Buoyk Privacy Policy

Effective date: May 25, 2026
App provider: Oleksii Naboichenko
Contact: oleksii.naboichenko@gmail.com

Plain language summary: Buoyk is designed as a no-account app. The current app does not include ads, third-party analytics, or paid content. Optional location is used on your device to center the map and is not sent to the app provider. If Buoyk's data practices change, this policy and App Store privacy information must be updated before those changes are released.

1. Scope

This Privacy Policy explains how Buoyk handles information when you use the Buoyk mobile app and this legal/support website. Buoyk displays public NOAA/NDBC buoy and station observations in a native iPhone and iPad experience.

This policy is intended to be clear and practical. It is not a guarantee that every possible law applies to you or to Buoyk in the same way. Privacy laws vary by location, product features, business size, and data practices.

2. Information Buoyk Does Not Collect in the Current App

The current version of Buoyk is designed not to collect:

Names, email addresses, mailing addresses, or phone numbers.
Account usernames or passwords.
Contacts, photos, microphone recordings, or camera content from your device.
Payment card details.
Precise location on a developer-operated server.
Advertising identifiers for tracking.
Third-party analytics events.

3. Location

Buoyk may ask for location permission so it can center the map near nearby buoy stations. Location permission is optional. If you deny location permission, you can still use the map, list, search, station details, and manual coordinate features.

The current app uses location on your device for map positioning. The app provider does not receive or store your location on a developer-operated server.

4. On-Device Storage

Buoyk stores certain data on your device to make the app faster and more useful after a successful sync. This may include:

Favorite stations and custom favorite names.
Measurement unit preferences.
Cached public station metadata and observations.
Cached public BuoyCAM image links or related station media metadata.
Basic app state needed to display cached data.

You can remove this data by deleting the app. If Buoyk later adds in-app cache controls, those controls may also delete selected cached information.

If you have iCloud Backup enabled on your device, iOS may include on-device app data in your iCloud backup. iCloud backups are managed by Apple under Apple's privacy policy; the Provider does not access your iCloud backups.

5. Network Requests and Public Data Sources

Buoyk retrieves public marine observation data from NOAA/NDBC HTTPS services, including public BuoyCAM station/image metadata where available. The app may also use Apple map services to display maps and system-provided location services if you grant permission.

These third-party services may receive standard technical information needed to respond to requests, such as IP address, request time, device or app network metadata, and requested URLs. Their own privacy policies and terms govern their services.

Buoyk is independent and is not affiliated with, endorsed by, or sponsored by NOAA, NDBC, NWS, Apple, or the U.S. government.

6. Support Messages

If you contact support, the app provider may receive your email address, message content, attachments you choose to send, and technical details you include. This information is used to respond to your request, diagnose issues, protect the service, and maintain records.

Do not send sensitive personal information, emergency information, or safety-critical marine information through support channels.

7. This Website and Cloudflare Pages

This legal/support website is intended to be hosted as a static site, such as on Cloudflare Pages. The site itself does not require an account, contact form, or app login.

Cloudflare or another hosting provider may process standard web request information, including IP address, browser information, device information, request URLs, timestamps, and security/performance logs. The hosting provider's privacy policy applies to that processing.

8. Cookies and Similar Technologies

The current legal/support website does not intentionally set tracking cookies. Hosting, security, DNS, or content delivery providers may use limited technical cookies or logs for security, routing, abuse prevention, and performance.

If this changes, this policy will be updated and any required consent or opt-out controls will be provided.

9. Payments

The current app does not include paid content, subscriptions, or in-app purchases. Buoyk does not receive payment card details in the current app.

10. Advertising and Analytics

The current app does not include third-party advertising or third-party analytics SDKs. Buoyk does not use App Tracking Transparency and does not track users across apps or websites.

11. Children

Buoyk is not directed to, marketed to, or intended for children under 13 (or under 16 in the European Economic Area and United Kingdom). The Provider does not knowingly collect personal information from children. If you are a parent or guardian and believe a child has provided personal information through support or another channel, contact oleksii.naboichenko@gmail.com and the information will be reviewed and deleted promptly where appropriate, in accordance with the Children's Online Privacy Protection Act ("COPPA") and equivalent laws.

