Mundi Equity Group Ltd. ("we," "us," or "our") operates the DockBook application (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your information when you use our Service.
1. Information We Collect
To provide and improve DockBook, we collect and store the following information:
Account Information
Your email address is required for account creation, authentication, and password resets. This is managed securely through Firebase Authentication.
User Profile Data
Information you provide during setup, such as your name, union local, board, role, and classification. This is used to accurately calculate pay rates and configure the app experience for your specific workplace organization.
Shift Data
All shift details you enter, including dates, times, job types, locations, vessels, notes, dispatch slip photos, and earnings calculations. This is the primary data the app uses to function. Your personal shift data is encrypted at rest and in transit, and we do not have access to your individual shift information.
Vessel Intelligence Content
Photos and text insights you contribute to the Vessel Intelligence community feature, including equipment notes, operational tips, and vessel-specific information. This content is attributed to your chosen handle or username and is visible to other DockBook users.
Financial Information
Earnings data from your shifts, including salary, income, pay calculations, vacation pay accruals, and retirement projections. Individual earnings are used for your personal analytics and are never shared in identifiable form. Only anonymized, aggregated data is used for community features like Live Board Averages.
Subscription Status
Your premium subscription status (e.g., Pro or Trial) is managed through RevenueCat to unlock Pro features. We do not store or have access to your payment information.
Where payment is processed depends on where you subscribed:
- Subscriptions purchased on iOS or Android are processed by the Apple App Store or Google Play Store, respectively.
- Subscriptions purchased on the web are processed by RevenueCat (using Stripe as the underlying payment processor). RevenueCat acts as merchant of record and handles applicable taxes.
Identifiers
Firebase User ID and RevenueCat Customer ID, used to link your data across your devices, manage your account, and enable cloud synchronization.
Marketing & Waitlist Emails (Opt-In)
If you sign up for the USMX-ILA launch waitlist on dockbook.ca/ila (or any future product waitlist or marketing email list we offer), we collect your email address along with a record of your consent: the exact wording you agreed to, a consent version, the page URL where you signed up, and the date and time. We store this so we can prove your consent under Canada's Anti-Spam Legislation (CASL) and the US CAN-SPAM Act. Every email we send to a waitlist or marketing list will include DockBook's mailing address and a one-click unsubscribe link. Unsubscribing is honored within 10 business days, and we will keep the consent and unsubscribe record on file as required by law even after you opt out.
Anonymous Usage and Performance Data (Optional)
If you provide consent, we collect non-personal, anonymous data about how you interact with the app and crash reports:
- Firebase Analytics: App launches, feature usage, interaction patterns, and session duration
- PostHog Product Analytics: Same usage events plus session replay (with input fields masked). See Section 3 for full disclosure.
- Firebase Crashlytics: Crash logs and performance metrics to improve app stability
This data is collected to help us understand which features are used most, prioritize new features, and fix bugs. This is optional and can be controlled in the app's Settings.
2. How We Use Your Information
Your information is used exclusively to:
- Provide, maintain, and improve the app's features
- Authenticate your account and secure your data
- Enable cloud synchronization of your data across your devices
- Process in-app subscriptions through our provider, RevenueCat
- Calculate accurate pay rates based on your workplace organization's collective agreement
- Provide anonymized, aggregated data for features like "Live Board Averages." Your personal shift data is never shared in identifiable form.
- Publish aggregate, non-identifying statistics about app usage, such as total shifts logged, total earnings tracked across all users, total hours logged, or the number of workers using DockBook, for marketing and transparency purposes. These statistics are computed by combining data across all users and never disclose any individual's identity, earnings, or activity.
- (If consent is given) Analyze anonymous usage patterns to improve the app and prioritize feature development
- Send account-related emails (verification, password resets) through Resend
3. Data Sharing & Third Parties
We do not sell or rent your personal data. We share limited data with the third-party service providers below for the specific purposes described, and (where you have consented) with advertising platforms to measure how well our ads perform. We do not share your name, paystub data, individual shift earnings, or your readable email with any advertising platform.
- Firebase (Google): Database hosting, authentication, analytics (with consent), crash reporting, and cloud storage. Firebase's security protocols protect your data from unauthorized access.
- RevenueCat: Manages subscription entitlements across iOS, Android, and web. For web subscriptions only, RevenueCat also acts as merchant of record and processes payments (using Stripe as the underlying payment processor). RevenueCat receives the minimum information required to process the transaction (your email address, billing country, and the price you paid). For iOS/Android subscriptions, RevenueCat receives only your subscription status — not your payment information.
- Stripe: Processes web subscription payments on behalf of RevenueCat. Stripe receives your payment card details directly through its hosted checkout; we never see or store this information. Stripe is bound by its own privacy policy and PCI-DSS compliance.
- Resend: Sends account verification and password reset emails. Resend only receives your email address when triggered by account actions.
- PostHog: Product analytics. Receives anonymous usage events (taps, screens viewed, feature usage), your Firebase user ID, and de-identified profile fields (role, classification, union local, board, Pro status). PostHog does not receive your name, email, paystub data, individual shift earnings, or any other personally identifying information. Used to understand how the app is used so we can improve it. PostHog also enables session replay (a video-like recording of in-app interactions) with all input fields automatically masked.
- Meta (Facebook): When you consent to analytics (and, on iOS, only if you allow tracking via Apple's App Tracking Transparency prompt), we share two streams of data with Meta to measure advertising effectiveness. From this website, a Meta Pixel collects standard page-view and download-click events with a Meta-issued cookie identifier and basic technical signals (page URL, IP, browser). From the app, our server forwards subscription conversion events (trial start, purchase, renewal) including your hashed (irreversible) email and account identifier, the conversion type and amount, and any Meta click identifier from the link that brought you to the app. Meta does not receive your name, paystub data, individual shift earnings, or your readable email. If you decline analytics consent (or App Tracking Transparency on iOS), nothing is sent to Meta from that surface. Audience-list sharing for retargeting and lookalikes uses only hashed email and is gated by the same consent.
