Privacy Policy
Last updated: April 28, 2026.
This policy explains what data Beach Watch collects, how it's used, and who else has access to it. Beach Watch is operated by Vero Apps AI Inc., a corporation registered in Ontario, Canada. Vero Apps AI Inc. is the data controller for the personal information described below. If you have questions, contact us at info@beachwatch.veroapps.ai.
What we collect
- Email address — used to log you in (no password; we send a one-time code) and to deliver email alerts.
- Phone number (optional) — only if you opt in to SMS alerts.
- Beach selections, alert times, timezone, and channel preferences — what beaches you watch and how you want to be notified.
- Push notification subscription endpoint — when you enable browser/app push notifications, your browser generates an opaque endpoint URL backed by a third-party push service operated by your browser vendor (typically Google (Firebase Cloud Messaging) for Chrome / Android, Apple (APNs) for Safari / iOS, or Mozilla autopush for Firefox). We store the endpoint and a public key so we can deliver alerts; the actual delivery is performed by the third-party push service, which may receive the message payload, your IP address, and device metadata as part of routing the notification. This endpoint cannot be used to identify you outside Beach Watch.
- Notification delivery logs — timestamps of messages sent, used for debugging delivery failures. These logs reference users by an opaque internal ID only; they do not contain your email address, phone number, or device identifiers.
How we use it
Primarily to operate Beach Watch. Specifically:
- Authentication — we email you a one-time 6-digit verification code each time you sign in. There is no password. Codes expire after 10 minutes and are single-use. The fact that we send these codes (and any failures) is recorded in an internal send log that contains only your opaque user ID, not the email or the code itself.
- Welcome / approval emails — sent once when an admin approves your invite signup or creates your account.
- Beach condition alerts — if you've subscribed to a beach, we send notifications when its flag colour or rip-current risk changes, or at scheduled daily times if you've configured them. Frequency depends on your subscriptions and beach activity; you can change channels and disable alerts from Settings at any time.
- Service announcements — rarely, we may email you about material changes to the service or these policies. You cannot opt out of these while you have an active account, but they are infrequent.
Beach Watch itself does not send you marketing email. See “Sharing your contact information with marketing partners” below for the strictly-opt-in partner case.
Beach Watch is a free service supported by advertising, affiliate revenue, and (for users who explicitly opt in) by sharing contact information with marketing partners. See the sections below for what is shared, with whom, and how to opt out of each.
Cookies and local storage
Beach Watch sets one essential session cookie
(named bw_session) so you stay signed in. It is
marked HttpOnly (so it cannot be read by JavaScript),
Secure (so it only travels over HTTPS), and
SameSite=Lax (so it is not sent on cross-site
requests). It contains an opaque session identifier — no email,
no name. You can clear it by signing out, or by clearing your
browser's site data.
We also keep a small non-sensitive cache of your last-seen app
state (your beach list, your default beach, your name)
in your browser's localStorage so the app shows
instantly on repeat visits instead of waiting for a network
round-trip. No login token is ever placed in
localStorage.
Third-party services we use (described below) may set their own cookies for advertising and analytics.
Third parties we share data with
We use third-party services to operate the app. The minimum information needed is shared with each:
- Fly.io — hosting provider that runs the app and stores your account data.
- Tigris — encrypted backup storage for our data files (so we can recover from server failures).
- Resend (Resend, Inc.) — our transactional email provider; delivers login codes, welcome emails, and beach-condition alerts to your inbox. Receives your email address and message content.
- Twilio — would deliver SMS alerts (your phone number and the alert text) if SMS were enabled. SMS is not currently available; the integration is retained in the codebase for a future tier and Twilio receives nothing from Beach Watch today.
- Browser push services (Google FCM, Mozilla, Apple) — your browser routes push notifications through the push service operated by your browser vendor. We send messages to your endpoint; we don't know your device identity.
- Anthropic Claude API — used for AI parsing of official beach condition pages. The AI only receives the public beach pages we scrape — never your account data.
- Google AdSense — Beach Watch displays third-party advertisements via Google AdSense. Google and its partners may use cookies to serve ads based on your prior visits to this site or other sites. You can opt out of personalized advertising by visiting Google's Ads Settings or aboutads.info. Beach Watch itself does not pass your account information to Google's ad systems.
- Amazon Associates — Beach Watch may include affiliate links to beach-related products on Amazon. As an Amazon Associate we earn a small commission from qualifying purchases at no extra cost to you. Amazon's standard cookies apply when you click through.
Sharing your contact information with marketing partners
Beach Watch may share your email address and phone number with trusted marketing partners for relevant offers, promotions, and updates — but only if you have explicitly opted in by checking the partner-consent box during signup (Section 4 of our Terms of Use).
Some of these partner arrangements involve compensation to Beach Watch — under California law (CCPA) and similar regulations in other states, this constitutes a “sale” of personal information, and we are required to inform you of that. We do not share or sell any other account data this way (your beach selections, alert times, notification history, etc. are never shared with marketing partners).
If you did not check the partner-consent box, your email and phone are never shared with marketing partners.
To withdraw your partner consent at any time: email info@beachwatch.veroapps.ai with the subject “Withdraw partner consent”. We will stop sharing your information with new partners and notify existing partners of the withdrawal. (Existing partners that have already received your contact info may have their own retention practices — you may need to opt out with each directly.)
