Legal
Privacy Policy
Squall App Inc. ("SQUALL", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use the SQUALL mobile application, website at squallapp.com, and all related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Service.
1. Who We Are
SQUALL is operated by Squall App Inc., a company incorporated under the laws of Canada with its principal place of business in Ontario, Canada.
For privacy inquiries, contact our Privacy Officer at: [email protected]
2. Information We Collect
2.1 Information You Provide
- Account information: email address, name (optional), sailing role (sailor/coach), sailing class
- Profile data: boat class, team affiliation, home club (optional)
- Session notes and coach notes: free-text content you enter
- Payment information: processed by Stripe — SQUALL does not store full card numbers or payment credentials
- Communications: emails and support requests you send us
2.2 Information Collected Automatically
- Device information: device type, operating system, app version, unique device identifiers
- Usage data: screens viewed, features used, session duration, event interactions
- Location data: approximate GPS location when you use venue detection features (we request permission before collecting precise location)
- Log data: IP address, timestamps, error logs
2.3 Sailing Context Data
To generate AI briefings, we collect and process contextual sailing data including: the venue and regatta you are attending, your sailing class, session history and notes, scheduled regatta events, and weather observations. This data is processed as described in Section 4 (AI Briefings).
2.4 Information from Third Parties
When you sign in using Apple Sign In or Google Sign In, we receive your name and email address from those providers, subject to your preferences with them. We do not receive your social contacts or posts.
3. How We Use Your Information
| Purpose | Legal Basis (PIPEDA) |
|---|---|
| Providing and personalising the Service | Contract / Consent |
| Processing payments and managing subscriptions | Contract |
| Generating AI race briefings and coaching content | Consent |
| Sending important account and service communications | Contract / Legitimate interest |
| Improving the Service (analytics, debugging) | Legitimate interest |
| Preventing fraud, abuse, and security incidents | Legitimate interest / Legal obligation |
| Complying with legal obligations | Legal obligation |
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
4. AI Briefings and Anthropic
SQUALL's AI Briefing feature is powered by Claude, an AI system developed by Anthropic, PBC ("Anthropic").
When you request an AI Briefing, the following information is sent to Anthropic's API:
- Venue name and geographic region
- Regatta name, class, and scheduled dates
- Current weather observations and forecast data for the venue
- Your sailing role (sailor or coach)
- Climatological data for the venue
- Session notes you have entered (if you have enabled this in settings)
We do not send your name, email address, or account credentials to Anthropic. Data sent to Anthropic is processed under Anthropic's API Terms of Service. Anthropic may use API inputs to improve its models unless you opt out as a business customer — SQUALL operates under Anthropic's standard API terms.
By using the AI Briefing feature, you consent to this data sharing. You can disable AI Briefings at any time in Settings, which stops future data being sent to Anthropic.
5. How We Share Your Information
5.1 Service Providers
We share information with trusted third-party service providers who help us operate the Service:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | United States |
| Railway | API server hosting | United States |
| Stripe | Payment processing | United States |
| Anthropic | AI briefing generation | United States |
| Weather data providers (NOAA, Open-Meteo, Tomorrow.io, others) | Weather observations and forecasts | Various |
| Cloudflare | Website hosting and CDN | United States |
| Expo (EAS) | App builds and OTA updates | United States |
These providers are contractually obligated to protect your information and may only use it to perform services on our behalf.
5.2 Team and Coach Sharing
If you join a team, your name, sailing class, and session notes may be visible to your designated coach within the same team. You control which session notes are marked as coach-visible.
5.3 Legal Requirements
We may disclose your information where required by law, court order, or government authority, or where necessary to protect the rights, property, or safety of SQUALL, our users, or the public.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to equivalent privacy protections.
6. International Data Transfers
SQUALL is operated from Canada. Your information is stored and processed in the United States (via Supabase and Railway) and may be processed by providers in other countries. When your information is transferred outside Canada, we ensure appropriate safeguards are in place, including through the use of standard contractual clauses or reliance on adequacy decisions where applicable.
7. Data Retention
We retain your personal information for as long as your account is active and as necessary to provide the Service. Upon account deletion:
- Your account credentials and profile data are deleted within 30 days
- Session notes and AI briefing history are deleted within 30 days
- Payment records are retained for 7 years as required by applicable tax and financial record-keeping laws
- Anonymised, aggregated analytics data may be retained indefinitely
If you request deletion of your account, we will action the request within 30 days. Some information may be retained longer where required by law or to resolve disputes.
8. Your Rights and Choices
You have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention obligations)
- Opt-out of marketing: Unsubscribe from promotional emails at any time using the link in any marketing email, or by contacting us
- Location data: Revoke location permissions through your device settings at any time
- AI Briefings: Disable the AI Briefing feature in app Settings to stop data being sent to Anthropic
- Account deletion: Delete your account through the app Settings menu
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You will not face discrimination for exercising your privacy rights.
8.1 Residents of the European Economic Area (EEA) and United Kingdom
If you are located in the EEA or UK, you may also have the right to data portability, restriction of processing, and the right to lodge a complaint with your local supervisory authority. SQUALL relies on consent as the legal basis for AI Briefing data processing and legitimate interests for analytics and product improvement.
8.2 California Residents
Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information is collected, used, shared, or sold; to delete personal information held by businesses; and to opt out of the sale of personal information. SQUALL does not sell personal information. To exercise your rights, contact [email protected].
9. Cookies and Tracking
The SQUALL website (squallapp.com) uses minimal cookies for basic functionality (session management). We do not use advertising cookies or cross-site tracking cookies.
The SQUALL mobile application does not use browser cookies. We use anonymised analytics to understand feature usage and improve the app.
10. Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- Encrypted data transmission (TLS) for all API communications
- Encrypted database storage through Supabase
- Row-Level Security (RLS) policies ensuring users can only access their own data
- Short-lived JWT tokens for authentication with automatic expiry
- Secrets stored in secure environment vaults, not in application code
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
If you discover a security vulnerability in our Service, please report it to [email protected] before public disclosure.
11. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, contact us at [email protected].
12. Third-Party Links and Services
The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Service.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by push notification, in-app banner, or email prior to the changes becoming effective. The "Last Updated" date at the top of this page reflects the most recent revision.
Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must stop using the Service and delete your account.
14. Applicable Law
This Privacy Policy is governed by the laws of Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Where you are located in a jurisdiction with additional privacy protections (such as the EEA, UK, or California), the stronger protections apply.
15. Contact Us
For questions, concerns, or requests relating to this Privacy Policy or our data practices:
Privacy Officer
Squall App Inc.
Ontario, Canada
[email protected]
For general support: [email protected]
We aim to respond to all privacy requests within 30 days.