Cloudbase App — Privacy Policy

Last modified: 8 April 2026

1. Who we are

Cloudbase ("Cloudbase App") is a skydiving logbook and social platform developed by Cloudbase App Ltd, a company registered in England and Wales (company number 17143982). The app is listed on Google Play and the Apple App Store under the name "Cloudbase App". You can reach us at hello@getcloudbase.com. References to "we", "us", or "our" mean Cloudbase. This privacy policy applies to all versions of the Cloudbase App, including the mobile app (iOS and Android), the Apple Watch app, the web app at getcloudbase.com, and the AltiReader desktop companion app.

2. What we collect

We collect the following categories of data:

Identity

Your name and email address (provided via Google or Apple sign-in), your chosen username, profile photo, and Instagram handle if you add one.

Skydiving data

Jump records from any source you connect or enter — Burble sync, manual entry, altimeter imports (via AltiReader), GPS devices, and Apple Watch. This includes freefall times, altitudes, disciplines, aircraft type, canopy model, and formation size.

Location data

Cloudbase collects location data in the following ways:

  • Apple Watch app (foreground only): When you start a jump session on the Cloudbase Apple Watch app, GPS location is recorded during climb, freefall, and canopy phases. This is used to track your flight path, calculate canopy navigation, detect your landing location, and match your watch-recorded jump to the correct entry in your logbook. Location is only collected while the app is actively in the foreground during a jump — we do not track your location in the background or at any other time.
  • Nearby drop zone detection: The Apple Watch app uses your current location to identify the nearest drop zone from a cached list when you board an aircraft. This happens on-device and is not sent to our servers separately from the jump session data.
  • Home drop zone: You may optionally select a home drop zone in your profile. This is stored as a drop zone ID, not as your personal coordinates.
  • Profile location: You may optionally add a city or country to your profile, which is visible to other users according to your privacy settings.
  • Landing coordinates: Your landing GPS coordinates are recorded at the end of each watch-tracked jump and stored with the jump record.

Cloudbase does not collect background location data. GPS is only active during jump sessions initiated by you on the Apple Watch. The mobile app (iOS/Android) does not request or use location permissions.

Health and sensor data

If you use the Cloudbase Apple Watch app and grant the necessary device permissions, we collect heart rate, G-force readings, altitude profiles, accelerometer data, and gyroscope data during your jumps. This data is only collected when your device permissions allow it.

Burble credentials

If you connect your Burble account, we store your Burble credentials encrypted at rest using AES-256-GCM. These are used solely to sync your jump records on your behalf.

Financial

Your Stripe customer ID and subscription tier. We never store your card numbers — all payment processing is handled by Stripe.

Social

Posts, comments, reactions, follows, and campfire (drop zone chat) messages you create within Cloudbase.

Device and session

IP address, device fingerprint, and push notification tokens. These are used for security purposes (including account sharing detection) and to deliver notifications.

Analytics

API usage, screen views, and button presses — used to improve the app. We do not use any third-party analytics SDKs. All analytics data stays within our own infrastructure.

Qualifications

BPA or USPA membership numbers, licence category, instructor ratings, and FAI number — verified during sign-up or added later in your profile.

What we do NOT collect

We believe in collecting only what we need. Cloudbase does not collect or store:

  • Your home address or postal address
  • Your phone number
  • Your date of birth
  • Your gender or ethnicity
  • Credit or debit card numbers (Stripe handles all payment data)
  • Passwords (we use Google and Apple sign-in only — no passwords are stored)
  • Contacts from your phone
  • Photos from your camera roll (unless you explicitly upload them)
  • Background location data — GPS is only recorded during active jump sessions you initiate on the Apple Watch, never in the background or at any other time
  • Advertising identifiers or tracking cookies
  • Data from other apps on your device

3. Why we collect it

We process your data under three legal bases:

Contract

To provide and maintain your logbook, manage your account, sync your jump records from Burble, and process your subscription.

Legitimate interest

To power the social features (feed, comments, reactions, leaderboards), run internal analytics, detect account sharing, maintain platform safety, and improve the quality of AI-powered features using anonymised prompt data (see section 7).

Consent

For health and sensor data from your Apple Watch, marketing emails, storing your Burble credentials, and AI-powered features. You can withdraw consent at any time.

4. Profile visibility

You control who can see your profile and jumps. There are three levels:

  • Public: Your profile and jumps are visible to everyone.
  • Followers: Your jumps are visible only to people you approve as followers.
  • Private: Pure logbook mode — no social visibility at all.

You can change your visibility level at any time in Privacy Settings within the app.

5. Where your data is stored

All your data is stored in the European Union. Our primary database and cache are hosted in Railway's EU-West region. We chose EU hosting to provide the strongest possible data protection for all users, regardless of where you are in the world. Your jump records, profile data, GPS tracks, and all other personal data never leaves the EU.

