Effective: March 29, 2026Last updated: May 6, 2026

Privacy Policy

Effective Date: March 29, 2026 Last Updated: March 29, 2026


1. Introduction

CruiseAlert ("we," "us," or "our") is a service operated by Destinations Media & Travel, a company incorporated in the Netherlands. We operate at cruisealert.com (B2C) and agents.cruisealert.com (B2B). We take your privacy seriously.

This Privacy Policy explains:

  • What personal data we collect and why
  • How we use and protect your data
  • Who we share it with and when
  • Your rights and how to exercise them

If you have questions, contact us at legal@cruisealert.com.


2. Who This Policy Applies To

This policy applies to:

  • B2C users: Consumers using cruisealert.com to track cruise prices
  • B2B users: Travel agents using agents.cruisealert.com
  • Visitors: Anyone who visits our websites without creating an account

For travel agents, the Agent Terms of Service and Data Processing Agreement also apply and govern how agents handle consumer data received through our matching service.


3. Data We Collect

3.1 Information You Provide Directly

CategoryExamplesWhy Collected
Account informationEmail address, name, password (hashed)Account creation and authentication
Profile informationTravel preferences, home port, cruise line preferencesPersonalizing your experience
Alert configurationsTargeted sailings, cabin types, price thresholdsDelivering price alerts
CommunicationsSupport emails, feedback submissionsCustomer support

Travel agents additionally provide:

CategoryExamples
Professional informationAgency name, license/credentials, specialty areas
Contact detailsPhone number, business address
Client handling infoHow they prefer to receive and handle consumer leads

3.2 Information Collected Automatically

When you use the Service, we automatically collect:

CategoryExamplesWhy Collected
Usage dataPages visited, features used, alert activityService improvement and analytics
Device informationBrowser type, operating system, screen sizeCompatibility and debugging
IP addressYour internet address at login/signupSecurity and fraud prevention
Server logsTimestamps, request paths, error codesDebugging and security

3.3 Cookies and Tracking Technologies

We use cookies and similar technologies. See our Cookie Policy for the full breakdown. In summary:

  • Strictly necessary cookies: Required for authentication and security
  • Analytics cookies: Used only with your consent
  • Marketing cookies: Used only with your consent
  • Preference cookies: Store your settings (e.g., cookie consent choice)

3.4 Information We Do Not Collect

We do not collect:

  • Payment card information (we do not process payments directly)
  • Government ID numbers
  • Precise geolocation (we may infer general region from IP)
  • Biometric data
  • Information from children under 13

4. How We Use Your Data

4.1 To Provide the Service

  • Create and manage your account
  • Deliver price alerts when your tracked sailings meet your configured conditions
  • Show you cruise price history and availability data
  • Match you with travel agents (only if you explicitly opt in)

4.2 To Communicate With You

  • Send transactional emails (price alerts, account notifications, security alerts)
  • Send marketing emails (only with your consent, and you can opt out at any time)
  • Respond to your support inquiries

4.3 To Improve the Service

  • Analyze usage patterns to understand which features are valuable
  • Debug issues and optimize performance
  • Develop new features
  • Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations (e.g., responding to lawful government requests)
  • Enforce our Terms of Service and Acceptable Use Policy

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases under the EU General Data Protection Regulation (GDPR):

Processing ActivityLegal Basis
Creating and maintaining your accountContract (Article 6(1)(b)) — necessary to provide the Service
Delivering price alerts you configureContract (Article 6(1)(b)) — core service feature you signed up for
Sending marketing emailsConsent (Article 6(1)(a)) — we only send marketing with your explicit opt-in
Analytics and usage trackingLegitimate interest (Article 6(1)(f)) — improving the service, balanced against your rights
Security and fraud preventionLegitimate interest (Article 6(1)(f)) — protecting users and the platform
IP address logging for securityLegitimate interest (Article 6(1)(f)) — security monitoring
Complying with legal obligationsLegal obligation (Article 6(1)(c))
Consent records retentionLegal obligation (Article 6(1)(c)) — demonstrating compliance

Where we rely on legitimate interests, you have the right to object. Contact legal@cruisealert.com.

Attorney review note: The legitimate interest assessments (LIAs) underlying each "legitimate interest" basis should be documented internally before going live with EU users.


6. Who We Share Your Data With

We do not sell your personal data. We share it only in the following circumstances:

6.1 Service Providers (Processors)

We use third-party companies to help operate the Service. These providers process data only on our instructions:

CategoryPurposeData SharedLocation
Database and authentication providerAccount management and secure loginAccount data, alert configsUSA
Email delivery providerSending price alerts and notificationsEmail address, nameUSA
CDN and security providerContent delivery, DDoS protection, web performanceIP address, request metadataUSA/Global
Infrastructure hosting providerServer hosting and data processingServer-side dataUSA

All processors are contractually required to protect your data and use it only for the specified purpose.

If you choose to be connected with a travel agent through our B2B matching service, we will share your contact information and cruise search preferences with the matched agent. This only happens if you explicitly consent. You may withdraw consent at any time, though we cannot reverse disclosures already made.

Agents who receive your data are bound by our Agent Terms of Service and Data Processing Agreement, which restrict them from using your data for any purpose other than helping you with your cruise inquiry.

We may disclose your data if required by law, court order, or government authority, or if we believe disclosure is necessary to prevent harm or protect our rights.

