How we hold your information.

When you sign up for a Conch Pass or upload to the wall, we collect the following:

• Your email address, so we can issue the pass and reach you if something goes wrong.
• Photos you choose to upload, whether of a receipt, a selfie, or a found object.
• GPS coordinates captured at the moment of receipt scan. We use these to confirm proximity to the vendor for billing.
• Text extracted from receipts via optical character recognition. You confirm the amount before any vendor invoice is issued.
• A single boolean noting whether your party contains children. We do not collect names, ages, or photos of children separately.
• Answers to the intake questions you provide at pass creation: cruise line, port date, party size, interests, home country and state, and budget band.

We use your data for four narrow purposes, and only these four:

• To issue and operate your Conch Pass on the day you go ashore.
• To calculate qualified receipts and bill vendors a 5 percent commission monthly via Stripe invoice.
• To populate the public wall 48 hours after upload, with faces blurred and identity reduced to first name and state or country.
• To prevent fraud and resolve disputes between passengers and vendors.

We do not sell your data. We do not rent it. We do not feed it into advertising networks. We do not train third-party models on it.

These are the same promises listed on the homepage. They are engineered, not declared:

1. Photos arrive clean. We strip GPS metadata from every upload, server-side, the moment you hit upload.
2. Faces are blurred by default. If a face appears in your photo, we blur it unless you opt in to reveal yours.
3. Posts wait two days. Every wall post publishes 48 hours after upload, never in real time.
4. We publish first name and state or country only. Never last name, ship, city, or exact date.
5. Faces our model reads as under 25 are always blurred. To unblur, the uploader signs an explicit release.
6. Receipts retire after 90 days. We delete dispute photos on a 90-day cron, no exceptions.

If you are in the European Union, the United Kingdom, or anywhere with comparable data protection rules, you have the following rights, and we honor them globally regardless of where you live:

• Access. Ask us what we hold about you, and we will send it.
• Rectification. Ask us to correct anything inaccurate.
• Erasure. Ask us to delete your account and associated data. We act within 30 days.
• Portability. Ask us for a machine-readable export of your data.
• Objection. Ask us to stop using your data for any of the purposes above. We will, or we will close the account.

To exercise any of these, write to privacy@conchpass.com. Allow up to 30 days for response.

Receipt photos and their OCR text are deleted 90 days after upload, enforced by a scheduled job. We hold them this long only to support dispute resolution, then they are gone.

Other passenger records, including your intake answers and wall posts, are retained indefinitely until you ask us to delete them. Deletion is one email away.

We use the following processors to operate the product. Each of them sees only what they need to do their job, and only that:

• AWS Rekognition for face detection, used to auto-blur faces and detect faces appearing under 25.
• AWS Textract for optical character recognition on receipt photos.
• Supabase for database, authentication, and file storage.
• Resend for transactional email from noreply@conchpass.com.
• Stripe for vendor commission billing. Stripe never sees passenger data.

ConchPass is intended for cruise passengers booking shore activity. We collect only a single boolean noting whether your party contains children, used to inform vendor matching. We do not collect names, ages, or photographs of children separately.

Any face our model reads as under 25 is unconditionally blurred on the public wall, regardless of who uploaded the photo or what release they signed. There is no override.

We do not market to children, and we do not knowingly collect data from anyone under 13.

We use one cookie and one localStorage entry, both for Supabase authentication. They remember that you are signed in. We do not use analytics cookies, advertising pixels, or third-party trackers.

If we make material changes to this policy, we will notify you via the email address on file at least 14 days before the changes take effect. Minor edits, like typo fixes or clearer wording, may be made without notice. The effective date at the top of this page always reflects the current version.

For anything privacy-related, write to privacy@conchpass.com. A real Bahamian reads it.