1. Who this policy applies to
We collect information from two types of users: mariners who use the Service to prepare USCG captain's license paperwork, and school staff (school owners, instructors, reviewers) who use the Service to review and manage those applications.
2. Information we collect
Account information. Email address, full name, and the role assigned to your account (mariner, instructor, staff, admin).
Application content. The information you enter into the wizard to populate USCG Form CG-719 series, which can include: legal name, date and place of birth, mailing address, citizenship, prior license history, sea-service history, character references, drug-test history, medical disclosures required by CG-719K, emergency contact, and your electronic signature.
Uploaded documents. Supporting documents you choose to upload such as medical certificates, drug-test results, ID copies, or sea-service letters.
Communications. Messages you exchange with school staff inside the Service, and messages you send us through the contact form or email.
Technical data. Standard log information such as IP address, browser type, pages visited, and timestamps — used for security, debugging, and rate-limiting.
What we do not collect. We do not knowingly collect Social Security Numbers in free-text fields; the CG-719B asks for an SSN and that value is stored only in the relevant form field for the purpose of populating your PDF. We do not use third-party advertising cookies and we do not sell personal data.
3. How we use information
- To generate, sign, and deliver your CG-719 PDF packet.
- To let your reviewing school view, comment on, approve, or request changes to your packet.
- To provide product support and respond to your messages.
- To secure the Service, prevent abuse, and meet our legal obligations.
- To send transactional emails (e.g., review decisions, password resets, school invitations). We do not send marketing emails without your explicit opt-in.
4. Legal bases (for users in the EU/UK)
Where applicable law requires it, we rely on the following legal bases: performance of a contract (delivering the Service you requested), legitimate interests (securing the Service, replying to your inquiries), legal obligation, and your consent (where we ask for it explicitly).
5. Who can see your data
- You. You can view, edit, and export your application data at any time.
- Your reviewing school. The staff of the captain's license school you applied through can see your account, application content, signatures, and uploaded documents in order to review the packet.
- EasyMMC operators. A small number of authorized engineers may access data when strictly required to operate the Service (e.g., debugging an incident you reported).
- Service providers. Trusted infrastructure vendors who process data on our behalf and under contract: our cloud database/hosting provider, transactional email provider (Resend), and, where applicable, our AI assistance provider used to generate help text. These vendors do not use your data for their own purposes.
- Legal disclosures. We may disclose information if required by law, valid legal process, or to protect rights, property, or safety.
We do not share your information with the United States Coast Guard directly. You submit your finished packet to the USCG yourself.
6. Where we store data
The Service is hosted on cloud infrastructure located in the United States. Data is encrypted in transit (TLS) and at rest. Access is enforced with row-level security so one school cannot see another school's data, and one mariner cannot see another mariner's data.
7. How long we keep data
- Active applications. Retained while your account is active so you can return to and re-download your packet.
- Approved applications. Retained for up to 24 months after approval, then PII is archived or purged at your or your school's request.
- Audit logs. Limited audit-log entries (who reviewed what, when) are retained for up to 24 months for security and dispute resolution.
- Backups. Encrypted backups roll off automatically within 30 days.
8. Your rights
You can request access to, correction of, export of, or deletion of your personal data at any time by emailing privacy@easymmc.com. We respond within 30 days. Where local law gives you the right to lodge a complaint with a data protection authority, you may do so.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.
10. Security incidents
If we become aware of a security incident that materially affects your personal information, we will notify affected users without undue delay, as required by applicable law.
11. Changes to this policy
We may update this policy from time to time. When we do, we update the "Last updated" date above, and for material changes we notify account holders by email.
12. Contact
Questions about this policy or our data practices? Email privacy@easymmc.com or use our contact form.