- Google (Google Ads & Google Analytics): When you consent to analytics, we share page-view and download-click events with Google Analytics 4 and Google Ads to measure advertising performance. Where Enhanced Conversions applies, your hashed (irreversible) email may be included so Google can match your conversion to the ad that drove it. Google's Consent Mode v2 statistically models conversions for visitors who decline cookies, without identifying them. Audience-list sharing (Customer Match) for retargeting uses only hashed email and is gated by analytics consent.
- Apple App Store / Google Play Store: Process subscription payments for purchases made on iOS or Android. We never receive or store your payment information.
These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
4. Data Security
We prioritize the security of your information and use industry-standard security measures:
- Data encryption in transit (HTTPS / TLS)
- Data encryption at rest (Firebase security)
- Firebase Security Rules to prevent unauthorized access
- Regular security audits and updates
- Secure authentication through Firebase Auth
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
5. Data Retention
- Active Accounts: We retain your shift data and profile information for as long as your account is active and you continue to use the Service.
- Deleted Accounts: If you delete your account, all personal data (email, profile, shift data, vessel contributions) is permanently deleted from our systems within 30 days.
- Analytics Data: Anonymous, aggregated analytics data is retained for up to 26 months to understand long-term usage trends. This data cannot be linked back to you.
- Backup Data: Backup copies of deleted data may persist in our backup systems for up to 90 days before being permanently purged.
6. Your Rights & Data Control
You have the following rights regarding your data:
- Access: You can view and edit your profile information at any time within the app.
- Deletion: You have the right to delete your account and all associated data, including your email, profile, shift history, and vessel and equipment notes. In the app, open the side menu, tap Edit on your profile, and select Delete Account in the Danger Zone, then confirm with your password. You can also email support@dockbook.ca to request deletion. Deletion is permanent and cannot be undone. Your data is removed within 30 days, and backup copies within 90 days.
- Portability: You can export your shift data at any time through the Reports feature.
- Consent Withdrawal: You can disable analytics collection at any time in the app under Settings → Privacy. On this website, use the Your Privacy Choices link below to change your cookie and ad preferences.
- Correction: You can update or correct your profile information and shift data at any time within the app.
7. Children's Privacy
DockBook is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@dockbook.ca, and we will delete such information from our systems.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Request information about the categories and specific pieces of personal information we have collected about you
- Request deletion of your personal information
- Opt out of the sale of your personal information (note: we do not sell personal information)
To exercise these rights, contact support@dockbook.ca. We will verify your identity before processing your request.
9. International Users
DockBook is designed primarily for users in Canada, specifically ILWU Local 500 and 502 members in British Columbia. If you access the Service from outside Canada, you acknowledge that your information may be transferred to, stored, and processed in Canada, where our servers and service providers are located. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Posting a notice within the app
- Sending an email to your registered email address (for significant changes)
Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.
11. Cookies and Tracking on This Website
dockbook.ca uses cookies and similar technologies for analytics and advertising measurement. The trackers below are loaded on every page of this website (excluding pages where you have declined consent):
- Meta Pixel (ID 1155415720044823): Records page views and download-link clicks. Sets the
_fbpfirst-party cookie to identify return visits. Sends your IP address, the page URL, and basic browser details to Meta so we can measure how our ads on Facebook and Instagram perform. Cookie lifetime: 90 days. - Google Analytics 4 (Property G-XCQYCZ22TZ): Records page views, scroll depth, outbound link clicks, and download-link clicks. Sets the
_gaand_ga_*first-party cookies so returning visits count as one user, not many. Used to understand which pages help visitors decide to download the app. Cookie lifetime: 2 years. Data retention: 26 months. - Google Consent Mode v2: When you decline cookies, Google still receives cookieless "denied" pings so it can statistically model conversions for visitors who opt out. No personal identifier is set or sent in this mode.
- Cookie consent banner: Sets a first-party cookie/local-storage entry remembering your choice for up to 12 months so the banner does not nag you on every visit.
You can change or withdraw your choice at any time using the Your Privacy Choices link below. Most browsers also let you block or delete cookies in their privacy settings. We honor the Global Privacy Control (GPC) signal: if your browser sends GPC, we default analytics and advertising cookies to off without showing the banner.
12. Your Privacy Choices
To change which cookies and trackers run on dockbook.ca, click the link below. This opens the consent preferences for this website and lets you opt in or out of analytics cookies and advertising cookies independently.
If you are a California resident, you may also opt out of sharing your personal information with advertising platforms by using the same button above. We do not sell personal information for money; we do share certain online identifiers (such as cookie IDs) with Meta and Google for advertising measurement, which California law defines as "sharing." Opting out stops this sharing for your browser on this website.
13. Do Not Track
Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. DNT was never finalized as a standard and we do not act on it. We do, however, honor the Global Privacy Control (GPC) signal, which is the modern successor and is recognized under California law. If your browser sends GPC, analytics and advertising cookies on dockbook.ca default to off.
14. Contact Us
For questions about this Privacy Policy, to exercise your data rights, or for any privacy-related concerns:
- Email: support@dockbook.ca
- Mail: Mundi Equity Group Ltd.
- 1100-225 6 Ave SW
Brookfield Place
Calgary, Alberta T2P 1N2
Canada
We will respond to privacy inquiries within 30 days.