Privacy Policy
PastWeather is a historical weather archive. This policy explains what personal data we collect, why we collect it, who we share it with, how long we keep it, and what rights you have over it. If you have questions, use the contact page.
Last updated: May 2025
What data we collect and why
- Email address and name — collected when you create an account, used to identify your session and communicate with you. Legal basis: contract (Art. 6(1)(b) GDPR).
- Search history — when you are signed in, we record the cities, regions, date ranges, and year ranges you have searched. This is used to enforce your monthly search quota and to let you resume recent searches. Legal basis: contract (Art. 6(1)(b) GDPR).
- IP-derived country code — we read the country inferred from your IP address (provided by Vercel's edge network, never stored as a raw IP) and save it to your profile. This is used to personalise regional defaults. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Contact and feedback form submissions — name, email, and message are forwarded to the site operator via Slack. They are not stored in our database. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Browser-side preferences — language, theme, unit system, and recent searches are stored in your browser's localStorage and never sent to our servers.
- Guest search quota cookies — if you search without signing in, we set two httpOnly cookies (
pw_guest_searchesandpw_guest_last) to track how many searches you have made as a guest. These expire after 30 days. - Authentication session cookie — when you sign in, Supabase sets a session cookie to keep you logged in.
Advertising
PastWeather only loads Google AdSense on eligible public pages. When an AdSense slot is shown, Google and its partners may use cookies or similar technologies to serve and measure ads based on your browsing activity. You can manage ad personalisation at Google Ad Settings or learn more on Google's partner sites page.
Analytics
PastWeather loads an Umami analytics script from analytics.pastweather.info (a self-hosted instance). Umami collects anonymised page views and product events (searches, share actions, feedback submissions). It does not use cookies, does not track users across sites, and does not share data with third parties. Because no personal data is processed, this analytics runs on a legitimate interest basis (Art. 6(1)(f) GDPR) and does not require your consent.
Cookie consent and browser storage
We show a cookie notice on your first visit. Your choice (Accept or Reject) is stored in localStorage under the key pw-consent-v1 so the banner does not re-appear on every visit. Clicking Cookie preferences in the footer resets this choice and re-shows the banner so you can change your mind at any time.
Third-party data processors
| Processor | What data | Purpose | Location |
|---|---|---|---|
| Supabase | Email, name, search history, profile data | Database and authentication | EU (AWS eu-central-1) |
| Vercel | IP address (in-transit only, not stored by us) | Hosting and edge delivery | Global CDN |
| Slack | Name, email, message (contact/feedback form only) | Operator notifications | United States |
| Google (AdSense) | Cookie-based browsing data (consent required) | Ad serving and measurement | Global |
| Umami (self-hosted) | Anonymised page views and events (consent required) | Analytics | EU |
Data retention
- Account data (email, name, profile) — kept until you delete your account.
- Search history — kept until you delete your account or individually clear it.
- Application logs — retained for up to 90 days for error diagnosis, then deleted.
- Guest quota cookies — expire after 30 days automatically.
- Contact/feedback messages — retained in Slack according to your Slack workspace's retention policy; we do not store them in our database.
Your rights (GDPR Arts. 15–22)
- Right of access (Art. 15) — you can request a copy of the data we hold about you.
- Right to erasure (Art. 17) — you can delete your account and all associated data from the Delete Account page.
- Right to rectification (Art. 16) — contact us to correct inaccurate data.
- Right to data portability (Art. 20) — contact us to request an export of your data.
- Right to object (Art. 21) — you may object to processing based on legitimate interest by contacting us.
- Right to withdraw consent (Art. 7(3)) — use the Cookie preferences link in the footer at any time.
To exercise any right, use the contact page. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority (e.g., the ICO in the UK or the DPA in your EU member state).
Contact and corrections
For privacy questions, data requests, or corrections, use the contact page. There is no dedicated Data Protection Officer; the site is operated by an individual developer.
Your choices
- Manage or clear cookies and localStorage in your browser settings.
- Change your analytics and advertising consent via Cookie preferences in the footer.
- Manage Google ad personalisation at Google Ad Settings.
- Delete your account and all data on the Delete Account page.