CoreSurfer Legal

Privacy Policy

This policy explains how CoreSurfer handles information across CoreSurfer.com and the CoreSurfer iPhone app.

Effective Date
June 20, 2026
Operator
SouthRock Technologies, LLC
Privacy Contact
support@coresurfer.com

1. Overview

CoreSurfer provides surf forecasts, surf reports, map-based surf spot discovery, favorites, account features, community features, and related planning tools through CoreSurfer.com and the CoreSurfer iPhone app.

We collect only the information needed to operate those services, protect CoreSurfer, support users, and improve forecast and account functionality. We do not sell personal information and we do not use third-party advertising or tracking SDKs in the current iPhone app.

2. Information We Collect

Depending on how you use CoreSurfer, we may collect or process the following categories of information:

  • Account information: display name, username, email address, password submitted during signup or login, email verification status, account role, trust signals, and account status.
  • Authentication information: a CoreSurfer session cookie named coresurfer_session, hashed session tokens, session timestamps, user agent, and IP address associated with account security.
  • Favorites and watchlist information: saved surf spot identifiers, spot names, region names, report URLs, scores, conditions, favorited timestamps, and forecast snapshot details returned by the server.
  • Community and profile information: profile details, submitted contributions, profile photos, moderation status, and related account-backed activity if you use community features.
  • Forecast and map request information: requested forecast regions, spot slugs, map regions, search index requests, request paths, timestamps, IP address, user agent, and error or performance logs.
  • Local app preferences: app display preferences, recent navigation/report references, local favorites, and other settings stored on your device.
  • Account deletion details: password confirmation and an optional deletion reason if you submit one.

Passwords are stored on CoreSurfer servers as one-way scrypt password hashes. CoreSurfer does not store plain-text passwords.

3. How We Use Information

We use information to:

  • Provide surf forecasts, reports, maps, Core Score signals, and spot pages.
  • Create accounts, verify email addresses, sign users in, manage sessions, reset passwords, and process account deletion requests.
  • Sync favorites and personalize saved surf spots for signed-in users.
  • Operate community and profile features when users choose to use them.
  • Maintain security, prevent abuse, debug errors, improve performance, and understand service reliability.
  • Send account verification, password reset, support, security, and policy-related communications.

4. Cookies and Session Data

CoreSurfer uses a session cookie named coresurfer_session to keep signed-in users authenticated. The server stores a hashed version of the session token and uses it to verify your account session. You can clear the session by logging out, deleting your account, clearing browser cookies, or removing the app.

We may use standard operational logs and server-side records to detect errors, protect accounts, monitor abuse, and keep the website and app reliable.

5. Forecast, Map, and Surf Report Usage

The CoreSurfer website and iPhone app request public forecast, map, search, and surf spot data from CoreSurfer.com. These requests may include the surf region, visible map area, surf spot slug, requested API endpoint, timestamp, IP address, user agent, and diagnostics related to the request.

The current iPhone app does not request iOS Location Services permission and does not ask for precise GPS location. Map browsing loads surf spots based on the visible map area and selected regions. If we add precise device location features in the future, we will update this policy and request the appropriate device permission.

6. Account, Favorites, and Profile Data

You can browse core forecast information without creating an account. If you create an account, CoreSurfer stores account information needed to sign you in, verify your email, sync favorites, and support account-backed features.

Signed-out users may save local favorites in the iPhone app on their device. Signed-in users may sync favorites with CoreSurfer servers so those saved spots can be associated with their CoreSurfer account.

If you upload or submit profile photos, community updates, or other account-backed contributions, CoreSurfer stores those submissions for review, display, moderation, and account management.

7. Trip Planning Data

CoreSurfer may offer trip planning, destination, or guide features. If trip planning is available only as local app content, that data remains on your device unless you choose to share, export, or sync it. If future account-backed trip planning is added, we will update this policy to describe the specific data collected and how it is used.

8. How We Share Information

We share information only as needed to operate CoreSurfer and meet legal or security obligations. This may include:

  • Hosting and infrastructure providers that run CoreSurfer.com, databases, backups, logs, and related systems.
  • Email delivery providers used for account verification, password reset, and support-related messages.
  • Apple Maps / MapKit when the iPhone app renders maps through Apple services.
  • Forecast and data providers used to obtain surf, weather, marine, tide, and related public forecast data.
  • Legal, safety, and security purposes when required to comply with law, protect users, investigate abuse, or defend CoreSurfer.

We do not sell personal information. The current iPhone app does not include third-party advertising SDKs or tracking SDKs.

9. Apple Maps and Third-Party Services

The CoreSurfer iPhone app uses Apple MapKit to display maps. Apple may process map-related data according to Apple's own privacy practices. CoreSurfer does not currently ask for precise device location to display maps.

CoreSurfer may also use third-party services for hosting, email delivery, surf and weather data, database operations, security, and performance monitoring. These providers are used to operate the service and are not authorized by CoreSurfer to use personal information for unrelated purposes.

10. Data Retention and Account Deletion

We retain information for as long as needed to provide CoreSurfer, maintain accounts, operate forecasts and maps, comply with legal obligations, resolve disputes, preserve backups, and protect against abuse.

Account deletion is available from the CoreSurfer iPhone app and on the website at /account/delete/. Deleting an account removes your login, profile, saved favorites, profile photos, and account-backed community data from CoreSurfer systems, subject to limited retention for legal, security, backup, fraud-prevention, debugging, or moderation purposes.

Local device data, including local-only favorites and app preferences, may remain on your device until you clear those settings or delete the app.

11. Your Choices and Rights

You can choose to:

  • Use CoreSurfer forecast browsing without signing in.
  • Create an account to sync favorites and use account-backed features.
  • Log out to clear the active CoreSurfer session cookie.
  • Manage or remove favorites.
  • Delete your account through the app or website.
  • Contact us at support@coresurfer.com for privacy questions or requests.

Depending on where you live, you may have additional rights to access, correct, delete, or restrict certain personal information. We will respond to valid privacy requests as required by applicable law.

12. Children's Privacy

CoreSurfer is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to CoreSurfer, contact us and we will review the request.

13. Security

We use reasonable technical and organizational safeguards designed to protect CoreSurfer accounts, sessions, and service data. No internet service can guarantee absolute security, but we work to limit access, hash passwords, protect sessions, monitor errors, and respond to security concerns.

14. Changes to This Policy

We may update this policy as CoreSurfer changes. When we make material updates, we will revise the effective date above and may provide additional notice through the website, app, or account communications.

15. Contact Us

CoreSurfer is operated by SouthRock Technologies, LLC. For privacy questions or requests, contact us at support@coresurfer.com.