Privacy Policy

Last updated: February 16, 2026

TurtleOps ("we", "our", "us") is a sea turtle conservation platform operated by Leatherbacks Inc. This policy explains how we collect, use, and protect your information when you use the TurtleOps mobile app and web dashboard.

1. Information We Collect

Account information: When you create an account, we collect your name, email address, and password. Your password is securely hashed and never stored in plain text.

Organization data: Your account is associated with an organization. Organization admins may set a coordinator name, email, and phone number for team contact purposes.

Observation data: When you record turtle observations, we collect:

• Turtle identification details (tags, species, measurements)
• Observation notes, behaviors, and timestamps
• GPS coordinates of observation locations
• Photos you take or attach to observations
• Beach conditions (weather, tide, moon phase - collected automatically from public APIs)

Survey session data: When you check in for a survey, we record your start/end times and optional surveyor notes.

Device permissions: The app requests access to:

• Camera - to photograph turtles during surveys
• Location - to record GPS coordinates of observations
• Photo library - to attach existing photos to observations

All permissions are optional and requested only when needed. The app functions without them, though some features will be limited.

2. How We Use Your Information

• To operate the app and provide conservation data management
• To sync your data across devices within your organization
• To display team statistics and volunteer activity
• To generate reports and analytics for your organization
• To authenticate your identity and enforce role-based access

Your data is yours. We will never sell, rent, share, or provide your data to any third party unless you explicitly authorize it. Your organization's data stays within your organization — period.

3. Data Storage and Security

Your data is stored on Supabase infrastructure (built on PostgreSQL and AWS). All data is encrypted in transit (TLS) and at rest. Access to your organization's data is enforced through Row Level Security policies — users can only access data belonging to their own organization.

Photos are stored in secure cloud storage and are only accessible to members of your organization.

4. Data Sharing

Within your organization: All observation data, turtle records, and survey sessions are shared with other members of your organization. This is core to how conservation teams collaborate. Your name is visible to other team members as the observer on records you create.

Outside your organization: Never without your consent. We do not share, sell, or provide your organization's data to researchers, governments, other organizations, or any third party unless your organization explicitly opts in. There are no exceptions to this policy.

5. Third-Party Services

We use the following third-party services:

• Supabase - database hosting and authentication
• NOAA APIs - weather, tide, and ocean condition data (no personal data is sent)
• Expo / React Native - app framework (no personal data is shared with Expo)

6. Data Retention

We retain different types of data for different periods:

• Account data (name, email, password): Retained while your account is active. Deleted within 30 days of an account deletion request.
• Scientific observations (species, tags, measurements, timestamps): Retained indefinitely for long-term conservation value. If your account is deleted, observations are anonymized (your name is removed) but the scientific data is preserved.
• GPS coordinates: Retained with observation records. Anonymized along with observations if your account is deleted.
• Photos: Retained with observation records. If your account is deleted, you may choose to have photos deleted entirely or kept anonymized for research purposes.
• Survey sessions: Retained indefinitely. Anonymized (participant name removed) if your account is deleted.
• Inactive accounts: If your account has no activity for 18 months, we will notify you. Accounts inactive for 24 months may be disabled, with personal data deleted after a 90-day grace period.

7. Data Portability

You have the right to export your data. You may request a full copy of your data in machine-readable format (CSV or JSON), including observations, photos, survey sessions, and GPS coordinates. We will fulfill export requests within 30 days. Contact hello@turtleops.org to request an export.

8. Your Rights

You may:

• Request a copy of your personal data (see Data Portability above)
• Request correction of inaccurate information
• Request deletion of your account and personal data
• Choose whether photos are deleted or anonymized upon account deletion
• Contact your organization admin to manage your role and access

9. Children's Privacy

TurtleOps is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes through the app or by email.

11. Contact Us

If you have questions about this privacy policy or your data, contact us at hello@turtleops.org.