Privacy Policy

Last updated May 16, 2026

Wind and Tides is operated by Two Bit Labs LLC. This policy covers the website windandtides.com and the iOS and Android apps (together, the "Service").

Information collected

Information you provide. If you contact Wind and Tides or otherwise submit information through the Service, that information is received in order to respond and to operate the Service. Bot-protection measures may be applied to prevent abuse.

Information collected automatically. Like most websites and apps, the Service collects standard technical information when you use it — including IP address, device and operating-system information, approximate location derived from your IP address, pages or screens viewed, and pseudonymous identifiers — through server logs and third-party analytics services. This data is used to operate the Service, understand aggregate usage, and prevent abuse. It is not sold or used to build advertising profiles. This IP-derived approximate location is distinct from the device GPS access described below, which the app uses to display your position on the chart.

Device permissions. The mobile app may request access to your device's location to display your position on the chart. Your GPS location is used on the device only — it is not transmitted to Wind and Tides or any third party, and no GPS location history is stored. You can grant or revoke this permission at any time in your device settings.

Cookies and similar storage. Cookies and similar browser storage are used to remember your preferences and to support analytics. You can clear these through your browser settings.

Legal basis for processing (EU/UK)

For users in the EU or UK, personal data is processed under the following GDPR legal bases: performance of the service you request (contract); legitimate interests in operating, securing, and improving the Service; your consent where it is requested; and compliance with legal obligations where applicable.

What the Service does not do

• Your personal information is not sold.
• Third-party advertising is not used.
• No account is required to use the Service.
• Your GPS location is not transmitted off your device.

Purchases

The app may be offered as a paid purchase, in-app purchase, or subscription through the Apple App Store and Google Play. Those stores process the payment under their own privacy policies and share only what is needed to fulfill and restore your purchase (such as a pseudonymous purchase token and product identifier). Payment details — name, card number, and billing address — are not received.

Third-party services

• Google Firebase — app and web analytics
• Cloudflare — hosting, CDN, web analytics, Turnstile
• SMTP2GO — contact-form email delivery
• Apple App Store — iOS distribution and paid purchases
• Google Play — Android distribution and paid purchases

International data transfers

The Service is operated from the United States, and third-party providers (including hosting, CDN, and analytics) are based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. Where required, transfers from the EU, EEA, or UK rely on Standard Contractual Clauses or other lawful transfer mechanisms made available by those providers.

Children's privacy

The Service is not directed to children under 13, and personal information from children under 13 is not knowingly collected. If it is discovered that personal information from a child under 13 has been collected, it will be deleted promptly.

Your rights

Depending on where you live, you may have the right to:

• access the personal data held about you;
• request correction or deletion of that data;
• receive a portable copy of that data;
• restrict or object to certain processing;
• withdraw consent where processing is based on consent; and
• opt out of the sale or sharing of personal information (no sale or sharing occurs).

To make a request, use the contact form. If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

The Service does not respond to Do Not Track browser signals, as there is no consistent industry standard. The Service does not currently respond to Global Privacy Control signals; since no sale or sharing of personal information occurs, there is nothing to opt out of.

Data retention

Contact-form messages are retained in email for as long as needed to respond and for reference. Server logs and analytics are retained per the third-party providers' standard retention periods.

Security

All traffic to the Service is served over HTTPS. Reasonable security practices are followed, but no system is completely secure.

Changes to this policy

This policy may be updated from time to time. The date above reflects the most recent change. For material changes, additional notice will be provided on the website or in the app.

Contact

Questions? Use the contact form.