  • Database: Railway (PostgreSQL) — EU-West region.
  • Cache: Railway (Redis) — EU-West region.
  • Files and images: Cloudflare R2 — EU storage with global CDN edge caching for performance.
  • Email delivery: Resend — processes your name and email address for delivery. Resend is US-based but only handles transactional message content, not your logbook or jump data.

6. Third-party processors

We share data with the following services to operate Cloudbase:

  • Railway: Database and cache hosting (EU-West region).
  • Cloudflare: File storage, CDN, DNS, and email routing.
  • Stripe: Payment processing. Stripe is PCI-compliant and we never store your card data ourselves.
  • Resend: Transactional email delivery. Receives your name and email address.
  • Google / Apple: OAuth authentication when you sign in.
  • Burble Software Inc: Jump record sync using the credentials you provide. Cloudbase is not affiliated with Burble Software Inc.
  • Buffer: Auto-posting of platform milestones to Instagram only. No personal data is shared with Buffer.

7. AI processing

Development and support

We use AI-powered development tools (currently Anthropic Claude) to build, debug, and support the platform. Data processed this way is handled under the provider's commercial API terms — it is not retained for training and is not used to improve AI models.

AI-powered features (opt-in)

When you enable AI features in Privacy Settings, your jump data may be processed by third-party AI providers to deliver personalised analysis and insights. This data is processed per-request and is not retained by the provider.

Improving AI features (opt-out)

To improve the quality of AI insights over time, Cloudbase may also retain the anonymised jump data used to generate your insights. This data is:

  • Stored by Cloudbase — not shared with or retained by the AI provider
  • Used to refine the prompts we send to the AI, not to train any AI model
  • Linked to your account but contains only your jump data in anonymised form
  • Retained for up to 12 months, then permanently deleted

You are opted in to this by default. You can opt out at any time by turning off Help improve AI insights in Privacy Settings → AI & Data. Opting out stops all future retention and does not affect your ability to use AI-powered features. The legal basis for this processing is legitimate interest (improving the service); you have the right to object at any time.

8. Burble sync

When you connect your Burble account, we use your credentials to fetch your jump records from Burble's systems. Your credentials are encrypted at rest using AES-256-GCM and are only decrypted during the sync process.

We store a copy of your jump records — the originals remain in Burble. You can disconnect your Burble account at any time and request deletion of all synced data.

Cloudbase is not affiliated with Burble Software Inc.

9. Cookies

We use a single httpOnly session cookie (cb_token) to keep you signed in. That is it. We do not use tracking cookies, advertising cookies, or any third-party cookies.

10. Data retention

  • Account data: Kept for as long as your account exists.
  • Campfire messages: Automatically expire after 14 days.
  • Deferred jump tags: Expire after 90 days.
  • Analytics events: Retained indefinitely in aggregate form.
  • AI insight prompt data: Retained for up to 12 months, or deleted immediately if you opt out via Privacy Settings → Help improve AI insights.
  • After account deletion: There is a 30-day grace period during which you can cancel the deletion. After 30 days, your account and associated data are permanently deleted. Some data is preserved in anonymised form — for example, comments you made on other people's posts will be shown as "Deleted user".

11. Your rights (GDPR)

Under data protection law, you have the right to:

  • Access: Request a copy of your data via the in-app data export or by emailing us.
  • Rectification: Correct any inaccurate data we hold about you.
  • Erasure: Delete your account and all associated data.
  • Portability: Export your data in a machine-readable format (JSON).
  • Restriction: Request that we limit how we process your data.
  • Objection: Object to processing based on our legitimate interest.
  • Withdraw consent: Disable AI features, disconnect Burble, or unsubscribe from emails — at any time, with no penalty.
  • Complain: Lodge a complaint with the ICO (UK) or your local supervisory authority.

To exercise any of these rights, email us at hello@getcloudbase.com.

12. Account deletion

You can request account deletion through Settings in the app or by emailing us. Once requested, there is a 30-day grace period during which you can cancel.

After 30 days, your account and all associated data are permanently deleted. Comments you made on other people's posts will be anonymised and displayed as "Deleted user".

13. Children

Cloudbase is for users aged 18 and over. We do not knowingly collect data from anyone under 18. If we become aware that a user is under 18, we will delete their account and data.

14. Changes to this policy

If we make changes to this policy, we will notify you by email and with an in-app notice. Continued use of Cloudbase after notification constitutes acceptance of the updated policy. Material changes may require your explicit re-consent.

15. Contact

If you have questions about this policy or how we handle your data, get in touch at hello@getcloudbase.com.

← Back to sign in