policystamp.com
Home / Examples / Mobile app (iOS + Android)
Mobile app (iOS + Android) · anonymized example

Tidepool

Tidepool is a consumer iOS + Android app for tide and surf conditions. The privacy posture has to align with Apple App Store and Google Play Store disclosure requirements (Privacy Manifest, Data Safety section), explain every device permission requested, and explicitly exclude under-13 users to stay outside COPPA. In-app purchases are handled by Apple StoreKit and Google Play Billing — Tidepool never sees payment-card data.

Free preview · $2 Audit passed · 3 issues addressed 1240 words
Jurisdictions
USEUUKAU
Integrations
FirebaseRevenueCatOneSignalSentry
Distinctive in this archetype
  • · iOS Privacy Manifest + App Store nutrition-label aligned
  • · Push-notification consent + revocation steps
  • · Location-permission rationale (foreground vs background)
  • · Children's Online Privacy Protection (COPPA) statement
Start with this profile

Loads the wizard with the business name pre-filled.

Documents in this archetype

Privacy Policy

Effective date: January 1, 2026

Tidepool ("Tidepool", "we", "us") publishes a mobile app for tide and surf conditions on iOS and Android. This policy explains what data we collect, why, and your rights over it.

1. Information we collect

Account information

When you create an optional Tidepool account (you can use most of the app without one), we collect your email address and any display name you choose. If you sign in with Apple or Google, we receive the same information from those providers; we do not receive your password.

App usage

When you use the app, we collect:

  • Features used — which screens you visit, which tide stations you check, whether you've added a station to favorites.
  • Crash and performance data — when the app crashes or runs slowly, we collect a crash report (stack trace, device model, OS version) so we can fix the underlying issue.
  • Diagnostic IDs — a pseudonymous identifier scoped to your installation so we can correlate events without identifying you personally.

Location data (only if you grant permission)

If you grant location permission, we use your location to show tide and weather data for the spot you are at. We process location data on your device where possible. Coarse-location (city-level) is sufficient for most features; precise location is only used when you tap "Use my current spot" and is not retained after that request completes.

Device permissions

Tidepool requests the following permissions only when needed for a specific feature, and you can revoke any of them at any time from your phone's Settings:

  • Notifications — optional; lets us alert you when a saved spot has notable conditions.
  • Location (when in use) — optional; lets us show data for where you are.
  • Camera — optional; only triggered when you tap the photo-attach button in the journal.
  • Photo library (selected only) — only the photo you pick is read; we cannot enumerate your library.

In-app purchases

When you subscribe to Tidepool Premium, we receive a receipt and a subscription identifier from Apple or Google. We never see or store your payment card. Subscription management is done in your platform's settings (App Store / Google Play).

2. How we use the information

We use the information above to:

  • Operate the app: load tide data, save your favorites, send push notifications you've enabled.
  • Improve the app: understand which features people use and which need work.
  • Detect and fix crashes and performance problems.
  • Provide customer support when you contact us.
  • Process subscription billing through Apple or Google.

GDPR legal bases: contract (delivering the app you signed up for), legitimate interests (analytics and crash reporting, conducted in privacy-preserving ways), consent (location, notifications, advertising-style measurement).

3. Who we share information with

We use the following sub-processors:

  • Google Firebase — authentication, crash reporting, push delivery (US, EU regions).
  • RevenueCat — subscription receipt validation (US).
  • OneSignal — push-notification delivery (US).
  • Sentry — error tracking (US, EU regions).

We do not sell your information. We do not share your information with advertising networks. We do not place tracking SDKs that build a profile across other apps.

4. App Store / Play Store disclosures

This section corresponds to the data collection disclosed in Apple's App Store privacy nutrition label and Google Play's Data Safety section.

Data type Collected Linked to you Used for tracking
Contact info (email) Yes (if you create an account) Yes No
Identifiers (account ID) Yes (if you create an account) Yes No
Usage data Yes No (pseudonymous) No
Location (coarse) Optional No No
Location (precise) Only when you request it No No
Diagnostics (crash, performance) Yes No No

We do not use any third-party SDK that collects data for cross-app tracking purposes. Our App Tracking Transparency status on iOS is "no tracking."

5. International transfers

For users in the European Economic Area, United Kingdom, or Australia, your information may be processed in the United States. We rely on EU Standard Contractual Clauses (and the UK addendum) where applicable.

6. Retention

  • Account data — retained as long as your account exists, then deleted within 30 days of account deletion.
  • App-usage data — retained for 12 months, then aggregated or deleted.
  • Crash reports — retained for 90 days.
  • Subscription receipts — retained for 7 years (tax / accounting requirements).

You can delete your account at any time from Settings → Account → Delete account. The button initiates a verified deletion request; the data is permanently removed within 30 days.

7. Your rights

You have the right to access, correct, port, and delete your information. The fastest way is the in-app Settings; otherwise email privacy@tidepool.example.

For California residents (CCPA / CPRA): we collect identifiers and usage data as described above; we have not sold or shared this information for cross-context behavioral advertising; we do not collect sensitive personal information.

For UK residents: you may complain to the ICO (ico.org.uk).

For Australian residents: you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).

8. Children

Tidepool is rated 4+ on the App Store and rated for Everyone on Google Play, but it is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you become aware that a child under 13 has provided us with personal information, please contact us; we will delete it within 30 days.

For users between 13 and 16 in the European Economic Area, we rely on the age of digital consent in your country. We require parental permission for any feature requiring consent for under-16 users in jurisdictions where the digital age of consent is 16.

9. Security

Tidepool is protected with TLS in transit, AES-256 at rest, role-based access controls, and a documented incident-response plan with 72-hour breach notification.

10. Changes

We will notify you of material changes by an in-app announcement at least 30 days before they take effect.

11. Contact

Privacy questions: privacy@tidepool.example.

Want one for your business?

Start with the mobile app (ios + android) profile.

The wizard takes 2–3 minutes. Free preview shows the first three sections. Two dollars unlocks the rest.

Start a privacy policy All examples