Eyesea Privacy Policy and Account Deletion

1. Introduction

Eyesea ("we", "our", "us") is operated by Eyesea New Zealand Inc, a company registered in New Zealand. We are committed to protecting your privacy in compliance with the New Zealand Privacy Act 2020, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App"), and how you can request deletion of your account and associated data.

2. Data Controller

Eyesea New Zealand Inc

  • Email: privacy@eyesea.org

  • Website: https://eyesea.org

  • Privacy Enquiries: privacy@eyesea.org

For EU users, we act as the Data Controller for your personal data.

3. Information We Collect

3.1 Personal Information

When you register for an account, we collect:

  • Email address

  • Username or display name

  • Country

  • User role (volunteer/seafarer)

  • Organization and vessel information (for seafarers)

3.2 Consent Records

We record:

  • Timestamp of your consent to data processing

  • Marketing communication preferences

  • Terms of Service acceptance timestamp

3.3 Location Data

We collect precise location data when you:

  • Submit a pollution report

  • View the map interface

  • Enable location services

Purpose & Legal Basis: Location data is used to geotag reports and show nearby pollution incidents. This processing is necessary for the performance of our service (GDPR Art. 6(1)(b)).

3.4 Photos and Media

When you submit a report, we collect:

  • Photos you capture or select

  • Photo metadata (EXIF data including date, time, device info)

  • Any descriptions you provide

3.5 Device Information

We automatically collect:

  • Device type and model

  • Operating system version

  • Unique device identifiers

  • App version

3.6 Usage Data

We collect information about how you use the App:

  • Features accessed

  • Time spent in app

  • Interaction patterns

4. Legal Basis for Processing (GDPR)

Data Type and Legal Basis

Account data: Contract performance (Art. 6(1)(b))

Pollution reports: Legitimate interest (Art. 6(1)(f)) - environmental protection

Location data: Contract performance (Art. 6(1)(b))

Marketing emails: Consent (Art. 6(1)(a))

Analytics: Legitimate interest (Art. 6(1)(f))

5. How We Use Your Information

We use collected information to:

  • Provide and maintain the service

  • Process and display pollution reports

  • Improve user experience

  • Send service-related communications

  • Send marketing communications (with your consent)

  • Detect and prevent fraud or abuse

  • Comply with legal obligations

6. Data Sharing

6.1 Public Information

Pollution reports (including photos and locations) may be displayed publicly on the map interface and shared with:

  • Other Eyesea users

  • Environmental organizations

  • Research institutions

  • Government agencies

6.2 Service Providers

We share data with third-party service providers who assist in:

  • Cloud hosting (Supabase - servers in AWS)

  • Map services (Mapbox)

  • Analytics

All service providers are bound by data processing agreements.

6.3 International Transfers

Your data may be transferred to and processed in countries outside your own, including the United States (cloud infrastructure). For EU users, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.

6.4 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes

  • Protect our rights or property

  • Ensure user safety

7. Data Retention

Data Type and Retention Period

Account Data: Until account deletion + 30 days

Pollution Reports: Indefinitely (for environmental research)

Usage/Analytics Data: 24 months

Consent Records: 7 years (legal compliance)

8. Your Rights

8.1 All Users

You have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Delete your account and data

  • Withdraw consent at any time

  • Opt-out of marketing communications

8.2 EU Users (GDPR)

Additional rights include:

  • Right to data portability

  • Right to restrict processing

  • Right to object to processing

  • Right to lodge a complaint with your local Data Protection Authority

To exercise these rights, contact: privacy@eyesea.org

8.3 California Users (CCPA)

You have the right to:

  • Know what personal information is collected

  • Know if personal information is sold or disclosed

  • Opt-out of the sale of personal information

  • Non-discrimination for exercising your rights

We do not sell personal information.

8.4 New Zealand Users

Under the Privacy Act 2020, you have the right to access and correct your personal information.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.3)

  • Encryption at rest

  • Secure cloud storage with SOC 2 certified providers

  • Access controls and authentication

  • Regular security assessments

10. Children's Privacy

The App is not intended for children under 16. We do not knowingly collect information from children under 16. If you believe we have collected such information, please contact us immediately at privacy@eyesea.org

11. Cookies and Tracking

The mobile App does not use cookies. We may use mobile analytics to understand app usage.

12. Third-Party Links

The App may contain links to third-party websites. We are not responsible for their privacy practices.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through the App or via email. Continued use after changes constitutes acceptance.

