Your data, explained in plain language.
Last updated January 2025. This page explains what FinMatch collects, how it is used, and what choices you have.
FinMatch ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our website and services.
1. Information We Collect
1.1 Information You Provide
When you use FinMatch, you may provide us with:
- Account Information: Email address, username, and password when you create an account
- Quiver Data: Information about your surfboards (name, dimensions, fin box type)
- Fin Collection: Details about fins you own
- Session Logs: Surf session data including location, date, wave conditions, and ratings
- Feedback: Bug reports, feature requests, and other communications
1.2 Information Collected Automatically
When you use our service, we automatically collect:
- Search Data: Your fin finder searches (weight, board type, wave conditions, skill level, desired feel)
- Usage Analytics: Which fins you view, compare, and click through to purchase
- Device Information: Browser type, operating system, and general device characteristics
- Session Identifiers: Anonymous session IDs to track usage patterns
1.3 Information from Third Parties
If you sign in using Google OAuth, we receive your basic profile information (name and email) from Google.
2. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide personalized fin recommendations | Service delivery (contract) |
| Sync your quiver data across devices | Service delivery (contract) |
| Improve our recommendation algorithm | Legitimate interest |
| Analyze usage patterns to improve the service | Legitimate interest |
| Track affiliate link performance | Legitimate interest |
| Respond to your feedback and support requests | Legitimate interest |
| Send important service updates | Legitimate interest |
3. Data Storage and Security
3.1 Local Storage
If you use FinMatch without creating an account, your data (boards, fins, sessions, and ratings) is stored locally in your browser using localStorage. This data:
- Never leaves your device
- Is not accessible to us
- Will be lost if you clear your browser data
3.2 Cloud Storage
If you create an account, your data is stored securely in our cloud database powered by Supabase, which uses:
- Encrypted connections (TLS/SSL)
- Row-level security policies
- Regular security audits
- Data centers in the United States
3.3 Security Measures
We implement appropriate technical and organizational measures to protect your data, including:
- Secure authentication via Supabase Auth
- Password hashing (never stored in plain text)
- Row-level security ensuring users can only access their own data
- HTTPS encryption for all data transmission
4. Data Sharing
We do not sell your personal data. We may share data in the following circumstances:
4.1 Service Providers
- Supabase: Database and authentication services
- Content Delivery Networks: To serve our application efficiently
4.2 Affiliate Partners
When you click a "Buy" link, you are redirected to a third-party retailer. We track:
- Which fins generate clicks (aggregated, not personally identifiable)
- Conversion data provided by affiliate networks
We do not share your personal information with affiliate partners.
4.3 Legal Requirements
We may disclose your data if required by law or to protect our rights, safety, or property.
5. Cookies and Tracking
5.1 Essential Storage
We use localStorage for essential functionality:
- Storing your quiver data (if not signed in)
- Remembering your preferences
- Maintaining your session
5.2 Analytics
We collect anonymous usage analytics to improve our service. This includes:
- Search patterns and popular fin queries
- Feature usage statistics
- Error tracking for debugging
6. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your data
- Portability: Receive your data in a portable format
- Objection: Object to certain processing activities
To exercise these rights, contact us at tyler@tylerbales.com.
6.1 Account Deletion
You can delete your account at any time by:
- Signing in to your account
- Contacting us at tyler@tylerbales.com with the subject "Account Deletion Request"
Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
7. Children's Privacy
FinMatch is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
8. International Data Transfers
Your data may be transferred to and processed in the United States. By using FinMatch, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data.
9. Data Retention
- Account Data: Retained while your account is active, deleted within 30 days of account deletion
- Analytics Data: Aggregated and anonymized after 12 months
- Search History: Associated with your account if signed in; anonymized after 6 months if not
10. Third-Party Links
Our service contains links to third-party websites (retailers, affiliate partners). We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.
11. Changes to This Policy
We may update this privacy policy periodically. We will notify you of significant changes by:
- Posting a notice on our website
- Updating the "Last Updated" date
- Sending an email to registered users (for material changes)
12. Contact Us
For privacy-related questions or concerns:
- Email: tyler@tylerbales.com
- General Support: tyler@tylerbales.com
13. California Privacy Rights (CCPA)
California residents have additional rights under the CCPA:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your rights
14. European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Contact us to exercise these rights.
By using FinMatch, you acknowledge that you have read and understood this Privacy Policy.