This is a courtesy English translation. The German version at skipily.app/datenschutz is legally binding.
Privacy Policy
As of: April 2026 · Version 2.0
This privacy policy informs you about the processing of your personal data when using the mobile app Skipily (iOS), the web portals (app.skipily.app, provider.skipily.app, admin.skipily.app) and the website skipily.app.
1. Controller
Controller within the meaning of Art. 4 No. 7 GDPR:
SKIPILY GmbH
Nordstraße 6
57578 Elkenroth, Germany
Email: info@skipily.app
2. Overview of processing
We process personal data only to the extent necessary to provide the app and its related services, or where you have expressly consented. We do not sell your data.
3. Data collected
3.1 During registration / sign-in
- Name (optional)
- Email address
- Password (stored encrypted, bcrypt)
- With „Sign in with Apple“: pseudonymised Apple ID and (optionally) name/email
3.2 When using the app
- Boat data (name, type, dimensions, equipment, photos)
- Maintenance plans and history
- Favourite lists (service providers)
- Order and payment history (shop, bookings)
- Profile picture / avatar (optional)
- Chat histories with the AI assistant (incl. optional ratings to improve quality)
- Location data (only when actively using the map/search function, after explicit iOS consent)
- Camera / photo library access (only when uploading your own photos, after explicit iOS consent)
3.3 As a service provider / dealer
- Company name, address, contact details, service catalogue
- Logo and cover image
- Stripe Connect account data for payouts
3.4 Automatically collected data
- Device type, iOS version, app version
- Time of access
- IP address (anonymised in server logs)
- Crash reports (see section 5 – Sentry)
4. Legal bases
- Art. 6(1)(b) GDPR – performance of a contract (registration, app functions, payment processing)
- Art. 6(1)(a) GDPR – consent (location, camera, AI chat feedback, push notifications)
- Art. 6(1)(f) GDPR – legitimate interest (IT security, error diagnosis, abuse prevention)
- Art. 6(1)(c) GDPR – legal obligation (tax/commercial law for payment transactions)
5. Processors and third-party services
We use carefully selected service providers. Data processing agreements (Art. 28 GDPR) are in place with all of them; for third-country transfers, EU Standard Contractual Clauses are used.
| Service | Provider | Purpose | Location |
|---|---|---|---|
| Supabase | Supabase Inc., USA | Database, authentication, file storage (photos, logos) | EU (Frankfurt) |
| Stripe | Stripe Payments Europe Ltd., Ireland | Payment processing, Stripe Connect for provider payouts | EU/USA |
| Anthropic (Claude AI) | Anthropic PBC, USA | Processing of messages sent to the AI assistant | USA (API use, no model training) |
| Sentry | Functional Software Inc. (Sentry), USA | Crash reports, error monitoring | EU (Frankfurt) |
| Google Places | Google Ireland Ltd., Ireland | Search of publicly available service-provider listings (no personal reference to app users) | EU/USA |
| Apple (APNs, StoreKit, Sign in with Apple) | Apple Distribution International Ltd., Ireland | Push notifications, in-app purchases, Apple login | EU/USA |
| Vercel | Vercel Inc., USA | Hosting of the web portals (app., provider., admin.skipily.app) | EU (Frankfurt / Dublin) |
| Render | Render Services Inc., USA | Hosting of the scraper backend (provider research) | EU (Frankfurt) |
| IONOS | IONOS SE, Germany | Hosting of the skipily.app website, DNS | EU (Germany) |
6. Location data
The app uses your location solely to show service providers near you. The location request only takes place after explicit consent and can be revoked at any time in the iOS settings. Location data is not stored permanently on our servers.
7. Photos and camera
When you upload photos (boats, equipment, profile picture, damage photos), they are stored in encrypted Supabase storage buckets. Access to the camera and photo library is only requested after iOS consent and only during an active upload action.
8. AI assistant
Messages to the AI assistant are transmitted via our Supabase Edge Function to Anthropic (Claude API). Anthropic expressly does not use API data to train AI models (see Anthropic Commercial Terms). Chat histories are stored in your account so you can continue conversations later. Optionally, you can rate answers; these ratings help us improve quality.
9. Crash reports (Sentry)
If the app crashes or an error occurs, we send a report to Sentry (EU hosting). It contains: device type, iOS version, app version, stack trace, anonymised user ID. No content from boat, shop or chat data.
10. Push notifications
If enabled, we send notifications via the Apple Push Notification Service (APNs) (e.g. maintenance due dates, order status). You can disable push notifications at any time in the iOS settings.
11. Payments (Stripe)
Payments are processed exclusively via Stripe. Your payment data (card number etc.) is collected and stored directly by Stripe. We ourselves only see transaction IDs, amount and status. Stripe is PCI-DSS Level 1 certified.
12. Local storage on your device
The app stores some data locally (UserDefaults / CoreData): language setting, last selected boat, offline cache for POIs, login token. These are removed when you delete the app.
13. Retention period
- Account data: Until a deletion request, then generally fully deleted within 30 days (incl. cascading delete in Supabase)
- Boat data / equipment / photos: Until a deletion request
- Chat histories: Until a deletion request or manual deletion in the app
- Server logs: Maximum 90 days, then deleted automatically
- Payment data at Stripe: In accordance with tax retention obligations (up to 10 years, § 147 AO)
- Crash reports (Sentry): 90 days
14. Your rights
You have the right at any time to:
- Access (Art. 15 GDPR) to your stored data
- Rectification (Art. 16 GDPR) of inaccurate data
- Erasure (Art. 17 GDPR) – also directly in the app under Profile → Delete account
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR) – export of your data on request
- Objection (Art. 21 GDPR) to the processing
- Withdrawal of consent given (Art. 7(3) GDPR) – with effect for the future
Please send requests to: info@skipily.app
15. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority, e.g. the State Commissioner for Data Protection and Freedom of Information of your federal state.
16. Data security
All transmissions take place via TLS 1.2 or higher. Passwords are hashed with bcrypt. Database access is restricted at user level by Row-Level Security (RLS).
17. Children
The app is not directed at children under 16. We do not knowingly collect data from children under 16. If we become aware that we have nevertheless received such data, it will be deleted immediately.
18. Cookies (website)
The website skipily.app uses only technically necessary cookies. No tracking cookies or third-party analytics tools are used.
19. Changes to this privacy policy
We adapt this policy as needed to changes in the legal situation or our services. The current version is available at skipily.app/Privacy_Policy.
As of: April 2026 · Contact: info@skipily.app