14. Account Deletion and Data Removal

14.1 Your Right to Delete Your Account

You have the right to request deletion of your Eyesea Reporting account and associated personal data at any time. This section explains how to exercise this right and what happens when you delete your account.

14.2 What Will Be Deleted

When you delete your account, the following data will be permanently removed:

  • Account Information:

  • Your user account credentials (email, password)

  • Your profile information (username, display name, country)

  • Your user role and preferences

  • Your organization and vessel information (if applicable)

  • User-Generated Content:

  • All pollution reports you have submitted

  • All photos and images associated with your reports

  • All descriptions and metadata you provided

  • Location Data:

  • All location data associated with your reports

  • Location preferences and settings

  • App Data:

  • Your app settings and preferences

  • Your authentication tokens and session data

  • Your device registration information

  • Communication Records:

  • Your marketing communication preferences

  • Your consent records (after legal retention period)

14.3 What Will Be Retained

The following data may be retained for legitimate purposes:

  • Anonymized Data:

  • Aggregated, anonymized statistical data that cannot be linked to you

  • Environmental research data with all personal identifiers removed

  • Legal Compliance:

  • Data required to be retained by law (e.g., financial records, consent records for 7 years as required by GDPR)

  • Data necessary for legal proceedings or investigations

  • Public Reports:

  • Pollution reports that have been shared publicly may remain visible on the map, but will be disassociated from your account

  • Photos and location data in public reports may remain for environmental research purposes, but will no longer be linked to your identity

14.4 How to Request Account Deletion

Method 1: Through the App (Recommended)

  1. Open the Eyesea Reporting app on your device

  2. Navigate to ProfileSettings

  3. Scroll to the Account section

  4. Tap Delete Account

  5. Read the warning message carefully

  6. Confirm your decision by entering your password or following the on-screen verification

  7. Your account will be marked for deletion immediately

Method 2: By Email Request

If you cannot access the app or prefer to request deletion via email:

  1. Send an email to privacy@eyesea.org

  2. Use the subject line: "Account Deletion Request"

  3. Include the following information:

  • Your registered email address

  • Your username (if different from email)

  • A statement confirming you want to delete your account

  • Any additional verification information if requested

    We will process your request within 30 days and send you a confirmation email once deletion is complete

14.5 Account Deletion Process and Timeline

Immediate Actions (Within 24 hours):

  • Your account will be marked as "pending deletion"

  • You will no longer be able to log in

  • Your profile will no longer be visible to other users

Data Removal (Within 30 days):

  • All personal data will be permanently deleted from our active systems

  • All backups containing your data will be purged in the next backup cycle

  • You will receive a confirmation email once deletion is complete

Retention Period:

  • Some data may be retained for up to 30 days after your deletion request for:

    • Security and fraud prevention purposes

    • Legal compliance requirements

    • System backup cycles

After 30 days, all data will be permanently removed except for:

  • Anonymized data used for research

  • Data required by law to be retained

14.6 Important Considerations

Warning: Account deletion is permanent and cannot be undone.

Before deleting your account, please consider:

  • Backup Your Data: If you want to keep copies of your reports or photos, download them before deletion

  • Active Subscriptions: If you have any active subscriptions or services, they will be cancelled

  • Public Content: Reports you've submitted may remain visible on the map but will be disassociated from your account

  • Re-registration: You can create a new account after deletion, but you cannot recover your previous data

14.7 Data Portability (Before Deletion)

If you want to receive a copy of your data before deletion:

  1. Contact us at privacy@eyesea.org

  2. Request a "Data Export" in the subject line

  3. We will provide you with a machine-readable copy of your data within 30 days

  4. This includes:

    • Your profile information

    • Your pollution reports (as JSON)

    • Your preferences and settings

14.8 Cancelling a Deletion Request

If you change your mind within 7 days of requesting deletion:

  1. Contact us immediately at privacy@eyesea.org

  2. Provide your account email address

  3. Request "Cancel Account Deletion"

  4. We will restore your account if deletion has not yet been complete

After 7 days, account deletion cannot be cancelled as the process will have already begun.

14.9 Third-Party Data

Please note that if you have shared content through third-party integrations or social media, you may need to delete that content separately through those platforms.

15. Contact Us

For privacy-related inquiries, account deletion requests, or to exercise your rights:

For urgent privacy matters or data breach notifications, please mark your email as "URGENT" in the subject line.

By using Eyesea, you acknowledge that you have read and understood this Privacy Policy and Account Deletion Policy. If you have any questions or concerns, please contact us at privacy@eyesea.org.