A Threat Tape LLC product · working codename Promenade

Promenade

The social and media layer for cruise-line guest apps.

Promenade drops into a cruise line's existing guest app and adds three things the current generation of cruise apps does poorly: affinity groups the system pre-provisions from booking data (and guests can create themselves), passenger and ship-photographer media sharing with a re-bundled photo model, and a per-cruise data module that stays fast and local aboard then retires to shore-side storage on a retention clock. Underneath sits a reservation-derived accountability backbone that turns the CVSSA crime-logbook obligation a line already carries into something automated.

Clickable Demo Ready React Native + Expo On-ship-first Pre-pitch / confidential
Schedule a Demo Partnership Inquiry
🚢

Six ideas, one demo

  • 👥 Opt-in affinity groups from booking data
  • 🛠️ Passenger-created public & invite-only groups
  • 💬 Group chat with photo sharing
  • 📸 "Photos of me" and the photo re-bundle
  • ✅ Consent separation as its own toggle
  • 🛡️ Resolve, log, and report: the safety backbone

What Promenade Adds

👥

Affinity Groups

The system suggests official channels from booking attributes — Solo Cruisers, Families, a per-tier loyalty lounge — as a one-tap, opt-in shelf (auto-suggest, never auto-add). Guests also create their own public or invite-only groups for the long tail the line would never think to provision.

💬

Chat and Media, One Surface

Text and photos share the same moderated surface, with mute, block, and report on every message and every image. Display names only — never legal names or cabin numbers — with a clear disclosure that a group is visible to other passengers.

📸

The Photographer Re-bundle

Ship-photographer images flow into the app and into group chats instead of selling one at a time. Free to view and share at screen resolution drives engagement and virality; prints, high-res originals, and a "download everything" tier carry the upsell. Dead inventory becomes a loyalty engine.

🪪

"Photos of Me"

Surfaces the photographer shots a guest appears in. Photo matching is strictly opt-in, processed on-ship with ephemeral data, and excluded for minors by default — never shipped to a third party. The demo shows this honestly as a tag filter, with no facial recognition.

Consent by Purpose

Photo-matching consent is its own opt-in, recorded separately from any border-control or general-terms consent, and revocable at any time. The cameras being present does not mean consent exists for this use — Promenade treats each purpose as distinct, the way the major lines already operate.

🛡️

Accountability Backbone

Peers see pseudonyms; every account is permanently bound to the reservation-derived identity underneath. When a guest is reported, an authorized officer can resolve the alias to a real name and cabin — case-bound, role-gated, and fully audited. Reports become incident cases built to hand to law enforcement intact.

🎚️

Age-Gating from Booking Data

Adult-only spaces are gated by booking-verified age, not self-report. Minors' spaces are closed to non-staff adults by design — the only adults present are the line's vetted youth staff — which sidesteps the guardianship-verification problem legal will not accept.

🧩

Portable by Design

A small, opinionated canonical model fed by per-line adapters means Promenade is not welded into one line's app. One sailing equals one self-contained data module — the unit of storage, retention, and deletion. Purging a cruise is a single operation.

Why Cruise Lines Buy It

🚢 Guest Engagement

Groups plus free-feeling photos get guests into the app and keep them there — sharing, tagging, and reliving the trip. That is worth more in loyalty and rebooking than per-download photo fees.

⚖️ Compliance, Automated

Lines sailing to or from U.S. ports already must maintain a centralized crime logbook and report serious offenses under the CVSSA. The identity-binding and incident-case design is the digital-evidence layer that feeds it — automating a burden the line already carries.

🔐 Privacy Posture

Data minimization at the adapter (a scoped read feed, not full reservation credentials), encryption at rest on every export, and itinerary-aware retention that honors GDPR where the ship sails. Defensible by construction.

🛟 Passenger Safety

Reports involving minors resolve immediately and trigger youth-protection escalation. Every unmasking is logged. Harassment and crime cases are preserved under legal hold past the normal retention purge, structured for the FBI/USCG handoff at dock.

Technical Architecture

📱 Client

  • React Native via Expo — iOS, Android, web
  • React Native Web — drops into the line's guest app
  • Web target — fast demos, no build-and-install
  • Passenger + Crew surfaces — one runnable artifact

🧠 Core

  • Canonical model — small, opinionated, framework-agnostic
  • Per-line adapters — anti-corruption layer at ingest
  • Service-facade seam — repoint at a real backend, no UI change
  • TypeScript, strict

🗄️ Storage

  • Per-cruise module — one sailing, one artifact
  • Local-hot — on-ship Postgres + object store
  • Cloud-cold — sealed, encrypted export ashore
  • Retention scheduler — itinerary/GDPR override

🛡️ Safety & Compliance

  • Identity binding — survives renaming
  • Audited resolution — role-gated, case-bound
  • CVSSA incident cases — law-enforcement-ready
  • Legal hold — outlives the retention purge

Engagement guests love, on the compliance backbone you already need.

A clickable demo runs today on the web, built as the real production spine — the same core survives into production unchanged. Promenade is pre-pitch and shown under confidentiality. If you run a guest-experience or safety/security program at a cruise line, get in touch.

Schedule a Demo Back to Products