12. Data Sharing

The Provider does not sell personal information and does not share personal information for cross-context behavioral advertising. Information may be shared only in limited cases, such as:

With service providers that help operate support, hosting, or app infrastructure, under appropriate confidentiality and data-protection terms.
With Apple, NOAA/NDBC, map providers, or hosting providers as part of using their services.
When required by law, legal process, valid government request, or to protect rights, safety, property, or security.
In connection with a business transfer, merger, acquisition, financing, or sale of assets. In any such transfer, the successor will be required to honor this Privacy Policy or provide notice and a reasonable opportunity to object to material changes.

13. Retention

On-device data remains on your device until you delete it, clear it through app controls if available, or delete the app. The Provider retains support messages and related metadata for up to 24 months after the matter is resolved, or longer if needed to comply with legal obligations, resolve disputes, prevent abuse, or enforce these Terms. Where shorter retention is required by applicable law, the shorter period applies.

14. Security and Breach Notification

Buoyk uses reasonable technical and organizational measures appropriate to the nature of the data and the kind of app it is, including HTTPS requests to public data sources where available and limited collection by design. No method of transmission or storage is completely secure.

If the Provider becomes aware of a personal data breach that is likely to result in a risk to your rights, the Provider will notify affected users and, where required, supervisory authorities without undue delay, in accordance with applicable law (including GDPR Article 33/34 and U.S. state breach notification laws).

15. Your Choices and Rights

Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about data practices. Because the current app is designed not to operate user accounts or a developer backend, the app provider may have little or no personal information about you unless you contact support.

To make a privacy request, email oleksii.naboichenko@gmail.com. The provider may need enough information to verify and process your request.

16. California Privacy Notice

As of the effective date, the app provider does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not have actual knowledge that it sells or shares personal information of consumers under 16.

If this changes, this policy will be updated and required notices and opt-out choices will be provided.

17. International Users and Data Transfers

If you use Buoyk outside the United States, information processed by the Provider or its service providers may be processed in the United States or other countries where those providers operate. Those countries may have data protection laws different from your location. Where required, the Provider relies on appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, or another lawful transfer mechanism.

18. European Economic Area and United Kingdom (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, the following additional information applies under the EU General Data Protection Regulation ("GDPR") and the UK GDPR.

Data controller. The data controller for Buoyk is Oleksii Naboichenko. You may contact the controller at oleksii.naboichenko@gmail.com.

Lawful bases. The Provider processes personal data on the following lawful bases:

Consent (Art. 6(1)(a)) — for optional features such as device location permission. You may withdraw consent at any time through device settings or by contacting the Provider.
Performance of a contract (Art. 6(1)(b)) — to make Buoyk available to you under these Terms.
Legitimate interests (Art. 6(1)(f)) — to respond to support requests, diagnose issues, secure the service, prevent abuse, and improve Buoyk. The Provider has assessed these interests against your rights and freedoms.
Legal obligation (Art. 6(1)(c)) — to comply with applicable law, regulatory requests, and legal processes.

Your rights. Subject to conditions in applicable law, you have the right to: access your personal data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent (without affecting the lawfulness of prior processing); and not be subject to solely automated decision-making with legal or similarly significant effects (the Provider does not engage in such decision-making). To exercise any right, email oleksii.naboichenko@gmail.com.

Right to complain. You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA authorities is available at edpb.europa.eu, and the UK authority is the Information Commissioner's Office (ico.org.uk). The Provider asks that you contact it first so that the matter can be addressed directly.

International transfers. See Section 17.

No EU representative required. Based on the current scale and nature of Buoyk's processing, the Provider is not required to designate an EU/UK representative under GDPR Article 27 or its UK equivalent. If this changes, this Policy will be updated.

19. Changes to This Policy

This policy may be updated from time to time. If changes are material, the effective date will be updated and additional notice may be provided where required.

20. Contact

App provider / Data controller: Oleksii Naboichenko
Email: oleksii.naboichenko@gmail.com