Skip to main content

Privacy policy

Last updated: June 23, 2026

This Privacy Notice for LiAri Labs, LLC ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you visit our website at cruisecaptain.ai, use our AI-powered cruise chat and search, or otherwise engage with us.

CruiseCaptain is an informational cruise price-comparison and discovery service. We do not sell cruises or take bookings or payments. You can optionally create a free, passwordless account — just an email address — to receive our newsletter and price-drop alerts for the sailings you set alerts for. Questions? Contact us at [email protected].

Summary of key points

  • What we process. Anonymous visit measurement without cookies or device storage, consent-based analytics cookies if you accept, anything you type into our AI chat, any message you send us directly, and — if you sign up — your email address and the alert preferences you set.
  • Sensitive information. We do not process sensitive personal information.
  • Third-party data. We do not collect personal information about you from third parties.
  • How we process it. To provide and improve the Services, for security and fraud prevention, and to comply with law.
  • Sharing. Only with service providers that run the Services on our behalf (analytics, hosting, AI), never sold.
  • Your rights. Depending on where you live, you may have rights to access, correct, or delete your information.

1. What information do we collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide. This includes the messages you type into our AI cruise chat, any email you send us, and — if you choose to sign up — your email address and the alert preferences you set (our newsletter, and the sailings and cabin types you set alerts for). Accounts are optional and passwordless: we email you a one-time sign-in link, so we never collect or store a password. We do not ask for your name or payment information.

Sensitive information. We do not process sensitive information.

Information automatically collected

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is processed automatically when you visit our Services. For anonymous visit measurement, PostHog uses a privacy-preserving server-side daily hash based on limited request signals. It does not store cookies or device storage in your browser, is not linked across days, and does not build a personal profile. If you accept cookies, PostHog sets a first-party cookie so we can remember your browser across visits, maintain session continuity, and connect activity to an account if you create one. See our cookie policy.

2. How do we process your information?

We process your information to:

  • Provide, operate, and improve our Services, including our AI chat and search features.
  • Understand how the Services are used so we can make them better.
  • Respond to your inquiries and provide support.
  • Send the email you have asked for — confirm your subscription, deliver price-drop alerts for your sailings, and send our newsletter if you opted in. Every newsletter and alert email carries a one-click unsubscribe.
  • Protect the Services, including fraud monitoring and prevention.
  • Comply with our legal obligations.

We process your information only when we have a valid legal reason to do so, and we may process it for other purposes with your consent.

3. What legal bases do we rely on?

If you are located in the EU or UK, the General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on. We may rely on:

  • Consent — for analytics cookies, session replay, affiliate tracking cookies, the newsletter and price-drop alerts you sign up for, and anything else that requires your agreement. You can withdraw consent at any time via the unsubscribe link in any email, the alert management page, or "Manage Privacy" in the footer.
  • Legitimate interests — to measure anonymous visits without browser storage, analyze and improve the Services, and keep them secure.
  • Legal obligations — to comply with applicable law.
  • Vital interests — to protect someone's safety where necessary.

4. When and with whom do we share your information?

We may share your information with third-party vendors and service providers that perform services for us and require access to do that work. These are bound by contract to protect your information and use it only as we instruct. The categories of third parties we may share personal information with are:

  • Data analytics services
  • AI platforms (Google, for our chat and search features — see Section 6)
  • Website hosting, data storage, and content-delivery providers
  • Email delivery providers — to send your confirmation, price-drop alert, and newsletter emails
  • Performance monitoring and testing tools
  • Affiliate marketing programs (where outbound links are affiliate links, managed through the CJ Affiliate (Commission Junction) network; booking on our partner CruiseDirect after following one of our links sets a CJ tracking cookie, which we enable only after you accept cookies — see our affiliate disclosure)

We may also share information in connection with a business transfer (e.g. a merger or acquisition). We have not sold or shared personal information with third parties for a business or commercial purpose, and we do not sell your personal information.

5. Do we use cookies and tracking technologies?

We measure anonymous visits without cookies or device storage, using a non-persistent daily server-side hash. We do not set any analytics cookie, enable session replay, or use affiliate tracking cookies until you accept on the cookie banner. Once you accept, PostHog (our product-analytics provider) sets a first-party cookie (ph_*_posthog) to distinguish unique visitors and maintain session continuity. Our CDN and security provider, Cloudflare, sets strictly necessary cookies (__cf_bm, cf_clearance) to protect the site. If you sign in, we set a strictly necessary session cookie (__Host-cc_session) to keep you signed in; it is not used for tracking. We do not use third-party advertising cookies or share data with ad networks.

For a full list of every cookie and storage item, why we use it, and how long it lasts, see our cookie policy.

