Welcome to BeachView. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the App, and outlines your rights under GDPR (Regulation (EU) 2016/679). By using BeachView, you acknowledge that you have read and understood this policy.
1. Introduction
BeachView ("the App") is a mobile application developed and operated as an individual project. It provides real-time and historical beach status information — including crowd levels, water conditions, weather data, and related insights — for beach destinations across Europe, starting with Romania.
2. Data Controller
The Data Controller responsible for your personal data is:
If you are a resident of the EEA, you have the right to lodge a complaint with your national data protection authority. In Romania, this is the ANSPDCP —
www.dataprotection.ro.
3. Data We Collect
3.1 Data You Provide
- Account information: email address and display name (when signing in via Google Sign-In). Your email is private and visible only to you and the administrator.
- User-generated content: beach status reports and conditions you submit (e.g., crowd level, water quality). Reports are associated with your display name on the map, but anonymized daily during archiving.
- Static map marker submissions: visible as 'pending approval' until reviewed. After approval or rejection, your personal association is not displayed publicly.
- Lifeguard verification documents: uploaded solely to verify your status. Stored temporarily in Firebase Storage, accessible only to you and the administrator, and permanently deleted immediately after approval or rejection.
- Static marker photos: used to confirm marker accuracy. Stored temporarily and permanently deleted immediately after admin review. Never associated with the published marker.
- Communications: messages or feedback you send to us directly.
3.2 Data Collected Automatically
- Device identifiers: anonymous Firebase Installation ID for analytics and crash reporting.
- Usage data: screens visited, features used, session duration (aggregated, not personally identifiable).
- Approximate location: only when you grant explicit permission, used to show nearby beach information.
- Crash reports: anonymized technical data sent in case of app errors.
3.3 Data from Third Parties
- Google Sign-In: if you use this login method, we receive your name, email, and profile picture from Google, subject to Google's Privacy Policy.
- Firebase (Google LLC): we use Firebase Authentication, Firestore, Firebase Storage, and Analytics — all processed in the EU (europe-west1, Belgium). Firebase Storage is used exclusively for temporary storage of verification documents and marker photos.
- Map tiles: map imagery may be requested from a third-party map provider (e.g., MapTiler); no personal data is shared with them.
We do not collect sensitive personal data such as health data, racial or ethnic origin, political opinions, or financial information.
4. How We Use Your Data
We process your personal data only for the following purposes:
- To provide and operate the App, including displaying beach status information and user-submitted reports
- To authenticate your account securely via Google Sign-In
- To allow you to submit and view beach condition reports and dynamic map markers
- To verify lifeguard professional status through temporary document review
- To manage static map markers through a community contribution and admin approval process
- To improve the App through anonymized usage analytics
- To respond to your support requests and feedback
- To detect and fix technical issues via anonymized crash reports
- To comply with legal obligations applicable to us
We do not sell, rent, or trade your personal data to any third party for commercial purposes.
Anonymized and aggregated beach condition data (e.g., crowd levels, water quality) does not constitute personal data under GDPR and may be used for analytical or commercial partnership purposes such as with local authorities or tourism organizations.
5. Legal Basis for Processing (GDPR Article 6)
- Contract performance (Art. 6(1)(b)): providing the App features you requested
- Legitimate interests (Art. 6(1)(f)): improving App stability through anonymized analytics and crash data
- Consent (Art. 6(1)(a)): accessing your device location — you may withdraw consent at any time via device settings
- Legal obligation (Art. 6(1)(c)): where required to comply with applicable law
6. Data Retention
- Account data: retained while your account is active; deleted within 30 days of an account deletion request
- Beach reports (dynamic markers): archived daily with personal identifiers removed and replaced with an anonymous index
- Lifeguard verification documents: permanently deleted immediately after admin approval or rejection
- Static marker photos: permanently deleted immediately after admin approval or rejection
- Analytics data: anonymized, retained for up to 26 months (Firebase Analytics default)
- Crash data: retained for up to 90 days
- Backup data: securely deleted within 90 days of account deletion
7. Data Sharing and Third-Party Services
- Google LLC (Firebase): our primary backend infrastructure, operating under Google's data processing terms, using EU data centers (Belgium). Google is certified under the EU-US Data Privacy Framework.
