FloodArk is operated by FloodArk Inc., a Delaware corporation with its principal place of business at 1280 Hacienda Dr., Vista, CA 92081. References to “we,” “us,” and “our” in this Privacy Policy refer to FloodArk Inc.
We do not collect your name, address, phone number, IP address beyond what is needed for the request to reach our servers, browsing history, contacts, photos (other than ones you explicitly attach to a submission), Social Security numbers, driver's license numbers, financial-account credentials, biometric identifiers, racial/ethnic origin, religious beliefs, union membership, citizenship or immigration status, health or sex-life information, or the contents of your communications. We do not use third-party analytics SDKs. We do not embed advertising trackers.
Directly from you (saved locations, optional email). From your device (install UUID generated locally, APNs token, IP address used only to deliver the response). From Apple (StoreKit subscription status). From public hazard feeds (NWS, NHC, USGS, NIFC, AirNow, NOAA) — about hazards, not about you.
To generate plain-language Intel briefs summarizing hazard conditions, we send a bounded, transient snapshot to Anthropic, PBC (“Anthropic”) via its Claude API. The snapshot consists of: (i) the hex-cell coordinates of the location being summarized; (ii) the relevant hazard indicators for that point; and (iii) a system prompt and instructions. The snapshot does not include your email, install UUID, APNs token, subscription status, or any other identifier that we hold. Anthropic acts as our service provider under Cal. Civ. Code §1798.140(ag): it processes data only on our documented instructions, does not retain or use it to train its models in our commercial-tier configuration, and is bound by Anthropic's Commercial Terms of Service and Data Processing Addendum.
FloodArk does not use third-party advertising or analytics SDKs, pixels, tags, or beacons. We do not sell or share personal information for advertising. We do not engage in cross-context behavioral advertising. Our revenue comes solely from subscription fees.
Each third party that processes personal information on our behalf acts as a service provider under the CCPA. We do not share data with advertisers, data brokers, or marketing networks.
Our current subprocessors are listed below. The authoritative current version is published at flood-ark.com/subprocessors. We commit to updating the list whenever we add, remove, or change a subprocessor that processes personal information on our behalf, and to surfacing material changes in-app at least 30 days before they take effect.
We retain personal information only as long as reasonably necessary to provide FloodArk and to comply with our legal obligations:
You may request earlier deletion as described in Your Privacy Rights below.
With your permission (granted via iOS Settings), we use the Apple Push Notification service to deliver hazard alerts to your device. Hazard alerts are part of the service you have subscribed to. Promotional or marketing pushes are sent only if you have separately opted in, and you can opt out at any time in Settings → Notifications without affecting hazard alerts. APNs payloads are limited to location-name and public hazard identifiers; we never include your install UUID, coordinates, or subscription status on the lock-screen-visible portion of a push.
FloodArk surfaces data from public governmental hazard feeds, including the National Weather Service (weather.gov), the National Hurricane Center (nhc.noaa.gov), the U.S. Geological Survey (usgs.gov), the National Interagency Fire Center (nifc.gov), AirNow (airnow.gov), and NOAA (noaa.gov). These agencies are the authoritative source; FloodArk is not the originator of, and does not guarantee the accuracy, timeliness, or completeness of, these feeds.
This section describes how we handle personal information of California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
Categories collected (last 12 months). Identifiers; commercial information; internet/network activity; geolocation, including precise geolocation (sensitive personal information). No inferences.
Sale and sharing. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. Because we do not sell or share, we are not required to post — and do not post — a “Do Not Sell or Share My Personal Information” link.
Use of sensitive personal information. We collect precise geolocation only to provide the service you have requested, within the scope permitted under CCPA Regulations §7027(m). We do not use sensitive PI to infer characteristics about you. Because we limit use in this way, we are not required to post a “Limit the Use of My Sensitive Personal Information” link.
