Privacy Policy

1. Plain-English summary

We're a small software company in Mobile, Alabama. We build software that helps hunting and fishing guides run their businesses. To do that, we have to handle two kinds of personal information: the guide's own contact info, and the contact info of the customers who book trips with that guide.

• The guide owns their customer list. We're the host, not the marketer. We don't email a guide's customers about anything other than their booking with that guide, and we never sell or share customer data with anyone else.
• We use a small number of well-known sub-processors (Supabase, Cloudflare, Stripe, Twilio, Postmark or Resend, OpenWeather) to actually run the platform. They see only what they need to see to do their job, and they're each contractually bound not to repurpose the data.
• You can request a copy of your data, ask us to correct it, or ask us to delete it (subject to legal retention requirements like 7-year tax records). Charter accounts that close get a full data export and then deletion within 90 days.
• We don't run third-party advertising trackers. We log just enough to keep the platform working and to debug it.

The rest of this document spells those points out in more detail.

2. Who we are and what this covers

Guide Services ("Guide Services," "we," "us," or "our") operates the websites at goguideservices.com, fish.goguideservices.com, and hunt.goguideservices.com, as well as the per-charter websites and booking-management portal we build and host for the charters who use our software.

This Privacy Policy covers personal information we collect, store, use, or share through any of those surfaces. It applies to charters who sign up to use our software, customers who book trips through a charter's Guide-Services-hosted site, and visitors to any of our marketing or charter sites.

3. Data roles — controller vs processor

We treat data differently depending on whose data it is and whose decisions are driving its use.

• Charter account data (the guide's own name, email, phone, business license number, insurance carrier, Stripe Connect ID, etc.). We are the controller of this data — we collect it directly from the charter and use it to operate our platform, deliver software, bill, and support.
• End-customer data (the names, emails, phones, booking histories, and notes about the people who book trips with a charter). We are the processor of this data; the charter is the controller. The charter decides what to collect, how long to keep it, and how to communicate with their own customers. We host the data, render the UI, and run the booking software, but we don't decide what the charter does with their list.
• Visitor data (analytics on people who visit our marketing pages without signing in or booking). We are the controller. We keep this minimal — just enough to count traffic and debug.

If you're an end-customer asking about the data a specific charter holds about you, the first stop is that charter; they control your record. We can help if the charter is unresponsive or has gone out of business.

4. What we collect

4.1 Charter accounts

• Identity and contact: business name, owner name, email, phone, mailing address.
• Business credentials: guide license number, insurance carrier and policy number, captain license, federal tax ID. Used to verify the charter is a real, currently operating guide; not sold or shared.
• Payment-routing identifiers: Stripe Connect account ID, payout-method status, bank-account-verification status. We do not store the underlying bank account or card numbers — Stripe does.
• Site content: photos, copy, captain bios, trip descriptions, pricing, policies, anything the charter publishes on their Guide-Services-hosted site.
• Configuration: cancellation policy, refund policy, weather policy, fee model (pass-through vs absorb), sales-tax rate, allowed booking windows, captain assignments.
• Operational logs: when the charter signs in, what features they use, error reports.

4.2 End-customer data (held on behalf of charters)

• Identity and contact: name, email, phone, optionally a mailing address if the charter collects it.
• Booking history: trip type, date, party size, price, payment status, captain assigned, weather decisions, cancellations, no-shows.
• Charter-side notes: private notes the charter writes about a customer (e.g., "prefers offshore," "allergic to shellfish," "celebrating anniversary"). These are visible only to the charter's staff and to Guide Services support if the charter requests help.
• Waivers and signatures: if the charter uses our waiver feature, we store the signed waiver PDF and the metadata (signed-at timestamp, IP, signing party).
• Photos uploaded by customer: if the customer chooses to share trip photos through our software, we store them.
• Reviews: if the customer leaves a review, we store the rating, text, and reviewer name.

4.3 Payment data

Payments are processed by Stripe (Connect Express, where applicable). Card numbers, bank account numbers, and other payment-instrument data go directly to Stripe and never touch our servers. We store only the booking amount, the Stripe payment-intent ID, the platform-fee amount, and the timestamps and statuses Stripe gives us via webhook.

4.4 Visitor and operational data

• Server logs: IP address, user agent, request path, response status, response time. Retained for up to 90 days for security and debugging.
• Application logs: errors, slow queries, feature-usage counts. Anonymized where reasonably possible.
• Lead-capture form submissions on our marketing pages (your name, email, business name, what you're interested in). Used only to contact you about Guide Services.

5. How we use it

We use personal information to:

• Operate the platform — render bookings, send confirmations, take payments, generate reports.
• Support charters and customers when they email or call us.
• Bill charters for the software (Setup Fees, Subscription Fees, Platform Fees).
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations, including tax records, subpoenas, and court orders.
• Improve the software — understanding which features get used, where users get stuck, and what breaks. Where we look at data for product analytics, we aggregate and de-identify to the extent reasonable.

