Skip to content
✨ New: Calendar sync per location + photographer-focused rule templates
PhotoWeather
Get started

Privacy Policy

Last updated: September 2, 2025

Contact: privacy@photoweather.app

Scope

This Privacy Policy explains how PhotoWeather ("we", "us", "our") collects, uses, and safeguards information when you use our websites, applications, and related services (collectively, the "Service").

Information we collect

1) Account & Subscription

Email address, password hash, plan, and basic billing identifiers (e.g., subscription status, invoices). If you choose to sign in via email link or similar, we process the email to authenticate you.

2) App Content & Settings

Locations you add, rules/criteria you configure, notification preferences, time zone, and related metadata necessary to operate the Service.

3) Forecast Queries & Technical Logs

Requests to fetch weather forecasts (e.g., coordinates/time ranges), timestamps, device/browser metadata, IP address (coarse), and error/security logs.

4) Payments (via processor)

We receive payment status (success/fail, plan, invoice metadata). We do not store full payment card details; those are handled by our payment processor.

5) Communications

Support emails, feedback, and—if you opt in—marketing communications.

We do not intentionally collect special categories of personal data.

How we use information (purposes & legal bases)

  • Provide and operate the Service (create accounts, run rules, fetch forecasts, send notifications).
    Legal bases: performance of a contract; legitimate interests for service reliability and security.
  • Billing and account administration.
    Legal bases: performance of a contract; legal obligations (e.g., tax/recordkeeping).
  • Security, abuse prevention, and debugging (e.g., rate limiting, log analysis, fraud prevention).
    Legal basis: legitimate interests.
  • Communications (support responses; product updates; optional marketing only if you opt in).
    Legal bases: performance of a contract (support); consent (marketing).

Cookies & local storage

We use only storage strictly necessary to provide the Service you request:

  • Authentication/session cookies (and related security tokens like CSRF) to keep you signed in and secure the account area.
  • Local preferences (e.g., UI theme, filter toggles) stored either in local storage or server-side to remember your choices while using the Service.

We do not use analytics/advertising/A/B-testing cookies or other non-essential trackers. Because we only use storage that is necessary to provide the Service and your requested features, we do not display a cookie banner. If we later add non-essential storage, we will request your prior consent and provide controls.

Sharing and processors

We use service providers ("processors") that act on our instructions to help operate the Service:

  • Infrastructure & hosting: Hetzner Cloud (EU) and AWS (eu-central-1).
    Data involved: Service operation data, logs, stored content as necessary to run PhotoWeather.
  • Email delivery: Amazon Simple Email Service (SES).
    Data involved: email address, message content/metadata for transactional emails (e.g., verification, notifications).
  • Payments: Stripe.
    Data involved: email, plan, invoice metadata; payment instruments are handled by Stripe.
  • Forecast data: Open-Meteo.
    Data involved: forecast query parameters (e.g., coordinates/time ranges); we do not send your password or payment details to Open-Meteo.

We do not "sell" personal data.

Data retention

  • Account & subscription data: kept for the life of your account and for a reasonable period after closure where required for tax/records and dispute handling.
  • App content (locations, rules, preferences): kept until you delete it or close your account; we may apply routine archival windows (e.g., 24 months) after closure unless a longer period is required by law or for security.
  • Logs: typically 30–180 days, longer if needed to investigate abuse or security incidents.
  • Support/communications: as long as needed to manage your request and maintain records.

Your rights (EEA/UK and similar jurisdictions)

Subject to applicable law, you may:

  • Access your data and obtain a copy.
  • Correct inaccurate data.
  • Delete data (erasure).
  • Restrict or object to certain processing.
  • Portability of data you provided to us in a structured, commonly used, machine-readable format.
  • Withdraw consent where processing relies on consent (e.g., marketing).

To exercise these rights, email privacy@photoweather.app . You also have the right to lodge a complaint with your local supervisory authority (e.g., in Finland: the Office of the Data Protection Ombudsman).

Security

We apply technical and organizational measures designed to protect personal data (e.g., encryption in transit, access controls, least-privilege practices, and monitoring). No system is perfectly secure; we continuously work to improve our safeguards.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal data from children. If you believe a child has provided data, contact privacy@photoweather.app so we can take appropriate action.

Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, if changes are material, take additional steps to inform you.

Contact

Questions or requests about this Policy or your data? Email privacy@photoweather.app .