Your rights. Right to know what personal information we have; right to delete; right to correct; right to opt out of sale/sharing (not applicable); right to limit use of sensitive PI (not applicable); right to non-discrimination for exercising your rights; right to appeal a denial.
How to exercise rights. Email privacy@flood-ark.com or use the in-app form (Settings → Privacy → Submit a Request, when available). We will acknowledge a verifiable request within 10 business days and substantively respond within 45 calendar days, extendable once by 45 days with notice to you. We verify your identity using your install UUID or email of record.
Authorized agent. You may use an authorized agent, verified per §7063 of the CCPA Regulations.
Minors. We do not have actual knowledge that we collect personal information of any consumer under 16.
Residents of states with comprehensive consumer privacy laws — currently including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia — may have rights similar to those described above, including the right to access, correct, delete, port, and opt out of certain processing (including sale, sharing, targeted advertising, and certain profiling) of their personal information.
We do not sell personal information, do not share or process it for cross-context behavioral advertising, do not engage in profiling that produces legal or similarly significant effects, and do not use sensitive personal information beyond what is necessary to provide the service.
To exercise a right or to appeal a denial, contact privacy@flood-ark.com. We will respond within the timeframes required by your state's law (typically 45 days from a verifiable request, extendable once).
Global Privacy Control. Where required, we will honor Global Privacy Control or other recognized universal opt-out signals as a valid request to opt out of sale/sharing and targeted advertising, even though we do not engage in these activities.
For residents of states whose laws require opt-in consent before processing precise geolocation (including Colorado, Connecticut, Virginia, Texas, Oregon, Montana, and other VCDPA-pattern states), your initial decision to save a location and enable hazard alerts for that location constitutes your affirmative consent to our processing of precise geolocation solely for that purpose. You may revoke this consent at any time by removing the saved location, revoking location permission in iOS Settings, or uninstalling the app.
FloodArk is a general-audience service intended for adults. It is not directed to children under 13 within the meaning of the Children's Online Privacy Protection Act (COPPA), as amended in 2025. We do not knowingly collect personal information from children under 13. We also do not knowingly sell or share personal information of consumers under 16 within the meaning of the CCPA. If you are a parent or guardian and believe your child under 13 has provided personal information to us, please contact privacy@flood-ark.com and we will promptly delete the account and the associated data.
All requests between the app and our servers use TLS (HTTPS). The subscription verification flow uses Apple's signed JWS transactions, which we verify cryptographically. The install UUID is stored in the iOS Keychain with the AfterFirstUnlockThisDeviceOnly accessibility class, which prevents iCloud Keychain sync to other devices. We do not store your Apple ID or payment information — Apple manages billing entirely. No system is perfectly secure; we cannot guarantee absolute security.
If we discover a breach of security that compromises your personal information, we will notify you and applicable authorities as required by law, without unreasonable delay. California residents are covered by Cal. Civ. Code §1798.82; residents of other states are covered by their respective state breach-notification statutes.
FloodArk does not change its behavior in response to "Do Not Track" browser signals. We do not track users across third-party websites or apps in any case. This disclosure is provided to comply with the California Online Privacy Protection Act (Cal. Bus. & Prof. Code §§22575–22579).
We do not share personal information with third parties for their own direct-marketing purposes. California residents may nonetheless request a Shine the Light disclosure (Cal. Civ. Code §1798.83) by emailing privacy@flood-ark.com.
If you need this Privacy Policy or the Terms of Use in an alternative accessible format, please contact accessibility@flood-ark.com and we will provide one within a reasonable time at no cost.
If we make material changes to this Policy, we will surface them in-app at least 30 days before they take effect and will update the “Last updated” date above. Continued use after a material change becomes effective constitutes acceptance.
Privacy: privacy@flood-ark.com. Legal: legal@flood-ark.com. General support: support@flood-ark.com. Accessibility: accessibility@flood-ark.com. Postal: FloodArk Inc., Attn: Privacy, 1280 Hacienda Dr., Vista, CA 92081.