Privacy Policy

Last updated: March 24, 2026.

This Privacy Policy explains how Navigate Croatia processes personal data relating to visitors of the public catalog, boat owners, administrators, and other people who interact with the platform. Navigate Croatia is an online lead-generation and listing platform for charter boats on the Croatian Adriatic. In the current version of the service, bookings, payments, and charter contracts are not concluded on the platform itself; they are arranged directly between the guest and the boat owner.

1. Who is the controller

The controller for Navigate Croatia is BeeDigital d.o.o., Miroslava Krleže 22, 34000 Požega, Croatia, OIB/VAT ID: HR69213629245. For privacy questions, you can contact us at info@beedigital.hr using the subject line “Privacy Request”.

2. What data we collect

Depending on how you use the platform, we may process the following categories of data:

  • account and authentication data: first name, last name, email address, phone number, chosen sign-in method, and security data linked to the account;
  • listing and owner data: boat name, description, price, marina, specifications, photos, and the contact details the owner chooses to make available after a “Show contact details” action;
  • usage and security data: IP address, access time, session identifier, CSRF token, locale preference, and basic technical data needed to operate, secure, and rate-limit the platform;
  • contact-reveal data: which boat was opened, when it was opened, which channels were shown, whether the event was unique within the session, and the date of the event;
  • public boat inquiry data: full name, email address, phone number if provided, approximate travel dates, guest count, message content, locale, IP address, and basic attribution metadata connected to a public inquiry;
  • support and communication data: the content of messages you send us, bug reports, and administrative correspondence;
  • social sign-in data, if you use it: when you sign in with Google or Facebook, we may receive your email address and basic profile data such as first and last name returned by that provider;
  • optional AI feature data: if you intentionally use AI-assisted listing tools or AI search, the data submitted with that request may be processed in order to generate the response.

3. How and why we use data

We use personal data to enable registration, sign-in, the owner dashboard, listing publication and display, the contact-reveal flow, structured public boat inquiries, system security, content moderation, user support, optional AI features expressly triggered by the user, and compliance with legal obligations or the protection of platform rights.

4. Legal bases for processing

  • performance of a contract or steps taken at the user’s request, for example to open an account, sign in, and manage listings;
  • legitimate interests, including platform security, fraud prevention, rate limiting, moderation, basic reporting, and the defense of legal claims;
  • consent, where consent is required, for example for optional cookies or any processing that cannot appropriately rely on another legal basis;
  • legal obligation, where we are required to retain or disclose data under applicable law.

5. Who may receive data

We do not sell personal data. We may share it with a limited range of recipients where necessary to operate the platform, such as hosting and infrastructure providers, email delivery providers, the OAuth provider chosen by the user, and OpenRouter plus the selected model provider when the user invokes an AI feature. We may also disclose data to lawyers, accountants, regulators, courts, or competent authorities where this is necessary for compliance, the protection of rights, or a valid legal request.

6. AI features and external providers

Some AI features are available only when a user actively triggers them. In that case, the content you submit in the AI request may be sent to OpenRouter and the selected model provider in order to generate the response. We aim not to store full prompts or full AI responses in our application audit logs; instead, we may retain limited metadata such as the model, duration, token usage, status code, and failure reason. If separate GPS or related owner services are activated in the future, they may be supplemented by additional terms or privacy notices.

7. How long we keep data

  • account and listing data are kept while the account remains active and for as long as reasonably necessary afterwards for legal obligations, dispute handling, and platform protection;
  • the signed session cookie nc_session may remain active for approximately 7 days unless deleted earlier by the user or invalidated sooner;
  • detailed contact-reveal data is used for security, anti-abuse, and owner reporting; the owner interface currently emphasizes recent history, typically around the last 90 days, while some technical or evidentiary records may need to be retained for longer where justified;
  • structured public boat inquiries may be kept for as long as reasonably necessary so the owner can review and handle the message, and longer where needed for abuse prevention, support, or the defense of legal claims;
  • support and administrative correspondence may be retained longer where necessary to track requests, complaints, or the establishment, exercise, or defense of claims;
  • limited AI audit metadata may be retained for a reasonable operational period for security, cost control, and diagnostics.

8. Public listings and contact details

Public listing content, such as the boat name, description, marina, key specifications, price, and public photos, may be visible to visitors and search engines when the listing is approved and visible. Owner contact details are not exposed to every visitor by default; instead, they are revealed after a user action through the “Show contact details” flow. The owner remains responsible for the accuracy and lawful publication of the contact details they submit.

9. Your rights

Under the GDPR and applicable law, you may request access to your data, rectification of inaccurate data, erasure, restriction of processing, data portability, and the right to object where the legal conditions are met. You may also lodge a complaint with the Croatian Personal Data Protection Agency (AZOP). To exercise your rights, contact us at info@beedigital.hr.

10. Changes to this policy

We may update this policy from time to time to reflect changes in platform functionality, business operations, or regulatory requirements. The latest update date will be shown at the top of the document.