6. Do we offer AI-based products?

Yes. As part of our Services we offer features powered by artificial intelligence — an AI cruise chat and AI-assisted search. We provide these through a third-party AI service provider, Google (Google's Gemini API). When you use these features, the messages and queries you submit are sent to and processed by Google to generate a response. You must not use the AI features in any way that violates Google's applicable terms or policies. Our use of information received from Google APIs adheres to the Google API Services User Data Policy.

7. How long do we keep your information?

We keep your information only for as long as necessary for the purposes set out in this notice, unless a longer period is required or permitted by law. The account deletion path is concrete: when you delete your account, we hard-delete operational account data including subscriptions, alerts, deliveries, sessions, sign-in tokens, sign-in identities, and saved cruises. We then tombstone the internal account id without raw personal information.

After account deletion, we retain only a one-way hashed suppression entry so we do not email the same address again, plus a personal-information-free erasure audit record. Unsubscribing from alerts or newsletters stops email and may create the same one-way hashed suppression entry, but unsubscribing is not the same as account deletion.

DataRetention
Account email, alerts, saved cruises, sessions, tokens, identities, deliveriesKept while the account is active; hard-deleted on account erasure.
Suppression recordOne-way hashed email only, retained to prevent future email to an erased, unsubscribed, bounced, or complained address.
Erasure auditPersonal-information-free proof that an erasure request was completed.
Account email/IP rate-limit countersShort-lived database counters, normally pruned after about two hours.
Encrypted backupsDeleted data may remain in backups until the GFS maximum retention boundary, about 183 days. If a backup is restored, outstanding erasure events are replayed.

For verified erasure requests, we complete GDPR requests within one month unless an allowed extension of up to two additional months is needed and we notify you. For CCPA/CPRA requests, we acknowledge receipt within 10 business days and complete the request within 45 days unless an allowed 45-day extension is needed.

8. How do we keep your information safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect your personal information. However, no electronic transmission or storage can be guaranteed to be 100% secure, so we cannot guarantee that unauthorized third parties will never defeat our security. You access the Services at your own risk and should only do so within a secure environment.

9. Do we collect information from minors?

We do not knowingly collect, solicit data from, or market to children under 18 years of age (or the equivalent age in your jurisdiction). By using the Services, you represent that you are at least 18 or are the parent or guardian of such a minor. If you believe we may have collected data from a minor, please contact us at [email protected] and we will promptly delete it.

10. What are your privacy rights?

Depending on your location, you may have rights under applicable data protection laws — including the right to access, correct, delete, or obtain a copy of your personal information, and to withdraw consent. To delete a signed-in account yourself, open your account page, choose "Delete my account," type DELETE, and use the confirmation link we email you. To exercise any other right, or to request deletion without signing in, submit a data subject access request or email us at [email protected].

If you are in the EEA or UK and believe we are unlawfully processing your personal information, you may complain to your Member State data protection authority or the UK data protection authority.

11. Controls for Do-Not-Track and Global Privacy Control

Most browsers include a Do-Not-Track ("DNT") feature. Because no uniform DNT standard has been finalized, we do not respond to DNT browser signals. However, we do honor the Global Privacy Control (GPC) signal: if your browser sends GPC, we treat it as a decline and do not enable analytics cookies, identification, session replay, or affiliate tracking cookies. We still count the visit anonymously without browser storage.

12. Do United States residents have specific privacy rights?

If you are a resident of California, Colorado, Connecticut, Virginia, or another US state with a comprehensive privacy law, you may have rights to access, correct, delete, or obtain a copy of your personal information, to opt out of certain processing, and to non-discrimination for exercising your rights. We do not sell your personal information or use it for targeted advertising. The categories of personal information we collect:

Personal data categories we collect
Category Examples Collected
Identifiers IP address, online identifier Yes
Internet or network activity Browsing/usage on our site, searches, interactions Yes
Geolocation data Approximate location (country/region) derived from IP Yes (coarse)
Contact data (only if you sign up) Email address and the alert preferences you set Yes (only if you sign up)
Name, financial & payment data, biometric, precise geolocation, etc. No

To exercise your rights, submit a data subject access request or email [email protected]. If we decline, you may appeal by emailing the same address.

13. Do other regions have specific privacy rights?

Residents of Canada, Australia, New Zealand, and South Africa, among others, may have additional rights — including to access or correct their personal information and to complain to their local regulator. Contact us using the details below to exercise these rights.

14. Do we make updates to this notice?

Yes. We may update this Privacy Notice from time to time to stay compliant with relevant laws. The updated version will be indicated by a revised "Last updated" date, and material changes may be highlighted by a prominent notice.

15. How can you contact us?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

LiAri Labs, LLC
8735 Dunwoody Place #12140
Atlanta, GA 30350
United States

16. How can you review, update, or delete your data?

You have the right to request access to the personal information we collect, to correct inaccuracies, or to delete it, subject to applicable law. If you are signed in, you can delete your account from the account page after confirming by email. You can also submit a data subject access request or email [email protected].