Surf Adda
Privacy
Updated 2026-07-10
What we collect
- Account basics — when you sign in with Google or Apple we store your name, email address, and profile photo. That's the whole identity: no phone number, no address, no government ID.
- Your contributions — check-ins (conditions, crowd, who-for, an optional note and photo), spot ratings, saved spots, and alert subscriptions. A check-in records the spot and time you chose to post — we do not track your location in the background, ever.
- Photos — uploaded photos are stored with our storage provider (Cloudflare R2) and shown publicly on the spot's page, attributed to your name.
- Technical basics — a session cookie to keep you signed in. To stop spam, some actions (like sending feedback) are rate-limited using a short-lived, non-identifying hash of your connection's IP — deleted automatically within the hour, never linked to your account. No advertising trackers, no analytics that identify you, no fingerprinting.
What we never do
- We don't track your location data. The app can open your nearest spot using your device's location, but that stays on your phone — never stored, never logged, never used to follow where you've been.
- We never sell your data. To anyone. In any form.
- We never show your email publicly or share it with schools.
- We never post anywhere on your behalf.
Who processes data for us
Firebase (sign-in), MongoDB Atlas (database), Vercel (hosting), Cloudflare R2 (photos), Open-Meteo (forecast data — receives no personal data at all).
Your controls
- Email alerts are strictly opt-in per spot, and every email links to the manage page.
- Delete your content: remove a check-in or rating from the app (coming with the profile page) or email us and we'll do it.
- Delete your account: email us — we remove your account and personal data; your check-in statistics may persist in anonymised, aggregated form (e.g. "12 surfed here in October").
Questions: use the feedback link in the footer.