- Apple Inc. / Google Inc. (App stores): when you download the App, the respective store may collect data subject to their own privacy policies.
- Legal authorities: if required by applicable law, court order, or governmental authority.
No data is transferred outside the EEA without appropriate safeguards (Standard Contractual Clauses or equivalent).
8. Your Rights Under GDPR
- Right of Access (Art. 15): request a copy of the personal data we hold about you
- Right to Rectification (Art. 16): request correction of inaccurate or incomplete data
- Right to Erasure (Art. 17): request deletion of your data ("right to be forgotten")
- Right to Restriction of Processing (Art. 18): request that we limit how we process your data
- Right to Data Portability (Art. 20): receive your data in a structured, machine-readable format
- Right to Object (Art. 21): object to processing based on legitimate interests
- Right to Withdraw Consent (Art. 7(3)): withdraw consent at any time without affecting prior processing
- Right to Lodge a Complaint: contact ANSPDCP in Romania — www.dataprotection.ro
To exercise any of these rights, contact us at beachstatusapp@gmail.com. We will respond within 30 days.
9. Children's Privacy
BeachView is not directed at children under the age of 13 (or under 16 in countries with a higher digital consent age, including Romania). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at beachstatusapp@gmail.com and we will promptly delete such data.
10. Location Data
The App may request access to your device's location to display nearby beaches on the map. Location access is:
- Optional — the App functions without location access; you can enter a location manually
- Used only in real-time — we do not store your precise GPS coordinates on our servers
- Controllable — grant, restrict, or revoke location permission at any time via device settings (iOS: Settings › Privacy › Location Services; Android: Settings › Apps › BeachView › Permissions)
11. Cookies and Similar Technologies
As a native mobile application, BeachView does not use browser cookies. However, the App uses:
- Firebase SDK identifiers: anonymous instance IDs for analytics and crash reporting
- Local storage: minimal data stored on your device (e.g., user preferences, cached beach data) to improve performance
Firebase Analytics is configured with IP anonymization enabled and does not track you across third-party apps or websites.
12. Data Security
- All data in transit is encrypted using TLS 1.2 or higher
- Firebase Firestore data is encrypted at rest using AES-256
- Firestore security rules enforce role-based access: public beach data is readable by anyone; personal data is accessible only to the owner and administrator
- Firebase Storage rules restrict lifeguard documents to the owner and administrator only
- Administrator access is controlled via a role field in the user profile, enforced at the Firestore security rules level
- Access to Firebase console is protected by multi-factor authentication
In the event of a data breach posing risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Art. 33-34.
13. Advertising
The App may display in-app advertisements. If advertising is enabled:
- Advertising is served by Google AdMob, subject to Google's Privacy Policy and Advertising policies
- In the EEA, advertisements are served in a privacy-preserving manner compliant with GDPR and the ePrivacy Directive
- We do not serve personalized ads to users who have not provided valid consent for targeted advertising
- You may opt out of interest-based advertising via device settings (iOS: Settings › Privacy › Tracking; Android: Settings › Google › Ads)
14. App Store-Specific Information
14.1 Apple App Store (iOS)
- BeachView complies with Apple's App Store Review Guidelines and App Privacy Policy requirements
- Our App's privacy nutrition label reflects the categories described in this Privacy Policy
- We comply with Apple's requirements for data linked to identity and data used to track users
14.2 Google Play Store (Android)
- BeachView complies with Google Play's User Data Policy and Families Policy
- Our Data Safety section on Google Play reflects the data practices described in this Privacy Policy
- We comply with Google Play's requirements regarding prominent disclosure for sensitive data access (e.g., location)
- The App targets API level in accordance with Google Play's current target API requirements
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Effective Date" at the top of this document
- Notify you via an in-app notification or a prompt on next launch
- Post the updated policy at this URL
Your continued use of the App after any changes constitutes your acceptance of the updated policy.
16. Contact Us
For complaints about our data processing practices, you may contact the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):
www.dataprotection.ro | Tel: +40 318 059 211