6.4 Business Transfers

If CruiseAlert is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you by email and/or a notice on our website before your data is transferred and subject to a different privacy policy.

6.5 Aggregated, Anonymized Data

We may share anonymized, aggregated data (e.g., "cruise prices for Caribbean sailings dropped 12% this month") that cannot identify any individual. This is not subject to this privacy policy.


7. International Data Transfers

CruiseAlert is operated by Destinations Media & Travel, incorporated in the Netherlands. Our infrastructure providers are primarily based in the United States. If you are located outside the US, your data may be transferred to and processed in the United States.

7.1 Transfers from the EEA/UK

For transfers of personal data from the EEA or UK to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to our US-based processors
  • Where available, adequacy decisions

Attorney review note: The specific SCC modules and transfer impact assessments (TIAs) need to be implemented before accepting EU users. This is a legally significant area.


8. Data Retention

We keep your data only as long as necessary:

Data TypeRetention PeriodReason
Account dataUntil you delete your accountService provision
Price alert configurationsUntil you delete them or close your accountService provision
Email logs (delivery records)90 daysTroubleshooting email delivery
Authentication session tokens30 daysSecurity
Server logs30 daysSecurity and debugging
Consent records5 years after last interactionLegal obligation (demonstrating consent)
IP address logs (raw)90 days, then hashedSecurity monitoring, then privacy protection
Aggregated/anonymized price dataIndefiniteAnalytics (cannot identify individuals)

When you delete your account, we begin a 30-day grace period (in case of accidental deletion), then permanently delete your personal data from our systems. Some data may be retained longer where legally required (e.g., financial records if you had a paid subscription).


9. Your Rights (All Users)

Regardless of where you are located, you have these rights:

  • Access: You can request a copy of the personal data we hold about you
  • Correction: You can update inaccurate or incomplete data via your account settings or by contacting us
  • Deletion: You can request deletion of your account and personal data
  • Portability: You can request your data in a machine-readable format (JSON or CSV)
  • Opt-out of marketing: Unsubscribe from any marketing email using the link in that email, or via account settings

10. GDPR Rights (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR:

RightWhat It Means
Right of access (Art. 15)Receive a copy of all personal data we hold about you
Right to rectification (Art. 16)Correct inaccurate or incomplete data
Right to erasure (Art. 17)Request deletion ("right to be forgotten"), subject to legal retention requirements
Right to restrict processing (Art. 18)Ask us to pause processing your data in certain circumstances
Right to data portability (Art. 20)Receive your data in a structured, machine-readable format
Right to object (Art. 21)Object to processing based on legitimate interests or for direct marketing
Right to withdraw consentWithdraw any consent you've given at any time, without affecting past processing

To exercise these rights: Email legal@cruisealert.com with the subject line "GDPR Rights Request." We will respond within 30 days.

Right to complain: You have the right to lodge a complaint with your local data protection authority. In the EU, find your authority at edpb.europa.eu. In the UK, contact the ICO at ico.org.uk.

See our full GDPR Data Subject Rights Notice for step-by-step instructions.


11. CCPA/CPRA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

RightWhat It Means
Right to knowRequest disclosure of the categories and specific pieces of personal information we collect, use, and share
Right to deleteRequest deletion of personal information we hold about you
Right to correctRequest correction of inaccurate personal information
Right to opt out of "sale" or "sharing"We do not sell personal information. We do not share it for cross-context behavioral advertising.
Right to limit use of sensitive personal informationRequest that we limit use of sensitive PI to what is necessary for the service
Right to non-discriminationWe will not discriminate against you for exercising any of these rights

Categories of personal information collected: See Section 3 above. Business or commercial purpose for collection: See Section 4 above. Do Not Sell or Share: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

To exercise your California rights: Email legal@cruisealert.com with "California Privacy Request" in the subject line, or visit cruisealert.com/legal/ccpa-request. We will verify your identity before processing the request and respond within 45 days (extendable to 90 days with notice).

Attorney review note: Verify whether the "sharing" opt-out applies based on actual analytics and advertising arrangements. The CPRA "sharing" definition is broader than sale.


12. Children's Privacy

The Service is not directed to children under 13 years old (or under 16 in the EEA, under applicable local laws). We do not knowingly collect personal information from children. If you are under the applicable age, do not use the Service.

If you believe a child has provided us with personal information, please contact legal@cruisealert.com and we will delete it promptly.


13. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Hashed passwords (never stored in plain text)
  • Database encryption at rest
  • Row-Level Security (RLS) policies that prevent cross-user data access
  • Access controls limiting who on our team can access production data
  • Security logging and monitoring

No system is 100% secure. If you discover a security vulnerability, please report it to legal@cruisealert.com.

Data Breach Notification: If a breach occurs that is likely to result in risk to your rights and freedoms, we will notify affected users and relevant authorities as required by law (within 72 hours for GDPR-required notifications to supervisory authorities).


14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy at cruisealert.com/legal/privacy
  • Update the "Last Updated" date at the top of this document
  • Notify you by email if the changes affect how we use your existing data

15. Contact

Destinations Media & Travel (trading as CruiseAlert) Registered in the Netherlands

Privacy questions, rights requests, and data protection matters: Email: legal@cruisealert.com Website: cruisealert.com

Attorney review note: Determine whether a formal Data Protection Officer (DPO) is required. Under GDPR Art. 37, a DPO is required for certain types of large-scale processing. If one is required, their contact details must be listed here and registered with the relevant supervisory authority.