Mundi Equity Group Ltd. ("we," "us," or "our") operates the DockBook application (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your information when you use our Service.
1. Information We Collect
To provide and improve DockBook, we collect and store the following information:
Account Information
Your email address is required for account creation, authentication, and password resets. This is managed securely through Firebase Authentication.
User Profile Data
Information you provide during setup, such as your name, union local, board, role, and classification. This is used to accurately calculate pay rates and configure the app experience for your specific workplace organization.
Shift Data
All shift details you enter, including dates, times, job types, locations, vessels, notes, dispatch slip photos, and earnings calculations. This is the primary data the app uses to function. Your personal shift data is encrypted at rest and in transit, and we do not have access to your individual shift information.
Vessel Intelligence Content
Photos and text insights you contribute to the Vessel Intelligence community feature, including equipment notes, operational tips, and vessel-specific information. This content is attributed to your chosen handle or username and is visible to other DockBook users.
Financial Information
Earnings data from your shifts, including salary, income, pay calculations, vacation pay accruals, and retirement projections. Individual earnings are used for your personal analytics and are never shared in identifiable form. Only anonymized, aggregated data is used for community features like Live Board Averages.
Subscription Status
Your premium subscription status (e.g., Pro or Trial) is managed through RevenueCat to unlock Pro features. We do not store or have access to your payment information.
Where payment is processed depends on where you subscribed:
- Subscriptions purchased on iOS or Android are processed by the Apple App Store or Google Play Store, respectively.
- Subscriptions purchased on the web are processed by RevenueCat (using Stripe as the underlying payment processor). RevenueCat acts as merchant of record and handles applicable taxes.
Identifiers
Firebase User ID and RevenueCat Customer ID, used to link your data across your devices, manage your account, and enable cloud synchronization.
Anonymous Usage and Performance Data (Optional)
If you provide consent, we collect non-personal, anonymous data about how you interact with the app and crash reports:
- Firebase Analytics: App launches, feature usage, interaction patterns, and session duration
- PostHog Product Analytics: Same usage events plus session replay (with input fields masked). See Section 3 for full disclosure.
- Firebase Crashlytics: Crash logs and performance metrics to improve app stability
This data is collected to help us understand which features are used most, prioritize new features, and fix bugs. This is optional and can be controlled in the app's Settings.
2. How We Use Your Information
Your information is used exclusively to:
- Provide, maintain, and improve the app's features
- Authenticate your account and secure your data
- Enable cloud synchronization of your data across your devices
- Process in-app subscriptions through our provider, RevenueCat
- Calculate accurate pay rates based on your workplace organization's collective agreement
- Provide anonymized, aggregated data for features like "Live Board Averages." Your personal shift data is never shared in identifiable form.
- Publish aggregate, non-identifying statistics about app usage, such as total shifts logged, total earnings tracked across all users, total hours logged, or the number of workers using DockBook, for marketing and transparency purposes. These statistics are computed by combining data across all users and never disclose any individual's identity, earnings, or activity.
- (If consent is given) Analyze anonymous usage patterns to improve the app and prioritize feature development
- Send account-related emails (verification, password resets) through Resend
3. Data Sharing & Third Parties
We do not sell, rent, or share your personal data with third parties for their marketing purposes. We use trusted third-party service providers to operate the Service:
- Firebase (Google): Database hosting, authentication, analytics (with consent), crash reporting, and cloud storage. Firebase's security protocols protect your data from unauthorized access.
- RevenueCat: Manages subscription entitlements across iOS, Android, and web. For web subscriptions only, RevenueCat also acts as merchant of record and processes payments (using Stripe as the underlying payment processor). RevenueCat receives the minimum information required to process the transaction (your email address, billing country, and the price you paid). For iOS/Android subscriptions, RevenueCat receives only your subscription status — not your payment information.
- Stripe: Processes web subscription payments on behalf of RevenueCat. Stripe receives your payment card details directly through its hosted checkout; we never see or store this information. Stripe is bound by its own privacy policy and PCI-DSS compliance.
- Resend: Sends account verification and password reset emails. Resend only receives your email address when triggered by account actions.
- PostHog: Product analytics. Receives anonymous usage events (taps, screens viewed, feature usage), your Firebase user ID, and de-identified profile fields (role, classification, union local, board, Pro status). PostHog does not receive your name, email, paystub data, individual shift earnings, or any other personally identifying information. Used to understand how the app is used so we can improve it. PostHog also enables session replay (a video-like recording of in-app interactions) with all input fields automatically masked.
- Apple App Store / Google Play Store: Process subscription payments for purchases made on iOS or Android. We never receive or store your payment information.
These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
4. Data Security
We prioritize the security of your information and use industry-standard security measures:
- Data encryption in transit (HTTPS / TLS)
- Data encryption at rest (Firebase security)
- Firebase Security Rules to prevent unauthorized access
- Regular security audits and updates
- Secure authentication through Firebase Auth
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
5. Data Retention
- Active Accounts: We retain your shift data and profile information for as long as your account is active and you continue to use the Service.
- Deleted Accounts: If you delete your account, all personal data (email, profile, shift data, vessel contributions) is permanently deleted from our systems within 30 days.
- Analytics Data: Anonymous, aggregated analytics data is retained for up to 26 months to understand long-term usage trends. This data cannot be linked back to you.
- Backup Data: Backup copies of deleted data may persist in our backup systems for up to 90 days before being permanently purged.
6. Your Rights & Data Control
You have the following rights regarding your data:
- Access: You can view and edit your profile information at any time within the app.
- Deletion: You have the right to delete your account and all associated data. This can be done directly in the Profile Editor under Settings, or by contacting support@dockbook.ca. Deletion is permanent and cannot be undone.
- Portability: You can export your shift data at any time through the Reports feature.
- Consent Withdrawal: You can disable analytics collection at any time in Settings → Privacy.
- Correction: You can update or correct your profile information and shift data at any time within the app.
7. Children's Privacy
DockBook is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@dockbook.ca, and we will delete such information from our systems.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Request information about the categories and specific pieces of personal information we have collected about you
- Request deletion of your personal information
- Opt out of the sale of your personal information (note: we do not sell personal information)
To exercise these rights, contact support@dockbook.ca. We will verify your identity before processing your request.
9. International Users
DockBook is designed primarily for users in Canada, specifically ILWU Local 500 and 502 members in British Columbia. If you access the Service from outside Canada, you acknowledge that your information may be transferred to, stored, and processed in Canada, where our servers and service providers are located. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Posting a notice within the app
- Sending an email to your registered email address (for significant changes)
Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.
11. Do Not Track
Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. DockBook does not currently respond to DNT signals because we only collect data necessary for app functionality and, when consented to, anonymous analytics that cannot identify you.
12. Contact Us
For questions about this Privacy Policy, to exercise your data rights, or for any privacy-related concerns:
- Email: support@dockbook.ca
- Mail: Mundi Equity Group Ltd.
- 1100-225 6 Ave SW
Brookfield Place
Calgary, Alberta T2P 1N2
Canada
We will respond to privacy inquiries within 30 days.