GhostFingers Get notified

Privacy

Last updated June 10, 2026

This page describes what data the GhostFingers app and the ghostfingers.app website handle, and how. It applies to the iOS app, the marketing website, and the pre-launch waitlist.

Who this policy is from

This policy is published by Ghost Fingers, an independent surf-forecast project. Questions, requests, and corrections go to [email protected].

What stays on the device

Favorited spots, custom spots, and rating-tuner adjustments are stored only on the device they were entered on. There is no account system for this data, and none of it is uploaded to any server operated on Ghost Fingers' behalf.

Preferences sync

A short, fixed list of profile and display preferences syncs through the user's own private iCloud account using Apple's iCloud key-value storage: display name, home region, default board, unit choices (height, wind, time format), and onboarding state. The sync carries those preferences to a new device install when the user signs into the same Apple ID, so the new install does not start blank. The data lives inside the user's personal iCloud, governed by the user's Apple account and Apple's terms. Ghost Fingers operates no account system and no server that stores it. The sync degrades to a no-op when iCloud is signed out, and local writes still land on the device.

Logged sessions and iCloud sync

Logged surf sessions are stored on the device by default. The "Sync sessions to iCloud" setting in Account → Data is off unless it is turned on. When it is turned on, logged sessions sync through the user's own private iCloud account (using Apple's iCloud and CloudKit services) so the session log carries across the user's devices. That data lives inside the user's personal iCloud, governed by the user's Apple account and Apple's terms. Ghost Fingers operates no account system and no server that stores logged sessions. The setting can be turned off again in the same place, and a synced copy can be removed by the user from their iCloud storage or by deleting the app and clearing it from iCloud.

Aggregate usage counts

The app may send anonymous, aggregate usage counts (for example, how many times spot pages were opened across all users that day) to a Ghost Fingers server. These counts carry no device identifier, no user identifier, no IP-based profile, and no location: each report is an event name and a number. They cannot be tied to any person or device, are used only to understand which features are used, and are never shared or sold. No third-party analytics service is involved.

What the app does not do

Permissions the app may request

Location, only when "Use my current location" is tapped. When adding a custom spot, the app requests latitude and longitude once from iOS and uses the reading to populate the coordinate fields. The reading is not stored off the device. The permission can be declined (a spot can be added by typing coordinates or dropping a pin) and revoked any time in iOS Settings.

Per-spot alerts, on opt-in. Allowing notifications and setting a per-spot threshold in Account → Alerts schedules local push alerts when a favorited spot crosses the chosen tier. Alerts are scheduled with iOS on the device. Their content is not transmitted through any server.

Morning Call, on opt-in. The Morning Call is an optional feature enabled in Account → Alerts. On opt-in, the iPhone uploads to a delivery service: (1) the APNs push token (a routing identifier issued by Apple that allows a push to reach this specific device, not linked to a name or email), (2) the IANA timezone, (3) the chosen delivery hour, and (4) the text of the next morning's forecast for the selected spots. The forecast text is composed on the device. The delivery service stores the payload until the local delivery hour, sends a single notification through Apple's push service, and is not used to generate forecasts. Toggling Morning Call off requests deletion of the record. If that request fails for network reasons, the record is cleared automatically when Apple reports the token as inactive (typically after the app is uninstalled).

Crash and hang reports, on opt-in. Crash reporting is off by default. When enabled in Account → Support, technical diagnostic data is sent through Sentry so a specific bug can be diagnosed. Each report includes the call stack, iOS version, device model, app version, and an anonymous event ID. The same setting also reports app hangs (moments the interface stops responding), which carry the same technical data. Reports do not include a screenshot, a snapshot of the on-screen view hierarchy, or your name, email, or location. In Apple's App Privacy terms this is Crash Data and Performance Data, collected only to keep the app working, not linked to your identity, and never used to track you.

Crash reports are read only to diagnose the bug they describe. The technical crash data is never combined with other reports to build a profile of any user, never used to train, tune, or refine the forecast engine, and never shared with any third party beyond Sentry, which processes it solely to deliver and store the report so the bug can be fixed. A report exists only for as long as Sentry retains it under its default retention period, and only for the purpose of fixing the bug it documents. Toggling crash reports off stops new reports on the next launch.

Email signup at ghostfingers.app

Submitting an email through the "Get notified at public launch" form on ghostfingers.app stores a record so a single launch notification can be sent. Each record contains: the email address, the page on the site the form was submitted from, the referring URL if the browser provided one, the IP address of the request, the browser's user-agent string, and a timestamp. The record is held by Cloudflare's storage service on Ghost Fingers' behalf.

The email address is not added to a newsletter, not sold, and not shared with third parties. When the launch notification has been sent, the records are deleted. To be removed sooner, email [email protected].

The ghostfingers.app website

The website sets no cookies and carries no third-party advertising or cross-site tracking. It uses Cloudflare Web Analytics, a cookieless, privacy-preserving measurement service that counts page views and reports aggregate figures such as referring site, browser, and country. It does not fingerprint the browser, does not follow visitors across other sites, and does not build a profile of any individual. Standard server-level request logs (IP address, user-agent string, page requested, timestamp) are produced by the hosting service for security and operational purposes and are retained for the hosting service's default period.

Forecast data requests

To produce a forecast, the app makes anonymous requests to public weather and ocean data services run by U.S. government and public agencies. Each request includes a User-Agent string identifying the app. No request includes name, email, or other personal information. The device's IP address is visible to those services for the duration of the request, the same way it would be when visiting any website.

Service providers used to operate the app and site

A small number of third-party services are used to deliver specific features. None are used for advertising or cross-site tracking.

How long data is kept

Choices and requests

A request to access, correct, or delete personal information held off the device (the waitlist record described above, or any pending Morning Call payload) can be sent to [email protected]. California residents may exercise the same rights under the California Consumer Privacy Act through that address. Requests will be honored within a reasonable period.

The app's on-device data is under the user's direct control: deleting the app removes it. Opting in to or out of iCloud session sync, notifications, Morning Call, and crash reports is done in Account → Data, Account → Alerts, and Account → Support.

Children

The app and the website are not directed to children under 13, and personal information from children under 13 is not knowingly collected.

Changes to this page

If practices change, this page is updated and the date at the top is revised.

Governing law

This policy is governed by the laws of the State of California.

Contact

Questions about privacy or requests to access or delete data: [email protected]