risk regardless of our defenses. Good personal security practices — unique passwords, two-factor authentication when we offer it, skepticism about unexpected emails — are a meaningful part of keeping your information safe.

Part Eight — Your Rights

Everyone who uses the Site has the right to understand what we hold and to ask us to change or delete it. Specific statutory rights depend on where you live.

Rights available to everyone

Regardless of jurisdiction, you can:

• Ask what personal information we hold about you.
• Correct information that is wrong.
• Ask us to delete information we no longer need.
• Export a copy of the information you provided.
• Close your account and stop using the Site.

To exercise any of these, contact us using the details at the end of this notice. We aim to respond within 30 days.

Rights under the EU and UK GDPR

If you are in the EEA or the UK, you have the statutory rights set out in Articles 15 through 22 of the GDPR (or UK GDPR):

• Right of access. A copy of your personal data and information about how we process it.
• Right to rectification. Correction of inaccurate data.
• Right to erasure ("right to be forgotten"). Deletion of data we no longer need or that we never had a valid basis to hold.
• Right to restrict processing. A pause on processing while a dispute is resolved.
• Right to data portability. Machine-readable export of data you provided.
• Right to object. To processing based on legitimate interests, including any direct marketing.
• Rights regarding automated decision-making. We do not make decisions about you by purely automated means that produce legal or similarly significant effects.

You also have the right to complain to a supervisory authority — typically the data protection authority in your country of residence, your place of work, or where the issue occurred.

Rights under California law (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share it with.
• Request a copy of the specific pieces of personal information we hold about you.
• Request deletion of your personal information.
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA, so this right is always honored by default. If that ever changes, we will provide a "Do Not Sell or Share My Personal Information" link.
• Limit the use of sensitive personal information. We do not collect sensitive personal information as defined by the CPRA.
• Non-discrimination for exercising these rights. We will not charge you different prices, provide lower-quality service, or otherwise penalize you.

To exercise California rights, contact us at the email address below with "California Privacy Request" in the subject line. We will verify your request and respond within 45 days, subject to one 45-day extension if the request is complex.

Rights under other state and national laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other jurisdictions with comprehensive privacy laws have similar rights. Residents of Canada have rights under PIPEDA. We handle all such requests through the same channel and apply the rights that the requestor's jurisdiction provides.

Part Nine — International Transfers

Worldwide Yachtsman is based in the United States, and the servers that host the Site are located in the United States. If you use the Site from outside the US, your information will be transferred to, stored in, and processed in the US.

The US does not have a comprehensive federal privacy law, and US data protection rules differ from those in the EU, UK, and other jurisdictions. When we transfer personal data from the EEA or the UK to the US, we rely on one or more of the following safeguards:

• Standard Contractual Clauses approved by the European Commission, incorporated into our agreements with service providers.
• The EU-US Data Privacy Framework and the UK Extension, where applicable.
• Additional technical and organizational measures such as encryption, pseudonymization, and access controls.

If you want more detail about a specific transfer, ask. We will tell you what safeguards apply.

Part Ten — Children

The Site is not intended for children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information to us, contact us and we will delete the account and associated data promptly.

Some jurisdictions treat "child" differently. Under US COPPA, the relevant age is 13. Under the UK GDPR, the age of digital consent is 13. Under the EU GDPR, member states set the age between 13 and 16. We apply 16 as our default, which satisfies the strictest of these.

Part Eleven — Changes to This Notice

We may update this notice from time to time. When we do, we will change the effective date at the top and post the new version on the Site. If the change is material — for example, if we begin collecting new categories of data, sharing data with new categories of recipients, or processing data for new purposes — we will notify you through a prominent notice on the Site and, where required by law, through email.

Your continued use of the Site after an update constitutes acceptance of the revised notice, subject to your right to withdraw consent or exercise other privacy rights at any time.

Part Twelve — How to Contact Us

Questions, privacy requests, and complaints should be directed to:

Worldwide Yachtsman — Attn: Privacy — jr@worldwideyachtsman.com

If you are in the EU or UK and prefer to contact a data protection representative in your region, let us know and we will provide current details. If you believe we have not adequately addressed your concern, you can lodge a complaint with your local data protection authority.

A note on revisions

The privacy landscape is changing quickly. New state laws in the US, new guidance under the GDPR, new rules around AI training data, and new expectations from users are shifting the ground under every privacy notice. We intend to revise this document when the law changes, when our practices change, or when we find a clearer way to say what we do. Every version will be posted openly and dated clearly.