My Cruise Checklist
Legal

Privacy Policy

Last updated May 1, 2026

About this site

My Cruise Checklist (My Cruise Checklist) is an independent editorial publication. This policy covers https://mycruisechecklist.com and any subdomains operated by the publisher. The publisher and data controller for the purposes of GDPR is My Cruise Checklist, mailing address:

My Cruise Checklist
My Cruise Checklist
P.O. Box 4815
Wilmington, DE 19807
United States
Email: contact@mycruisechecklist.com

Information collected and retention

The site collects the minimum information required to operate reliably and to respond to readers. Each category below lists what is collected, the legal basis for processing under GDPR, and how long the data is kept.

  • Server logs. Every request to the site is logged with the requested URL, the response status, the timestamp, and a truncated IP address. Legal basis: legitimate interest (security, abuse detection, reliability measurement). Retention: hashed IP entries are retained for 12 months and then deleted; raw access logs are rotated out after 30 days.
  • Contact form. When a reader uses the contact form, the name, email address, subject, and message submitted are stored so the editorial team can reply. A one-way hash of the sender’s IP address is also stored to prevent abuse. Legal basis: legitimate interest (responding to inbound editorial inquiries). Retention: contact-form submissions are retained for 18 months from the date of the last reply, then deleted.
  • Newsletter. Newsletter subscribers’ email addresses and the page they signed up from are stored for as long as they remain subscribed. Legal basis: consent (opt-in at the sign-up form). Retention: subscriber records are deleted within 30 days after a reader unsubscribes.
  • Search queries. Searches run on the site are handled in real time and not stored against any reader’s identity. Legal basis: legitimate interest. Retention: not retained.

Third-party processors

The publisher uses a small, fixed list of third-party processors to run the site. Each processor handles only the data described below, is bound by a data-processing agreement, and does not receive any data beyond what is needed to deliver the listed function.

  • Railway (United States) — application hosting and managed PostgreSQL database (Railway Postgres). Processes server logs, contact-form submissions, and newsletter records.
  • Cloudflare (global edge) — CDN, TLS termination, and DDoS protection. Processes request metadata (IP, user agent, URL) for security and routing only; does not store reader content.
  • Transactional / newsletter email (planned, currently inactive) — when a sending provider is wired up to deliver replies and newsletter issues, that provider will be named here (alongside the data it processes — subscriber email address and message body) before any mail is sent. Until then, no email-delivery processor receives reader data.
  • Google Fonts CDN (Google LLC, United States) — web-font delivery. Reader browsers fetch font files from fonts.gstatic.com, which exposes the request IP address and user agent to Google solely for the purpose of font delivery. No cookies are set and no cross-site tracking identifiers are attached to these requests.
  • Privacy-respecting analytics (planned, currently inactive) — aggregate page-view counts only, no cross-site cookies, no personal identifiers. If this is enabled in the future, the specific provider will be named in this list before the tag is loaded.

The publisher does not transfer reader data to any other third party. If this list changes, the date at the top of this page is updated and current newsletter subscribers are notified by email.

What this site does not do

  • The publisher does not sell or rent personal data.
  • The site does not run third-party advertising networks or display ads.
  • The site does not run cross-site behavioral tracking.
  • The site does not use affiliate links on cruise bookings or onboard services.

Cookies and similar technologies

The site uses a small number of strictly necessary cookies for things like remembering a reader’s dark / light mode preference. A privacy-respecting analytics tool may be used; that tool does not set cross-site cookies and does not collect personal information. If paid acquisition campaigns are ever run, the corresponding measurement tag will be described here before it is enabled.

Reader rights

The publisher honors the rights granted to readers under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA). Specifically, readers may exercise the following rights at any time, free of charge:

  • Right of access. Request a copy of any personal information the publisher holds about them.
  • Right to rectification. Ask for inaccurate or incomplete information to be corrected.
  • Right to erasure (“right to be forgotten”).Ask for personal information to be deleted, subject to the publisher’s legal obligations.
  • Right to data portability. Receive a copy of personal information in a structured, machine-readable format.
  • Right to restriction of processing. Ask the publisher to stop processing personal information while a dispute or correction is being resolved.
  • Right to object. Object to processing based on legitimate interest, including for direct marketing.
  • California residents. Right to know, right to delete, right to correct, right to opt out of any sale or sharing of personal information (the publisher does not sell or share personal information for cross-context behavioral advertising), and right to non-discrimination for exercising any of the above.
  • No automated decision-making. The publisher does not subject readers to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
  • Supervisory authority. EU/UK readers also have the right to lodge a complaint with their local data protection supervisory authority.

To exercise any of these rights, email contact@mycruisechecklist.com and the editorial team will respond within 30 days. The publisher may need to verify the requester’s identity before acting on a request.

Children

The site is intended for adult travelers. The publisher does not knowingly collect personal information from children under 13.

Changes to this policy

When material changes are made to this policy, the date at the top of this page is updated and, where appropriate, newsletter subscribers are notified by email.

Contact

Questions about this policy:
contact@mycruisechecklist.com