Privacy Policy

Last updated: April 27, 2026

Version history

Overview

Pacific Watch (“we”, “us”, “the app”) is a free weather, emergency alert, and situational awareness service for Hawaii. This policy explains what information we collect, how we use it, and your rights. We built Pacific Watch to be genuinely useful for Hawaii residents and visitors, not to monetize your data. We do not sell data to anyone, ever.

Information We Collect

Location (optional)

If you grant permission, we use your device’s location to show weather, surf, tide, and emergency alerts relevant to where you are. Device location is used only to determine which Hawaiian island you are on and is not stored on our servers. You can revoke location permission at any time in your device settings.

Address for Flood Alerts (optional)

You may optionally enter your home address or ZIP code in the Settings page to receive personalized flood and tsunami zone alerts. If you do, we store the approximate latitude and longitude (not your exact address) associated with your anonymous push notification token. This allows us to notify you when flooding, heavy rainfall, or tsunami hazards are detected near your location. You can remove this information at any time from the Settings page.

Push Notification Tokens

If you enable push notifications, we store an anonymous device token provided by Apple (APNs) or your web browser so we can send you emergency alerts. This token is associated with your island preference (if set) but not with your identity. You can unsubscribe at any time, which removes the token from our database.

Account Information (optional)

Signing in is optional. All features of Pacific Watch work without an account. If you choose to create an account, we collect your email address and (optionally) your name. If you sign in with Google, we receive your email, name, and profile picture from Google. Account data is stored securely with Supabase, our authentication provider. You can delete your account at any time by contacting us.

Preferences

Your app preferences (selected islands, theme, font size, alert preferences, dashboard layout) are stored in your device’s local storage. If you sign in, these preferences are synced to our database so they follow you across devices.

Anonymous Usage Analytics

We use Umami, a privacy-focused, self-hosted analytics tool, to understand which pages and features people use. Umami does not use cookies and does not collect any personally identifiable information. It records page views, referrers, country (not precise location), device type, and screen size. This data is stored on our own servers and is never shared with third parties.

Stolen Items Submissions

The Stolen Items community board (reports, tips, messages, replies, and flags) collects additional information at the moment you submit so we can keep bad actors out and so investigators have what they need to follow up:

  • IP address. Recorded on each submission for moderation, rate-limiting, and ban enforcement.
  • Browser signature. We generate a non-personal hash from your browser’s configuration (canvas, fonts, audio, screen size). It is never shown to anyone in the app and is used only to recognize devices that have been banned for malicious or spam submissions.
  • Photo metadata. If you upload a photo with a tip, we may read the photo’s embedded location (EXIF GPS) so the “photo location verified” badge can show. You can strip metadata yourself before uploading if you prefer.
  • Photos. Report and tip photos are stored on Cloudflare R2 and served back through Pacific Watch. Recovered reports stop showing photos publicly, and the underlying objects are deleted along with the report.
  • Bot challenge. We use Cloudflare Turnstile (a privacy- focused alternative to reCAPTCHA) on submissions to keep automated abuse out. Cloudflare receives your IP and a short-lived token; it does not require cookies or trackers.

Who sees this: tip and message content is private to the report owner. If the owner forwards a tip to law enforcement, they receive the message and a one-time URL with a password that unlocks the same view (tips, photos, sighting map, conversation thread) for HPD or CrimeStoppers investigators. We may also disclose this information to law enforcement when required by valid legal process.

How We Use Information

  • Provide weather, surf, tide, tsunami, earthquake, volcano, air quality, and emergency alert information relevant to your location
  • Send push notifications for active emergency alerts (when enabled)
  • Save your preferences so the app works the way you want
  • Understand which features are used so we can improve the app
  • Operate the Stolen Items community board, including moderation, rate-limiting, ban enforcement, and forwarding tips to law enforcement when the report owner chooses to
  • Respond to support requests

Third-Party Services

Pacific Watch aggregates data from public sources and uses a few third-party services to operate:

  • Supabase for authentication and database storage
  • Apple Push Notification Service (APNs) for delivering push notifications to iOS devices
  • Google as an optional sign-in provider and for translation
  • Cloudflare R2 for Stolen Items photo storage
  • Cloudflare Turnstile for bot challenges on Stolen Items submissions; a privacy-focused alternative to reCAPTCHA, no cookies or trackers
  • Umami for privacy-focused analytics (self-hosted)
  • Ko-fi for optional donations

We also fetch public data from NOAA, the National Weather Service, USGS, Hawaii Emergency Management Agency, Hawaiian Electric, and other public sources. These are one-way data pulls, with no personal information sent to them.

Data Retention

Push notification tokens are stored until you unsubscribe or your device is uninstalled. Account data is stored until you delete your account. Analytics data is retained for up to 12 months. Location data is never stored. Stolen Items reports marked as recovered are deleted seven days after recovery; reports hidden by community flags are deleted thirty days later if the owner does not appeal. Browser signatures and IP addresses tied to active bans are kept as long as the ban is active.

Your Rights

You have the right to access, correct, or delete any personal information we hold about you. To exercise these rights, email us at contact@pacificwatch.app. You can also:

  • Disable location access in your device settings
  • Disable push notifications in your device settings
  • Delete your account from the Settings page
  • Clear local preferences by clearing your browser data

Children’s Privacy

Pacific Watch is not directed at children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us and we will delete it.

Data Security

We use HTTPS encryption for all data in transit. Account data is stored with industry-standard encryption via Supabase. Push notification tokens are stored in a secure database. While no system is perfectly secure, we take reasonable measures to protect your information.

Changes to This Policy

We may update this privacy policy from time to time. The “Last updated” date at the top reflects the most recent changes. Material changes are announced in the app’s What’s New section, and signed-in users are asked to accept the updated policy on their next visit. Previous versions are available at /privacy/history.

Contact

Questions about this privacy policy or your data? Email contact@pacificwatch.app.