We do not use end-customer data to send marketing on our own behalf. We do not use end-customer data to train AI models, sell ads, or build profiles for resale. We do not let one charter see another charter's customer list — multi-tenant separation is enforced by row-level security on every database table.

6. Who we share it with

We share personal information only as follows:

• With the charter whose customer they are. The charter sees their own customers' bookings, notes, and contact info. They do not see customers of any other charter.
• With sub-processors — vendors that help us run the platform, listed in Section 7. Each is contractually bound to use the data only to deliver their service to us.
• With Guide Services support staff — owners and contractors who help us operate the platform. They have access only to what's needed to resolve a specific issue and are bound by confidentiality.
• With law enforcement when we are legally required to comply with a valid subpoena, warrant, or court order. We narrow our response to what the legal process actually requires and notify affected parties when we are legally permitted to.
• In a business transfer. If Guide Services is acquired or merged, customer data transfers to the acquirer subject to this Privacy Policy or a successor that is at least as protective. Charters are notified of any such transfer in advance.

We do not sell personal information.

7. Sub-processors

Guide Services uses the following sub-processors. Each is selected for narrow purpose, billing transparency, and security posture; each is bound by their own privacy commitments and a data-processing agreement with us.

This list will be updated as we add or change vendors. Charters using the platform when a material sub-processor change occurs will be notified by email.

8. Data retention and deletion

• While your charter account is active: we retain charter and end-customer data for as long as the charter uses the platform.
• After a charter terminates: we provide a full data export (CSV and PDF) within 30 days, then delete the charter's account, content, and end-customer records within an additional 60 days (90 days total from termination), except for records we are legally required to retain (e.g., billing and tax records — typically 7 years).
• Server and application logs: retained for up to 90 days, then deleted or aggregated.
• Backups: we keep encrypted backups for up to 30 days for disaster-recovery purposes; deletion requests propagate through the backup window on the next normal rotation.
• End-customer deletion requests: if an end-customer asks us to delete their data, we coordinate with the charter (the controller). We honor deletion within 30 days unless the charter asserts a legitimate retention basis (e.g., active dispute, pending refund, tax record).

9. Your rights and how to exercise them

Depending on where you live, you may have rights to:

• Access — request a copy of the personal information we hold about you.
• Correct — ask us to fix data that is wrong or out of date.
• Delete — ask us to delete your data, subject to legitimate retention requirements.
• Object — ask us to stop a particular processing activity.
• Port — receive your data in a machine-readable format.

To exercise any of these rights, email hello@goguideservices.com. We respond within 30 days. If you are an end-customer of a specific charter, we will route your request to the charter (the controller) and assist if needed.

You may also lodge a complaint with the consumer-protection agency in your state. We prefer to resolve concerns directly first if possible.

10. Security

We take reasonable measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. Specifically:

• All data in transit is encrypted via TLS 1.2 or higher.
• All data at rest in our database is encrypted via the underlying provider's at-rest encryption.
• Access between charters is enforced by row-level security on every table — a charter cannot read another charter's data, regardless of the query.
• Administrative access to production systems is limited to a small number of named individuals using multi-factor authentication.
• We log administrative actions for audit purposes.
• Payment instruments (cards, bank accounts) are handled by Stripe and never touch our servers.

No system is perfectly secure. If we discover a security incident affecting personal information, we will notify affected charters and end-customers as soon as practicable and as required by applicable law.

11. Cookies and tracking

We use a small number of cookies and similar technologies, all in service of running the platform:

• Authentication cookies — to keep charters and customers signed in across pages.
• Session cookies — to keep your shopping cart, in-progress booking, and form drafts intact while you browse.
• Preference storage — to remember UI choices like dark mode or list-vs-grid view.

We do not use third-party advertising trackers, retargeting pixels, or cross-site profiling cookies. We do not currently use a third-party analytics tracker; if we add one in the future, we will use one that respects user privacy and update this policy.

12. International transfers

Guide Services operates in the United States. Our primary infrastructure is hosted in the United States. End-users from outside the United States who use the platform do so understanding that their data is stored and processed in the United States, and that United States law will apply.

13. Children

Guide Services is intended for use by adults. We do not knowingly collect personal information directly from children under 13. If a parent or guardian books a trip on behalf of a child, the parent or guardian is the user of the platform, and the child's involvement on the trip itself is governed by the parent's consent and the charter's policies.

If you believe we have collected personal information directly from a child under 13, contact hello@goguideservices.com and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted here with the "Last updated" date at the top, and active charters will be notified by email at least 30 days before the change takes effect. Continued use after the change takes effect constitutes acceptance of the updated policy.

15. Contact

Questions about this Privacy Policy, requests to exercise a privacy right, or notices required by this policy should be sent to:

Guide Services
hello@goguideservices.com
Mobile, Alabama