Privacy Policy

Endless Waves is a surf and foil tracking app for activities including prone foiling, downwinding, and foil training. It runs on iPhone and Apple Watch.

This policy describes what data the app collects, how it is used, and how it is stored. We are committed to being transparent about our data practices.

A. Account Information

When you create an account, we collect your email address. This is used solely for authentication via a one-time passcode (OTP). Your email is stored securely in our cloud database (Supabase).

B. Session & Activity Data

Session metrics including GPS routes, speed, distance, duration, wave counts, and related performance data are stored locally on your device and synced to our cloud database when you are signed in. This sync enables you to access your history across devices and participate in leaderboards and competitions.

C. Location Data (GPS)

The app records your real-time GPS position during sessions to calculate route, speed, and distance. Location data is captured in the background while a session is actively recording, even when your screen is locked. GPS route data is stored locally and may be synced to our cloud database as part of your session record.

Location data is never sold or shared with third parties.

D. Health Data (via Apple HealthKit)

Heart rate data may be accessed from Apple HealthKit with your explicit permission. HealthKit data is used only to display metrics within the app and is never transmitted to our servers or any third party.

E. Voice & Microphone

If you use the voice feedback feature, your audio recording is sent to OpenAI's Whisper API for transcription. The transcribed text is stored as part of your session notes. The audio itself is not retained after transcription. OpenAI's privacy policy governs how they handle audio data during processing.

F. Contact Information (Referral Feature)

If you use the referral feature, the app reads contact names and phone numbers from your device's address book so you can select friends to invite. When you successfully send a referral SMS, the selected contact's name and phone number are stored in our cloud database. This information is used solely to track referral status, prevent duplicate invitations, and award referral rewards. We do not upload your full contacts list — only the specific contact(s) you choose to refer and confirm sending to. This data is not sold or shared with third parties.

G. Photos & Media

The app may access your photo library to include media in session video exports. Generated session videos are saved to your Photos library with your permission. Photos data is processed locally and is not transmitted to our servers.

• To provide core app functionality (session tracking, metrics, maps)
• To sync your session history across devices when signed in
• To power leaderboards, competitions, and community features
• To transcribe voice feedback into session notes
• To manage referral rewards and prevent duplicate invitations

We do not use your data for advertising or sell it to any third party.

Your data is stored using the following services:

• Supabase — cloud database and authentication. Stores your account, session data, and referral records. Data is hosted on infrastructure managed by Supabase, Inc.
• OpenAI — used for voice transcription only. Audio is processed transiently and not retained by Endless Waves after transcription.

We do not use third-party advertising SDKs or behavioral analytics services.

The app may request the following permissions:

• Location — required to record GPS routes during sessions, including while the screen is locked
• HealthKit — optional, for heart rate display
• Microphone — optional, for voice feedback transcription
• Contacts — optional, used only for the referral invite feature
• Photo Library — optional, for video export and saving session cards

You may revoke any permission at any time in iOS Settings.

Your session data and account information are retained as long as your account is active. To request deletion of your account and associated data, contact us through the App Store listing or at the email below.

Endless Waves is not directed at children under 13. We do not knowingly collect personal information from children.

We may update this Privacy Policy when app functionality changes. The effective date at the top of this page will reflect the most recent revision. Continued use of the app after an update constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or wish to request data deletion, contact us through the contact form or through the App Store listing for Endless Waves.