Privacy Policy

Last updated: March 2026

The short version: Your health data belongs to you. We collect only what is needed to make the app work. We never sell or share your personal data with third parties for advertising or commercial purposes. You can export or delete your data at any time.

1. Who we are

WeatherOrNot ("we", "our", or "us") is an independent application designed to help individuals with dysautonomia and related conditions track the relationship between weather patterns and their symptoms. The service is accessible at weatherornot.c3ena.cloud and associated mobile applications.

For privacy questions, contact us at: privacy@weatherornot.app

2. Data we collect

Account data

When you create an account:

  • Email address (required for authentication)
  • Display name (optional, you choose this)
  • Authentication provider (email/password or Apple Sign In)

Health and symptom data

When you log a symptom rating, we store:

  • Symptom score (1–5), period (morning / evening / post-meal / flare), and timestamp
  • Optional symptom tags you select (e.g., headache, dizziness)
  • Optional context tags (e.g., poor sleep, dehydrated)
  • Optional free-text notes
  • Weather conditions at the time of logging, if you provide location (see below)

Location is never required. Ratings logged without location are stored without any geographic data.

Location data

Location data is used only to fetch current weather conditions at the time you log a symptom or use the location tracking feature. Specifically:

  • Latitude and longitude are stored alongside each rating when provided
  • Location windows (start/end timestamps and coordinates) are stored when dynamic location tracking is active
  • We perform reverse geocoding (coordinates → city name) via the Nominatim API to produce human-readable location labels
  • We do not track your location continuously. Location is only captured when you explicitly log a symptom or activate the travel tracking feature

Weather data

Weather data (temperature, barometric pressure, composite risk score) is fetched from Open-Meteo at the time of logging and stored as a snapshot alongside your rating. This snapshot is used to compute your personal weather sensitivity profile.

Device and notification data

If you enable push notifications, we store your device push token (APNs token on iOS) to send weather risk alerts. This token is device-specific and is deleted when you disable notifications or delete your account.

Usage data

We do not use third-party analytics SDKs. Standard server logs (request timestamps, response codes) may be retained for up to 30 days for debugging and security purposes. These logs do not contain your symptom data.

3. How we use your data

Your data is used exclusively to:

  • Provide and improve the WeatherOrNot service
  • Compute your personal weather sensitivity profile (correlation analysis run against your data only — see Methodology)
  • Generate weather risk scores personalised to your history
  • Send push notifications if you have enabled them
  • Allow you to export your data for sharing with healthcare providers

We do not use your data to:

  • Train AI or machine learning models shared across users
  • Serve advertising
  • Build profiles for third-party marketing
  • Make automated decisions with legal or medical effect

4. Data storage and security

  • All data is stored in Supabase (Postgres), hosted on AWS infrastructure. Data is encrypted at rest and in transit (TLS).
  • Row-Level Security (RLS) is enforced at the database level: you can only ever read or write your own rows. Even WeatherOrNot staff cannot query your symptom data through the application layer.
  • API routes require a valid JWT issued by Supabase Auth. Tokens expire and are rotated automatically.
  • Service role keys (admin database access) are stored in environment secrets and are never exposed to the client.

5. Data sharing

We do not sell, rent, or share your personal or health data with third parties, except in the following limited circumstances:

  • With your explicit consent: When you use the Provider Report feature to generate a shareable link or send a report by email, you are choosing to share that data with a recipient of your choosing. Shareable links are time-limited and can be revoked at any time.
  • Infrastructure providers: Data passes through Supabase (database and auth), Vercel (API hosting), and Apple APNs (push notifications) as technical necessities of operating the service. These providers are bound by their own privacy policies and do not receive your symptom data for their own purposes.
  • Legal requirements: We may disclose data if required to do so by law, court order, or valid government request.

6. HIPAA notice

WeatherOrNot is not a HIPAA-covered entity and does not offer a Business Associate Agreement (BAA). The app is designed for personal self-tracking and is not intended to be used as part of a covered healthcare transaction. Do not use WeatherOrNot to store or transmit protected health information (PHI) in a HIPAA-regulated context. If you share a Provider Report with a healthcare provider, that transmission is initiated by you and is not covered by HIPAA obligations on WeatherOrNot's part.

7. Your rights

You have the right to:

  • Access your data: All your logged ratings and history are accessible directly in the app at any time, free of charge.
  • Export your data: Use the Provider Report → CSV Export feature to download all your symptom ratings in a portable format.
  • Correct your data: Contact us to correct inaccurate account information. Individual rating entries cannot currently be edited after submission (this is intentional to preserve data integrity for correlation analysis).
  • Delete your data: You may delete your account at any time from Settings → Account → Delete Account. This permanently and irreversibly removes all your data from our systems, including symptom ratings, location history, and profile data. Deletion is processed within 30 days.
  • Revoke shared links: Any Provider Report links you have generated can be revoked immediately from Settings → Shared Reports.

8. Data retention

  • Active accounts: data is retained indefinitely while your account is active
  • Deleted accounts: all personal data is purged within 30 days of account deletion
  • Shared report links: expire automatically at the date you set (max 90 days) or when revoked
  • Push tokens: deleted when you disable notifications or delete your account
  • Server logs: retained for up to 30 days, then automatically deleted

9. Children

WeatherOrNot is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email or via an in-app notice. Continued use of the service after changes become effective constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions, data deletion requests, or to exercise your rights, contact us at: privacy@weatherornot.app

WeatherOrNot Privacy Policy · Last updated March 2026

Terms of ServiceMethodologyHome
Advertisement
v1.0.2