Information shared with advertising networks
Separately from contact-info sharing above, Beach Watch displays advertisements via Google AdSense and similar networks. These networks may receive data about your visit to personalize ads, measure effectiveness, and detect fraud:
- Your IP address and approximate location (city/region)
- Browser type, device type, and operating system
- Pages you visited on Beach Watch and time spent
- Cookies and similar identifiers set by those networks
We do not pass your account information (email, phone, beach selections, alert times, or notification history) to advertising networks.
Your advertising choices
- Opt out of personalized advertising — email info@beachwatch.veroapps.ai with the subject “Opt-out of personalized ads” and we will configure our ad code to serve only non-personalized ads to your account. You may also use Google's Ads Settings and the industry-wide aboutads.info opt-out tool to limit personalized advertising across many sites at once.
- Display ads themselves cannot be disabled. Beach Watch is free to use because ad revenue covers our hosting and operating costs. Opting out of personalization means your ads will be less relevant to you, but you'll still see ads while using the service. This is detailed in our Terms of Use, Section 6.
Your rights
Depending on where you live, you may have specific rights over the personal data we hold about you. We honour the following rights for all users regardless of location:
- Right of access — log in and visit Settings to see everything we have, or email us for a complete export.
- Right to rectification — correct any inaccurate or incomplete information from Settings, or by contacting us.
- Right to erasure (“right to be forgotten”) — delete your account from Settings → Delete account. We immediately erase your email, phone, preferences, and push subscriptions; backups are purged within 30 days under the lifecycle policy described below.
- Right to data portability — request a machine-readable copy of your data by emailing us.
- Right to restrict or object to processing — pause or limit how we use your data by emailing us; the most common case (turn off alerts) is also self-service in Settings.
- Right to withdraw consent — if you opted in to partner sharing, withdraw at any time by emailing info@beachwatch.veroapps.ai. Withdrawal does not affect processing already carried out.
- Right to lodge a complaint — if you live in Canada, you may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca). Residents of the EEA / UK may complain to their national data protection authority. We'd appreciate the chance to address your concern first — email info@beachwatch.veroapps.ai.
To exercise any of these rights, email info@beachwatch.veroapps.ai. We respond within 30 days. We may ask you to verify the email on the account before processing a request to prevent identity spoofing.
Where your data is stored
Beach Watch is hosted on Fly.io in the Toronto (yyz) region. Encrypted backups are stored on Tigris, an S3-compatible object storage service. Transactional email (login codes, welcome messages, alerts) is delivered via Resend. SMS, if and when it becomes available, would be delivered via Twilio. AI parsing of public beach pages is performed by the Anthropic Claude API; no user account data is sent to that API.
Data may be transferred, processed, or stored outside your country, including in the United States. The providers listed above operate global infrastructure, and your data may transit through or be stored at edge locations or data centres outside Canada / the EEA / your home jurisdiction. By using Beach Watch you consent to this cross-border transfer. We rely on the providers' standard contractual clauses or equivalent safeguards for these transfers.
Data retention & account deletion
We retain personal data only as long as necessary to provide Beach Watch to you, comply with legal obligations, resolve disputes, and enforce our agreements. Concrete retention windows:
- Account data (email, phone, preferences) — retained while your account is active. On deletion, your identifying fields are erased immediately; the anonymized record (opaque ID + deletion timestamp) is retained to keep historical operational logs meaningful.
- Backups of account data — retained for 30 days in encrypted backup storage, after which they are automatically deleted by lifecycle policy.
- Operational logs (notification delivery, beach changes, scrape history, admin audit, transactional email send log) — rotated weekly. Each rotated archive is retained for diagnostic and audit purposes; archives contain only the opaque internal ID, never your email, phone, or device identifiers, so once your account is anonymized those entries are no longer linkable to you.
- Login session record — your session expires and is purged from our store no later than 90 days after your last activity (sliding window).
- One-time login codes — held in memory only, expire after 10 minutes, and are single-use.
When you delete your account
We immediately anonymize your active record: your email, phone number, name, beach selections, alert times, and push subscriptions are erased. Your account is marked deleted and your name is replaced with the opaque internal ID. We retain this anonymized record (containing only the internal ID and the deletion timestamp) so that historical operational logs that reference your ID remain meaningful. From your perspective, you are no longer identifiable in our active database.
Backups
Backups of the account database and beach condition snapshots are retained in encrypted backup storage for 30 days, then automatically deleted by a lifecycle policy.
Important: if you delete your account, copies of your pre-deletion data may still exist in backups taken before the deletion was processed. These backup copies are not actively used and are protected by the same 30-day expiration — they will be permanently deleted within 30 days of the most recent backup snapshot. We do not actively scrub PII from backups individually (this would require rewriting every snapshot file in the bucket on every deletion request); instead, the bounded 30-day retention ensures all PII associated with deleted accounts is permanently purged within that window.
Operational logs
Operational logs (notification delivery, admin audit trail, beach change history, transactional email send log) are rotated weekly; rotated archives are retained for diagnostic and audit purposes. They reference users only by an opaque internal ID — they do not contain your email, phone, or device identifiers — so once your account is anonymized those log entries are no longer linkable to you.
Children
Beach Watch is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, contact us and we will delete the account.
Changes to this policy
We'll update the “Last updated” date at the top of this page when material changes are made. Continued use of Beach Watch after a change means you accept the updated policy.
Contact
Privacy questions or requests: info@beachwatch.veroapps.ai