Privacy Policy

Last updated: 22 May 2026 (version 2026-05-22)

This Policy describes how Wyndow ("we", "us") collects, uses, and shares personal data when you use our websites, web application, iOS app, and related services. It should be read together with our Terms of Service.

1. Who we are

Wyndow operates the Wyndow product. For privacy requests, contact us at hello@wyndow.surf.

2. Data we collect

  • Account and profile: email, name, password hash (handled by our auth provider), skill level, discipline, optional weight or gear preferences you choose to save, home location and country (for spots, tiers, and alerts), and app settings (units, display options).
  • Usage and product data: saved spots, alert rules, notification preferences, subscription status, and interactions needed to run the service (for example API calls and error logs).
  • Analytics and measurement:we collect event, usage, and diagnostic data to understand how the websites, web app, and iOS app are used, fix bugs, measure performance, prevent abuse, and improve the product—for example feature usage, session or request metadata, approximate region, device or browser type, app version, crash or error reports, and (on marketing pages) referral or campaign parameters. Where feasible we aggregate or de-identify this data. We do not sell your personal data; see "Sharing" for subprocessors that may process analytics on our behalf.
  • Location: when you set a home spot, search, or share location in the app, we process those coordinates or place names to show forecasts and enforce plan limits. Precise location is used only as you direct through the product.
  • Communications: messages you send to support and, if you opt in, marketing or product updates.
  • Personalized services (beyond Kairos): when you opt in via settings (for example personalized notifications or conversations), we may use profile, gear, favorites, wind or wave preferences, and similar data you have saved to tailor alerts, copy, or in-app signals. You can withdraw that style of personalization by turning the relevant toggles off.
  • Kairos, assistant "memory", and AI consumption: when you use Kairos, the content you submit (prompts, messages) is sent to our infrastructure and to AI inference providers to generate responses. Kairos is designed for English conversation; other languages may produce poor, inconsistent, or unintended results. We store conversation threads (your messages and assistant replies) so the assistant can keep context within a chat, resume after you leave, and follow up coherently—this is what we mean by memory or continuity in the product; it is not a guarantee that every detail is recalled forever or correctly. We also process technical metadata (for example conversation or session identifiers, approximate timing, and error diagnostics). If you enable personalization for Kairos, we may include profile and context such as favorites, gear, preferences, and recent location you have shared. Inputs are used to produce outputs in real time and, as described in Retention, for operating, securing, and improving the feature.
  • Voice input (speech-to-text) for Kairos: if you use the microphone, audio is sent securely to our infrastructure and processed with automated speech recognition (machine learning) to turn it into text. We use that text like a typed message when you send it to Kairos. We do not keep your voice recording for playback or training; processing is for transcription and related quality or safety steps. Technical or support metadata tied to transcription (for example text outcomes or error diagnostics) may be retained like other service logs.
  • Read-aloud / text-to-speech (TTS): when you ask the app to speak an assistant reply, that usually happens on your deviceusing the operating system or browser's built-in speech features. In the typical flow we do not receive audio of the read-aloud from your device.
  • Payments: billing is handled by our payment processor (e.g. Stripe). We receive limited billing data (plan, status, identifiers) rather than full card numbers.
  • Riding sessions (optional): if you log sessions in the app, we store spot, time, gear, notes, photos, and GPS tracks you choose to save. Sessions are private by default. If you explicitly publish to the community feed or enable a share link, we show a limited public subset (spot, time, description, gear, optional photo/track preview on share cards) to other users or anyone with the link—not your private notes or full metadata.

3. How we use data

We use personal data to:

  • Provide forecasts, maps, spots, and account features;
  • Operate subscription tiers, enforce geographic or feature limits, and process payments;
  • Evaluate and deliver alerts and notifications you configure;
  • Run, secure, and improve the service (including debugging, abuse prevention, product analytics, and measurement in aggregated or de-identified form where possible);
  • Operate Kairos and other AI features: run automated models to generate text and suggestions, apply personalization when you opt in, and enforce fair-use or abuse limits;
  • Produce in-app signals you see as recommendations or rankings (for example condition scores or ordering of information). These are automated outputs, not human advice; they inform your choices only if you decide to act on them;
  • Comply with law and respond to lawful requests.

4. Automated processing, AI outputs, and safety

AI-generated content and algorithmic scores are produced automatically. They can be wrong or misleading. We do not use Wyndow AI features to make legally or similarly significant decisions about you in the sense of automated decision-making under GDPR Article 22; they are tools to help you explore weather and spots. Your safety on the waterdepends on your own assessment of real conditions, local rules, and your ability—see our Terms of Service ("Assumption of risk; responsible and safe riding").

5. Legal bases (EEA/UK)

Where GDPR applies, we rely on contract (providing the service you request), legitimate interests (security, product improvement, and non-intrusive analytics, balanced against your rights), consent where required (for example certain notifications or optional personalization), and legal obligation where applicable.

6. Sharing

We share data with service providers that help us host, authenticate, send push and in-app notifications and transactional email (such as account and security messages), process payments, run AI inference, monitor reliability, and operate analytics or observability (for example cloud platforms, logging, crash reporting, or product analytics tools). They may only use data on our instructions. We may disclose information if required by law or to protect rights and safety. We do not sell your personal data.

7. Retention

We keep data while your account is active and for a reasonable period afterward for backup, legal, and dispute resolution. Kairos conversation history(thread messages used for continuity and "memory") may be retained for a limited period for safety, quality, abuse prevention, and support unless we delete it sooner, you use in-product deletion where available, or you delete your account, subject to legal holds.

8. Security

We use technical and organizational measures appropriate to the nature of the service. No method of transmission or storage is completely secure.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or export your data, to object to or restrict certain processing, and to withdraw consent where processing is consent-based. You can manage much of this in the app (including closing your account from Settings); you may also email us at hello@wyndow.surf. You may lodge a complaint with your local supervisory authority.

Account deletion and billing. If you subscribe on the web through Stripe, you must cancel or schedule cancellation in the Stripe billing portal (linked from the app) before the app can complete account deletion, so renewals stop as expected. You do not need a separate Stripe user account to use that portal. Subscriptions purchased through Apple are managed in your Apple ID subscription settings; you can still delete your Wyndow account in the app, but Apple billing is separate. After deletion, we send a short confirmation email when your address is still reachable.

10. International transfers

We may process data in the European Economic Area and other countries where we or our providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses).

11. Children

Wyndow is not directed at children under 16 (or the minimum age in your region). We do not knowingly collect personal data from children.

12. Changes

We may update this Policy and will post the new version here with an updated date. For material changes we will provide additional notice or consent where required.

Back to home