Loading, please wait ..

Privacy Policy


Surfrizz

Last updated: January 2026

This Privacy Policy explains how personal data is processed when using the Surfrizz application and website ("Surfrizz").

Surfrizz is operated internationally and intended for users from multiple countries. This Privacy Policy is therefore provided in English.


1. Controller

The controller responsible for data processing under the GDPR is:

Nikolaus Koller
Varsavska 35
120 00 Prague
Czech Republic
Email: admin@surfrizz.com


2. Scope of Data Processing

We process personal data only to the extent necessary to operate Surfrizz, provide its features, and comply with legal obligations.

“Personal data” means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).


3. Types of Data Processed

Depending on how you use Surfrizz, we may process the following data:

  • Email address
  • First name and last name
  • Profile information (e.g. bio / “about” field)
  • Surfboard listings and offer locations
  • Uploaded images (profile pictures and listing images)
  • Messages and inquiries exchanged via the platform
  • Technical usage data (e.g. device information, log data)

4. Visibility of User Data

When users create listings or profiles, certain information is publicly visible within the Surfrizz app and website.

Listings, profile information, and images may be visible to other users. Messages and inquiries are visible to the respective communication partners.

Users are responsible for the content they choose to publish.


5. Legal Bases for Processing

Personal data is processed on the following legal bases:

  • Art. 6(1)(b) GDPR – performance of a contract (user account, platform functionality)
  • Art. 6(1)(a) GDPR – consent (analytics and optional services)
  • Art. 6(1)(f) GDPR – legitimate interests (secure operation, fraud prevention, service improvement)

Our legitimate interests include ensuring the technical stability and security of Surfrizz.


6. Analytics and App Performance

Surfrizz may use the following services only with user consent:

  • Google Analytics for Firebase
  • Firebase Crashlytics
  • Firebase Performance

These services are used to analyze app usage, improve stability, and detect errors. Analytics services are disabled by default and can be enabled or disabled by users at any time in the app settings.


7. Authentication and Login Services

To enable user authentication, Surfrizz uses Firebase Authentication.

Users may register via email or third-party login providers such as Google or Apple. Processing is necessary to authenticate users and link login credentials to user accounts (Art. 6(1)(b) GDPR).


8. Processors and Third Parties

We use carefully selected processors in accordance with Art. 28 GDPR:

  • Google Ireland Limited
    Gordon House, Barrow Street, Dublin 4, Ireland
    Hosting, Firebase Authentication, Firestore, Cloud Storage, and analytics services (if enabled).
    Google services are used to host user data and operate core platform functionality.

    • Google services may be provided by Google Ireland Limited or Google LLC, depending on the user’s location.

  • Functional Software, Inc. (Sentry)
    45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA
    (Error tracking and application stability monitoring)
  • Easyname GmbH, Canettistraße 5/10, 1100 Vienna, Austria
    Easyname is used exclusively for domain management and email delivery services. No application data or user content is hosted by Easyname.

Where personal data is transferred outside the EU/EEA, this is done on the basis of EU Standard Contractual Clauses (SCCs) or equivalent safeguards.


9. Data Hosting

Surfrizz is hosted on Google Cloud infrastructure.

User data, including account data, listings, images, and messages, is stored and processed using Google services such as Firebase and related cloud services.

Email communication and domain services are handled by Easyname GmbH.


10. Data Transfers

Personal data is not sold or shared for advertising purposes.

Data is transferred to third parties only where required to operate Surfrizz, to comply with legal obligations, or to protect legal rights and system security.


11. Data Retention

Personal data is stored only for as long as necessary to fulfill the purposes described in this Privacy Policy or to comply with legal retention obligations.

Users may delete their account at any time. Data will then be deleted unless legal obligations require continued storage.

If users are unable to delete certain personal data themselves through their account settings, they may contact us at admin@surfrizz.com to request erasure in accordance with applicable data protection law.

Some data may be retained for backup purposes for a limited period or where required for the establishment, exercise, or defense of legal claims.


12. User Rights

Under the GDPR, users have the right to:

  • Withdraw consent at any time (Art. 7(3) GDPR)
  • Access personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Requests can be sent to: admin@surfrizz.com


13. Data Security

Appropriate technical and organizational measures are implemented to protect personal data against loss, misuse, and unauthorized access.


14. Changes to this Privacy Policy

This Privacy Policy may be updated due to legal, technical, or operational changes.

The current version is always available at:
https://www.surfrizz.com/privacy
Download PDF