Back to tool

Privacy policy

Last updated March 17, 2026

This Privacy Notice for parragraph (doing business as rubber.surf) (“we,” “us,” or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at hello@rubber.surf.

Summary of key points

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? We do not process sensitive personal information.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by visiting rubber.surf/contact, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Table of contents
1. What information do we collect?2. How do we process your information?3. What legal bases do we rely on to process your personal information?4. When and with whom do we share your personal information?5. What is our stance on third-party websites?6. Do we use cookies and other tracking technologies?7. Is your information transferred internationally?8. How long do we keep your information?9. How do we keep your information safe?10. Do we collect information from minors?11. What are your privacy rights?12. Controls for do-not-track features13. Do United States residents have specific privacy rights?14. Do other regions have specific privacy rights?15. Custom location coordinates16. Do we make updates to this notice?17. How can you contact us about this notice?18. How can you review, update, or delete the data we collect from you?

1. What information do we collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Sensitive Information. We do not process sensitive information.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

We use Plausible Analytics, a privacy-friendly, EU-based, cookieless analytics service. Plausible does not use cookies, does not collect personal data, and does not track individual users. All analytics data is processed exclusively on servers owned and operated by European companies in Frankfurt, Germany.

We use Sentry (EU-hosted in Frankfurt, Germany) for error monitoring and performance tracking. Sentry collects technical data such as error messages, browser type, device information, and page URLs when errors occur. Sentry is configured to exclude all personal data — no email addresses, names, body measurements, or location coordinates are sent to Sentry. Sentry's Data Processing Addendum (DPA) has been signed, and all data is processed in the EU.

The information we collect includes:

2. How do we process your information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

3. What legal bases do we rely on to process your personal information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

In legal terms, we are generally the “data controller” under European data protection laws of the personal information described in this Privacy Notice, since we determine the means and/or purposes of the data processing we perform.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

4. When and with whom do we share your personal information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.

The third parties we may share personal information with are as follows:

We also may need to share your personal information in the following situations:

5. What is our stance on third-party websites?

In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services, but are not affiliated with, our Services.

The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third-party websites. Any data collected by third parties is not covered by this Privacy Notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly to respond to your questions.

Affiliate links. Some links on our Services are affiliate links. When you click an affiliate link, you leave rubber.surf and may be briefly redirected through an affiliate network domain (such as AvantLink, Impact, or Commission Factory) before arriving at the brand's website. rubber.surf does not set any cookies during this process and does not transmit any personal data to the affiliate network. The redirect URL contains only a publisher identifier and product destination. Any cookies set during or after the redirect are placed by the affiliate network or the brand's website on their own domains, subject to their own privacy policies.

6. Do we use cookies and other tracking technologies?

In Short: We use only strictly necessary cookies for our site to function. We do not use analytics cookies, marketing cookies, or third-party tracking technologies.

Our hosting provider (Vercel) may set strictly necessary cookies for load balancing and security purposes. These cookies are essential for the site to function and do not collect personal data or track your browsing behaviour. Under GDPR, strictly necessary cookies do not require consent.

We do not use third-party advertising scripts or marketing cookies. Advertisements displayed on our Services are served directly from our own infrastructure through direct brand partnerships, and do not involve third-party tracking or cross-site profiling.

You can set your web browser to refuse cookies. If you choose to do so, some parts of the site may not function as expected. Most browsers allow you to manage cookies through their settings — consult your browser's help menu for instructions.

Plausible Analytics

We use Plausible Analytics, a privacy-friendly, EU-based, cookieless analytics provider, to track and analyze the use of the Services. Plausible Analytics does not use cookies, does not collect personal data, and does not track individual users. All analytics data is processed exclusively on servers owned and operated by European companies in Frankfurt, Germany. No opt-out is necessary as no personal data is collected. For more information, visit Plausible's privacy policy.

Anonymous recommendation data

When you use our recommendation tool, we log anonymous, non-identifiable data about the recommendation generated. This includes: spot name, discipline, weather conditions (water temperature, air temperature, wind speed), the preference selections you made (thermal comfort, experience level, session length), the recommendation output (suit thickness, accessories), whether you used session or trip mode, and the data source type.

