1. Introduction

Welcome to WeatherRank ("we", "us", "our", or the "Service"). We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect the following information when you submit a weather rating:

• City Name: The name of the city you are rating, which you either enter manually or is detected via reverse geocoding from your location
• Weather Rating: Your numerical rating (0-10) representing your subjective assessment of current weather conditions
• Consent Acknowledgment: Your acceptance of our Terms of Service and Privacy Policy at the time of submission

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

2.2.1 Location Data

• Geographic Coordinates (Optional): If you choose to use the location detection feature, we access your device's GPS coordinates to determine your city via reverse geocoding. We store the city-level coordinates (latitude and longitude) for map display purposes only. We do NOT store your precise device location.
• City-Level Coordinates: We store approximate coordinates for each city (e.g., city center coordinates) to display weather ratings on our interactive map. These are city-level coordinates obtained from geocoding services, not individual user locations.

2.2.2 Technical and Usage Data

• IP Address (Hashed): We collect your IP address for rate limiting and security purposes. Your IP address is immediately hashed using SHA-256 cryptographic hashing and is NOT stored in plain text. The hash is retained for 24 hours to enforce our one-rating-per-hour policy, after which it is automatically deleted.
• Timestamp: We record the date and time of each rating submission
• Browser and Device Information: We may collect information about your browser type, operating system, device type, screen resolution, and language preferences through standard HTTP headers
• Usage Analytics: We collect aggregated, anonymized data about how users interact with the Service, including page views, clicks, feature usage, and navigation patterns

2.3 Information We Do NOT Collect

To protect your privacy, we explicitly do NOT collect:

• Personal names or contact information (unless you voluntarily provide them in communications)
• Email addresses (we do not require registration or accounts)
• Passwords or authentication credentials
• Precise real-time GPS location (only city-level location is used)
• Plain-text IP addresses (only cryptographically hashed values are stored)
• Financial or payment information
• Social media profile information
• Biometric data

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Core Service Functionality

• Display weather ratings on city-specific pages
• Aggregate and display ratings on our interactive map
• Calculate average ratings, trends, and statistics
• Generate visualizations and charts showing weather patterns over time
• Enable comparisons between different cities and locations

3.2 Rate Limiting and Security

• Enforce our one-rating-per-hour policy using hashed IP addresses
• Prevent abuse, spam, and fraudulent submissions
• Detect and block automated bots or scraping attempts
• Maintain the integrity and reliability of our dataset

3.3 Service Improvement

• Analyze usage patterns to improve user experience
• Identify and fix technical issues and bugs
• Develop new features and functionality
• Optimize performance and loading times
• Conduct research and analytics on weather perception trends

3.4 Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to law enforcement requests and court orders
• Enforce our Terms of Service and other policies
• Protect our rights, property, and safety, and that of our users

4. How We Share Your Information

4.1 Public Display

Weather ratings you submit are displayed publicly on the Service and are accessible to all users. This includes:

• Individual ratings displayed on city pages (without identifying information)
• Aggregated ratings and statistics shown on the interactive map
• Historical trends and charts visible to all users
• City-level weather rating data that may be included in public datasets or APIs

Important: Submitted ratings are permanently part of our public dataset and cannot be individually retracted once submitted.

4.2 Service Providers and Infrastructure

We may share information with third-party service providers who perform services on our behalf, including:

• Cloud Hosting: We use cloud infrastructure providers (e.g., Convex, Vercel, AWS) to host and operate the Service
• Geocoding Services: We use third-party APIs to convert addresses to coordinates and vice versa
• Analytics and Advertising: We use Google Analytics, Google Ads, and Google Tag Manager to understand user behavior, measure marketing effectiveness, and improve the Service. Google may use cookies and similar technologies to collect information about your interactions with our Service and other websites.
• Content Delivery Networks (CDNs): We use CDNs to deliver content efficiently to users worldwide
• Map Tile Providers: We use third-party map tile services to display our interactive map

These service providers have access to your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes. However, please note that Google's data practices are governed by their own privacy policies.

4.3 Business Transfers

If WeatherRank is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or use of your information.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, search warrants), including to meet national security or law enforcement requirements.

4.5 What We Do NOT Share

We do NOT:

• Sell your personal information to third parties
• Share your information for third-party marketing purposes
• Provide your plain-text IP address to any third party
• Share your precise location data with advertisers or data brokers

5. Data Retention

5.1 Submitted Ratings

Weather ratings, city names, timestamps, and city-level coordinates are stored indefinitely as they form the core dataset of the Service. This data is aggregated and anonymized and cannot be traced back to individual users.

5.2 Hashed IP Addresses

Hashed IP addresses used for rate limiting are automatically deleted after 24 hours. This allows enforcement of our one-rating-per-hour policy while minimizing data retention.

5.3 Analytics and Logs

Server logs, analytics data, and technical information are typically retained for 90 days for troubleshooting and security purposes, after which they are automatically deleted or anonymized.

5.4 Legal Requirements

We may retain certain information for longer periods if required by law, for compliance purposes, to resolve disputes, or to enforce our agreements.

6. Data Security

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

6.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Cryptographic Hashing: IP addresses are hashed using SHA-256 and never stored in plain text
• Secure Infrastructure: Our servers and databases are hosted on secure, industry-standard cloud platforms
• Access Controls: We limit access to your information to authorized personnel and service providers who need it to perform their jobs
• Regular Security Audits: We conduct periodic security assessments and vulnerability scans

6.2 Limitations

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk.

6.3 Data Breach Notification

In the event of a data breach that affects your information, we will notify affected users in accordance with applicable laws and take appropriate remedial measures.

