Privacy Policy

Introduction

Soma Weather ("Soma," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using Soma, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Device identifier (automatically generated UUID stored on your device)
• Email Address: Only if you voluntarily provide it for account recovery or support
• Payment Information: Handled securely by Apple through in-app purchases; we do not store credit card details

1.2 Information Collected Automatically

• Location Data: With your consent, we collect your device's location to provide localized weather forecasts. You can disable location access in your device settings at any time.
• Device Information: Device type, operating system version, and app version for compatibility and troubleshooting
• Usage Data: Anonymized analytics about feature usage to improve the app

1.3 Information We Do NOT Collect

• We do not track your location in the background
• We do not share your location with third-party advertisers
• We do not use location data for targeted advertising
• We do not sell your personal information to any third parties

2. How We Use Your Information

We use the information we collect to:

• Provide Weather Services: Display accurate, location-based weather forecasts
• Process Subscriptions: Manage your premium subscription status through Apple
• Send Weather Alerts: Deliver push notifications for severe weather (with your consent)
• Improve Our Service: Analyze anonymized usage patterns to enhance features
• Provide Customer Support: Respond to your inquiries and troubleshoot issues
• Ensure Security: Detect and prevent fraud or unauthorized access

3. Data Sharing and Third-Party Services

3.1 Weather Data Providers

To provide accurate forecasts, we send your location coordinates to weather data providers including Open-Meteo, OpenWeather, Tomorrow.io, Apple WeatherKit, NOAA, and NASA.

Important: We only send location coordinates to these providers—no personally identifiable information. These providers cannot link weather requests to your identity.

3.2 Service Providers

• Microsoft Azure: Cloud hosting infrastructure (data stored in EU - West Europe region)
• Apple: App Store distribution and in-app purchase processing

3.3 Legal Requirements

We may disclose your information if required to comply with a legal obligation, protect our rights, prevent wrongdoing, or protect public safety.

4. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have the following rights:

4.1 Right to Access (Article 15)

You can request a copy of all personal data we hold about you.
How to exercise: In the app, go to Settings → Privacy → Export My Data

4.2 Right to Rectification (Article 16)

You can request correction of inaccurate personal data.
How to exercise: Contact us at privacy@somaweather.app

4.3 Right to Erasure (Article 17)

You can request deletion of your personal data.
How to exercise: In the app, go to Settings → Privacy → Delete My Data

4.4 Right to Data Portability (Article 20)

You can request your data in a structured, commonly used, machine-readable format (JSON).
How to exercise: In the app, go to Settings → Privacy → Export My Data

4.5 Right to Withdraw Consent

You can withdraw consent for location access or push notifications at any time through your device settings.

4.6 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence.

5. Data Retention

• Account data: Until you delete your account
• Authentication tokens: 30 days (refresh), 1 hour (access)
• Location history: Not stored (real-time only)
• Subscription records: Duration + 7 years (legal requirement)
• Weather request logs: 90 days (anonymized)

After the retention period, data is automatically deleted or anonymized.

5.1 Database Backup Retention

For disaster recovery purposes, our database is automatically backed up by Microsoft Azure. When you delete your data, it is immediately removed from our live database. However, your data may persist in encrypted database backups for up to 30 days before being permanently destroyed.

During this backup retention period:

• Backups are encrypted using AES-256 encryption
• Backups are only accessible for disaster recovery purposes
• Data in backups is never used for any other purpose
• After 30 days, backup data is permanently deleted

6. Data Security

We implement industry-standard security measures:

• Encryption in Transit: TLS 1.3 encryption
• Encryption at Rest: AES-256 encryption
• Secure Token Storage: Device Keychain
• HMAC Authentication: Cryptographic signatures
• Access Controls: Strict employee access limits
• Regular Audits: Security reviews and assessments

7. International Data Transfers

Your data is processed and stored in the European Union (Microsoft Azure - West Europe region). For transfers outside the EU, we rely on Standard Contractual Clauses and your explicit consent.

8. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

9. Push Notifications

With your consent, we send severe weather alerts, daily summaries, and subscription reminders. Disable anytime in device settings or Settings → Notifications.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by posting updates in the app, updating the effective date, and sending push notifications for significant changes.

11. California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell your data). Use the same methods in Section 4 or contact us.

12. Contact Us

Summary

• Do you sell my data? No
• Do you share location with advertisers? No
• Can I delete my data? Yes - Settings → Privacy → Delete My Data
• Where is my data stored? EU (West Europe)
• Can I export my data? Yes - Settings → Privacy → Export My Data