Privacy Policy

Last updated: 3 May 2026

Storm Sniff watches the sky for storms heading toward your home so you can settle your dog ahead of time. To do that we collect a small amount of personal data. This page explains exactly what, why, and what your rights are.

What we collect

Account information — your email address, password (hashed with bcrypt — we never see the plain text), display name, and the date you signed up.
Location data — the latitude and longitude of your home (or each home location, if you're on Pro). We need this to compute whether a storm or lightning strike is near you. We do not track your day-to-day location.
Country and time zone — used to time the nightly outlook email and the fireworks calendar correctly.
Dog profile data — names, breeds, weights, anxiety levels, photos, medication schedules, and behaviour-journal entries you log.
Notification channel data — phone number for SMS, WhatsApp number, push subscription tokens (browser-issued), all only if you enable those channels.
Usage data — the alerts we sent you and when, and basic request logs (IP address, browser type) for the time it takes to investigate abuse or downtime.

How we use it

To deliver the service you signed up for — alerts, the dashboard, the nightly outlook email.
To send transactional emails (verification, password reset, billing receipts).
To improve the product — debugging, fixing bugs, understanding which alert types fire most often.
To meet legal obligations — tax records, responding to lawful requests.

What we don't do

We don't sell, rent, or trade your data.
We don't share your home location or your dog's information with third parties for advertising.
We don't track your day-to-day movements.
We don't run third-party advertising trackers on the site.

Who we share data with (sub-processors)

We use a small number of services to run the product. Each only sees what they need to do their job:

Stripe — payment processing for Pro subscriptions
Twilio — SMS and WhatsApp delivery (Pro only)
Postmark / our SMTP provider — transactional email
Plausible — privacy-friendly site analytics (no cookies, no personal data)

Your rights (GDPR / UK GDPR / CCPA)

Wherever you are, you have the right to:

Access — get a copy of everything we hold about you.
Correct — fix anything that's wrong.
Delete — close your account and have your data removed. You can do this yourself from Settings → Delete account, or email us.
Export — receive your behaviour journal and alert history in a machine-readable format.
Object — to specific processing activities.
Withdraw consent — at any time, including disabling any notification channel.

To exercise any of these rights, email hello@stormsniff.com. We respond within 30 days (often much sooner).

Data retention

Account data — kept for as long as your account is active. Deleted within 30 days of account closure.
Behaviour journal and alert history — kept while your account is active.
Billing records — retained 7 years for tax purposes.
Server logs — rotated after 30 days.

International transfers

Our servers are in Germany. If you're outside the EU, your data is transferred to the EU under Standard Contractual Clauses where applicable.

Security

Passwords are hashed with bcrypt. The site is served over HTTPS. We back up the database daily and encrypt backups at rest. We don't promise we're unbreakable — no one truthfully can — but we take it seriously.

Children

Storm Sniff isn't aimed at children. We don't knowingly collect data from anyone under 16. If you believe we have, contact us and we'll delete it.

Changes to this policy

If we make material changes, we'll email account holders at least 30 days before they take effect.

Contact

Storm Sniff — operated by Tim Smyk, Adelaide, Australia.
Email: hello@stormsniff.com