Notes

Privacy Policy

Effective Date: August 1, 2024

Introduction

At Surf Journal, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information.

Data Collection

Types of Data Collected:

  • Personal Data:
    • Email
    • Location
  • Non-Personal Data:
    • Usage Data
    • Device Information

Methods of Collection:

  • User Input
  • Cookies and third-party services, including Google Analytics

Data Usage

Purpose:

  • Location Data: To personalize user experience and provide services such as displaying the closest surf breaks, determining the time zone, and showing your location on a map.
  • Usage Data and Device Information: Collected anonymously to improve the app’s performance and user experience.
  • Email: To communicate with users for information or updates regarding their account.

Legal Basis:

  • Compliant with CCPA, CPRA, and GDPR

Data Sharing

Third Parties:

  • Anonymous location data is used to access weather APIs for weather data such as tides, swell, wind, etc.
  • Anonymous user data is collected through Google Analytics to improve performance.

Purpose of Sharing:

  • To provide necessary services and improve app performance.

User Rights:

  • Users must consent to this level of data sharing to use the app.

Data Storage and Security

Security Measures:

  • Encryption:
    • Data in transit is protected using SSL/TLS encryption.
    • Data at rest is stored in an encrypted format.
  • Access Controls:
    • Strong authentication mechanisms, including username/password and third-party authentication providers (e.g., Google).
    • Role-based access control (RBAC) to ensure minimum necessary access.
    • Access Control Lists (ACLs) and Class-Level Permissions (CLPs) for fine-grained access control.
  • Activity Logs and Monitoring:
    • Logging and monitoring of significant activities for suspicious activity.
    • Continuous monitoring to detect and respond to potential security threats.
  • Data Anonymization and Pseudonymization:
    • Where possible, personal data is anonymized or pseudonymized.
  • Backup and Recovery:
    • Regular automated backups and tested recovery processes.
  • Secure Development Practices:
    • Secure coding practices to prevent common vulnerabilities.
    • Regular security assessments and code reviews.
  • Security Policies and Procedures:
    • Comprehensive security policies covering data handling, user access, incident response, and compliance.
    • Training for team members on security best practices.
  • Third-Party Security Compliance:
    • Back4App adheres to industry security standards and certifications, such as SOC 2.
  • User Session Management:
    • Session management practices, such as session timeouts and refresh tokens.

Retention Period:

  • User data is retained for 1 year after account deactivation, allowing users to reactivate their account and maintain their journal entries.

User Rights

  • Access and Correction: Users have the right to access and correct their personal data.
  • Deletion and Restriction: Users can request data deletion or restrict processing.
  • Data Portability: Users can receive their data in a commonly used format and transfer it to another service.

To exercise these rights, users can submit a request through our contact page on our website.

Cookies and Tracking

  • Cookies: We use Google Analytics for tracking purposes.

Children’s Privacy

  • Age Restrictions:
    • Our app is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.
    • If you are between 13 and 18, use the app only with the involvement of a parent or guardian.
  • Parental Consent:
    • If we learn we have collected personal data from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible.
    • If you believe we might have information from or about a child under 13, please contact us at privacy-admin@surfjournal.app.

Changes to the Privacy Policy

  • Notification of Changes: Users will be notified of significant changes to the privacy policy via email.
  • Effective Date: August 1, 2024

Contact Information

For questions, concerns, or requests regarding your privacy, please contact us at:

Email: privacy-admin@surfjournal.app