This data contains no personal identifiers: no email addresses, names, IP addresses, cookies, authentication tokens, or location coordinates. It cannot be linked to individual users. There is no technical mechanism (cookie, session ID, or other identifier) connecting rows to specific individuals.

We use this data for aggregate analytics and service improvement, such as understanding which suit thicknesses are most commonly recommended in specific regions and seasons. Under the GDPR, fully anonymous data (containing no identifiers) does not qualify as personal data. We disclose this data collection here for full transparency.

7. Is your information transferred internationally?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in Germany and United States. Regardless of your location, please be aware that your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we may share your personal information, including facilities in the United States, and other countries.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.

European Commission's Standard Contractual Clauses:

We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

Our error monitoring provider (Sentry) processes technical data exclusively on EU servers in Frankfurt, Germany. Our weather data provider (Open-Meteo) is EU-based and processes location coordinates only to return weather forecasts.

8. How long do we keep your information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). We retain personal information for as long as necessary to provide our services and fulfill the purposes described in this policy. Users can request deletion at any time by emailing hello@rubber.surf. Upon request, personal data is deleted within 30 days. Anonymised trip data may be retained indefinitely for analytical purposes.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. How do we keep your information safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. Do we collect information from minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction.

We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or the equivalent age as specified by law in your jurisdiction or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at hello@rubber.surf.

11. What are your privacy rights?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us using the contact details below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details below.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

12. Controls for do-not-track features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

13. Do United States residents have specific privacy rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information.

Categories of Personal Information We Collect

We will use and retain the collected personal information as needed to provide the Services or for:

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include: Right to know whether or not we are processing your personal data; Right to access your personal data; Right to correct inaccuracies in your personal data; Right to request the deletion of your personal data; Right to obtain a copy of the personal data you previously shared with us; Right to non-discrimination for exercising your rights; Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling.

How to Exercise Your Rights

To exercise these rights, you can contact us by visiting rubber.surf/contact, by emailing us at hello@rubber.surf, or by referring to the contact details at the bottom of this document.

Financial Incentives

“Financial incentive” means a program, benefit, or other offering, including payments to consumers as compensation, for the disclosure, deletion, sale, or sharing of personal information. We may decide to offer a financial incentive (e.g., price or service difference) in exchange for the retention, sale, or sharing of a consumer's personal information. If we decide to offer a financial incentive, we will notify you of such financial incentive and explain the price difference, as well as material terms. If you choose to participate in the financial incentive you can withdraw from the financial incentive at any time by emailing us at hello@rubber.surf, by visiting rubber.surf/contact, or by referring to the contact details at the bottom of this document.

14. Do other regions have specific privacy rights?

In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (Privacy Act). This Privacy Notice satisfies the notice requirements defined in both Privacy Acts.

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us using the contact details below.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner.

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us using the contact details below.

If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, the details of which are:

The Information Regulator (South Africa)
General enquiries: enquiries@inforegulator.org.za
Complaints: PAIAComplaints@inforegulator.org.za & POPIAComplaints@inforegulator.org.za

15. Custom location coordinates

When users enter custom location coordinates to receive a recommendation, these coordinates are used solely to fetch weather data for that session. Custom coordinates are never stored, logged, shared, or published. They are discarded immediately after the recommendation is generated.

16. Do we make updates to this notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

17. How can you contact us about this notice?

If you have questions or comments about this notice, you may email us at hello@rubber.surf or contact us via rubber.surf/contact.

parragraph
Calandkade 157
Den Haag, Zuid-Holland 2521AA
Netherlands

If you are a resident in the European Economic Area, we are the “data controller” of your personal information. We have appointed Ronald de Leeuw to be our representative in the EEA. You can contact them directly regarding our processing of your information by email at hello@rubber.surf or via rubber.surf/contact.

18. How can you review, update, or delete the data we collect from you?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit: rubber.surf/contact.