1. Overview
CoreSurfer provides surf forecasts, surf reports, map-based surf spot discovery, favorites, account features, community features, and related planning tools through CoreSurfer.com and the CoreSurfer iPhone app.
We collect only the information needed to operate those services, protect CoreSurfer, support users, and improve forecast and account functionality. We do not sell personal information and we do not use third-party advertising or tracking SDKs in the current iPhone app.
2. Information We Collect
Depending on how you use CoreSurfer, we may collect or process the following categories of information:
- Account information: display name, username, email address, password submitted during signup or login, email verification status, account role, trust signals, and account status.
- Authentication information: a CoreSurfer session cookie named
coresurfer_session, hashed session tokens, session timestamps, user agent, and IP address associated with account security. - Favorites and watchlist information: saved surf spot identifiers, spot names, region names, report URLs, scores, conditions, favorited timestamps, and forecast snapshot details returned by the server.
- Community and profile information: profile details, submitted contributions, profile photos, moderation status, and related account-backed activity if you use community features.
- Forecast and map request information: requested forecast regions, spot slugs, map regions, search index requests, request paths, timestamps, IP address, user agent, and error or performance logs.
- Local app preferences: app display preferences, recent navigation/report references, local favorites, and other settings stored on your device.
- Account deletion details: password confirmation and an optional deletion reason if you submit one.
Passwords are stored on CoreSurfer servers as one-way scrypt password hashes. CoreSurfer does not store plain-text passwords.
3. How We Use Information
We use information to:
- Provide surf forecasts, reports, maps, Core Score signals, and spot pages.
- Create accounts, verify email addresses, sign users in, manage sessions, reset passwords, and process account deletion requests.
- Sync favorites and personalize saved surf spots for signed-in users.
- Operate community and profile features when users choose to use them.
- Maintain security, prevent abuse, debug errors, improve performance, and understand service reliability.
- Send account verification, password reset, support, security, and policy-related communications.
5. Forecast, Map, and Surf Report Usage
The CoreSurfer website and iPhone app request public forecast, map, search, and surf spot data from CoreSurfer.com. These requests may include the surf region, visible map area, surf spot slug, requested API endpoint, timestamp, IP address, user agent, and diagnostics related to the request.
The current iPhone app does not request iOS Location Services permission and does not ask for precise GPS location. Map browsing loads surf spots based on the visible map area and selected regions. If we add precise device location features in the future, we will update this policy and request the appropriate device permission.
6. Account, Favorites, and Profile Data
You can browse core forecast information without creating an account. If you create an account, CoreSurfer stores account information needed to sign you in, verify your email, sync favorites, and support account-backed features.
Signed-out users may save local favorites in the iPhone app on their device. Signed-in users may sync favorites with CoreSurfer servers so those saved spots can be associated with their CoreSurfer account.
If you upload or submit profile photos, community updates, or other account-backed contributions, CoreSurfer stores those submissions for review, display, moderation, and account management.
7. Trip Planning Data
CoreSurfer may offer trip planning, destination, or guide features. If trip planning is available only as local app content, that data remains on your device unless you choose to share, export, or sync it. If future account-backed trip planning is added, we will update this policy to describe the specific data collected and how it is used.
9. Apple Maps and Third-Party Services
The CoreSurfer iPhone app uses Apple MapKit to display maps. Apple may process map-related data according to Apple's own privacy practices. CoreSurfer does not currently ask for precise device location to display maps.
CoreSurfer may also use third-party services for hosting, email delivery, surf and weather data, database operations, security, and performance monitoring. These providers are used to operate the service and are not authorized by CoreSurfer to use personal information for unrelated purposes.
10. Data Retention and Account Deletion
We retain information for as long as needed to provide CoreSurfer, maintain accounts, operate forecasts and maps, comply with legal obligations, resolve disputes, preserve backups, and protect against abuse.
Account deletion is available from the CoreSurfer iPhone app and on the website at /account/delete/. Deleting an account removes your login, profile, saved favorites, profile photos, and account-backed community data from CoreSurfer systems, subject to limited retention for legal, security, backup, fraud-prevention, debugging, or moderation purposes.
Local device data, including local-only favorites and app preferences, may remain on your device until you clear those settings or delete the app.
11. Your Choices and Rights
You can choose to:
- Use CoreSurfer forecast browsing without signing in.
- Create an account to sync favorites and use account-backed features.
- Log out to clear the active CoreSurfer session cookie.
- Manage or remove favorites.
- Delete your account through the app or website.
- Contact us at support@coresurfer.com for privacy questions or requests.
Depending on where you live, you may have additional rights to access, correct, delete, or restrict certain personal information. We will respond to valid privacy requests as required by applicable law.
12. Children's Privacy
CoreSurfer is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to CoreSurfer, contact us and we will review the request.
13. Security
We use reasonable technical and organizational safeguards designed to protect CoreSurfer accounts, sessions, and service data. No internet service can guarantee absolute security, but we work to limit access, hash passwords, protect sessions, monitor errors, and respond to security concerns.
14. Changes to This Policy
We may update this policy as CoreSurfer changes. When we make material updates, we will revise the effective date above and may provide additional notice through the website, app, or account communications.
15. Contact Us
CoreSurfer is operated by SouthRock Technologies, LLC. For privacy questions or requests, contact us at support@coresurfer.com.