7. Cookies and Tracking Technologies

7.1 Cookies We Use

We use cookies and similar tracking technologies to track activity on our Service and hold certain information:

• Essential Cookies: Necessary for the Service to function properly (e.g., session management, security)
• Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics, Google Ads, Vercel Analytics)
• Advertising Cookies: Used to show you relevant advertisements and measure campaign effectiveness (e.g., Google Ads conversion tracking)
• Preference Cookies: Remember your settings and preferences (e.g., theme selection, language)

7.2 Google Analytics and Google Ads

We use Google Analytics and Google Ads to analyze how users interact with our Service and measure the effectiveness of our marketing campaigns. These services use cookies to collect information about your use of the Service.

Information collected by Google includes:

• Pages visited and time spent on pages
• How you arrived at our Service (referral source)
• Browser type and version
• Device type and screen resolution
• General geographic location (city/country level)
• Interactions with advertisements
• Conversion events (e.g., submitting a rating)

Google's use of advertising cookies enables it and its partners to serve ads based on your visits to our Service and other sites on the Internet. You can opt out of personalized advertising by visiting Google Ads Settings or aboutads.info.

For more information on how Google uses data, please visit How Google uses data when you use our partners' sites or apps.

7.3 Google Tag Manager

We use Google Tag Manager (GTM) to manage and deploy marketing tags (snippets of code) on our Service. GTM itself does not collect personal data, but it enables other tracking tools (like Google Analytics and Google Ads) to function. Tags deployed through GTM are subject to the privacy policies of their respective providers.

7.4 Third-Party Cookies

Third-party service providers may use cookies or similar technologies for analytics, advertising, or functionality purposes. These third parties have their own privacy policies:

• Google Analytics: Google Privacy Policy
• Google Ads: Google Advertising Policies

7.5 Cookie Management and Opt-Out

You can control and manage cookies in several ways:

• Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies through your browser settings. However, if you do not accept cookies, some portions of the Service may not function properly.
• Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on
• Advertising Preferences: Manage your advertising preferences through Google Ads Settings

To learn more about cookies and how to manage them, visit: www.allaboutcookies.org

7.6 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature. Currently, there is no industry consensus on how to respond to DNT signals. We do not currently respond to DNT browser signals. However, you can use the opt-out methods described above to control tracking.

8. Your Privacy Rights

8.1 General Rights

Depending on your location, you may have the following rights:

• Right to Access: Request access to the personal information we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Deletion: Request deletion of your personal information (subject to limitations described below)
• Right to Restriction: Request restriction of processing of your information
• Right to Object: Object to our processing of your information
• Right to Data Portability: Request transfer of your information in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent for processing based on consent

8.2 Limitations on Data Deletion

Important: Weather ratings are part of our public, aggregated dataset and cannot be individually deleted or retracted once submitted. This is because:

• Ratings are anonymized and cannot be traced back to individual users
• Ratings are aggregated into statistics and trends that depend on historical data integrity
• Removing individual ratings would compromise the accuracy of our dataset

However, we can delete or anonymize any personally identifiable information (PII) not necessary for the Service's operation.

8.3 Exercising Your Rights

To exercise any of your privacy rights, please contact us using the information in Section 14. We will respond to your request within 30 days in accordance with applicable law.

8.4 Right to Lodge a Complaint

If you are in the European Economic Area (EEA), you have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

9. International Data Transfers

WeatherRank is operated by Vestra AI ehf., a company based in Iceland. If you access the Service from outside Iceland or the European Economic Area (EEA), please be aware that your information may be transferred to, stored, and processed in Iceland, other EEA countries, and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to Iceland and other countries as necessary to provide the Service.

9.1 European Economic Area (EEA)

If you are in the EEA, we rely on the following legal bases for transferring your information outside the EEA:

• Your explicit consent
• Necessity for the performance of our services
• Standard contractual clauses approved by the European Commission
• Other lawful transfer mechanisms

10. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from children under 13 without verification of parental consent, we will take steps to remove that information from our servers.

10.1 Users Ages 13-18

If you are between 13 and 18 years old, you represent that you have obtained consent from your parent or legal guardian to use the Service and that they have read and agreed to this Privacy Policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request:

• The categories of personal information we collected about you
• The categories of sources from which the personal information was collected
• Our business or commercial purpose for collecting personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we collected about you

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (such as aggregated, anonymized data that forms part of our public dataset).

11.3 Right to Opt-Out

We do not sell personal information. If this changes in the future, California residents will have the right to opt out of the sale of their personal information.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including by:

• Denying goods or services
• Charging different prices or rates
• Providing a different level or quality of goods or services

11.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require proof of authorization before processing such requests.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your information based on the following legal grounds:

• Consent: You have given explicit consent for specific processing purposes (e.g., submitting a rating)
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., preventing fraud, improving the Service)
• Legal Obligation: Processing is necessary to comply with legal obligations

12.2 Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws. You may contact our DPO at: vestra@vestra.is

12.3 Cross-Border Data Transfers

When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Your explicit consent

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this Privacy Policy
• Posting a prominent notice on our Service
• Sending an email notification (if we have your email address)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to all requests within 30 days in accordance with applicable law.

15. Transparency Commitments

We are committed to transparency in our data practices. Here's a summary of our key privacy commitments:

• ✓ We do NOT sell your personal information
• ✓ We do NOT store plain-text IP addresses
• ✓ We do NOT collect precise GPS locations
• ✓ We do NOT require user registration or accounts
• ✓ We do NOT share data with third-party advertisers
• ✓ We automatically delete hashed IP addresses after 24 hours
• ✓ We use encryption (HTTPS) for all data transmission
• ✓ We are transparent about what data we collect and why

16. Data Processing Summary