Privacy Policy

1. Introduction

Session Surf Tracker (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information when you use the Session Surf Tracker mobile application (“the App”).

By downloading or using the App, you agree to the practices described in this policy.

2. Information We Collect

Account information

When you create an account, we collect your email address, display name, and username. Authentication is handled by Firebase Authentication (Google). If you sign in with Google, we receive your name and email address from Google's OAuth flow.

Surf session data

We store the surf session records you create: date, location, duration, wave count, board used, personal rating, notes, and any conditions data you enter or import.

Equipment data

We store details about the surfboards and equipment you add to your quiver (make, model, dimensions, notes).

Social connections

If you use the surf-buddies feature, we store connections between your account and other users you follow or are connected with.

Conditions data

With your permission, we fetch wave height, period, wind, and tide information from the Surfline API for the surf spot and time you specify. We store the returned data as part of your session record.

Push notification tokens

If you enable push notifications, we store a Firebase Cloud Messaging (FCM) device token associated with your account in order to send you notifications.

Usage data

We may collect anonymous, aggregated usage analytics (e.g., feature usage counts) to improve the App. We do not use third-party advertising SDKs.

3. How We Use Your Information

• To provide, operate, and improve the App and its features.
• To authenticate your identity and secure your account.
• To display your surf history, quiver, and social connections within the App.
• To send push notifications you have opted into.
• To respond to your support requests.
• To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

4. Data Storage

Your account and session data are stored in Supabase, a cloud database platform. Data is stored in the United States. Supabase uses industry-standard security controls to protect data at rest and in transit.

Authentication data is managed by Firebase Authentication (Google LLC). Firebase processes data in accordance with Google's privacy policies.

5. Payments and Subscriptions

Session Surf Tracker offers optional paid subscriptions. All payment processing is handled entirely by the Apple App Store or Google Play Store on your device. We use RevenueCat to manage subscription state and entitlements.

We do not collect, store, or have access to your credit card or payment details. RevenueCat receives anonymized purchase receipts from the App Stores. Please review Apple's and Google's privacy policies for details on how payment data is handled.

6. Third-Party Services

The App integrates with the following third-party services:

• Firebase Authentication & FCM — identity and push notifications (Google LLC)
• Supabase — backend database and API
• RevenueCat — subscription management
• Surfline — surf conditions data (fetched on your behalf)

Each third party has its own privacy policy governing data they collect. We encourage you to review them.

7. Data Retention

We retain your personal data as long as your account is active. If you delete the App without deleting your account, your data remains stored and accessible when you reinstall.

8. Your Rights & Data Deletion

You may request access to, correction of, or deletion of your personal data at any time. To request deletion of your account and all associated data, please contact us at timothy.e.holley@gmail.com. We will process your request within 30 days.

Depending on your jurisdiction, you may also have rights under applicable privacy laws (e.g., GDPR, CCPA) including the right to data portability and the right to object to processing.

9. Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date and, where appropriate, by in-app notification. Your continued use of the App after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact: