Privacy Policy
Last updated: April 26, 2026
Revised April 26, 2026 to reflect the activation-code web flow (no web registration; Advanced accounts are created only via mobile subscription) and the single-device session model.
weNow ("we", "our", "the app") is a weather application. We are committed to protecting your privacy. This policy explains what data we collect, why, and how it is handled.
1. Data We Collect
1.1 Location Data
When you grant location permission, the app accesses your device's geographic coordinates (latitude and longitude) to fetch weather data for your area. Location data is:
- Stored locally on your device (in app storage) so we can remember your selected location between sessions.
- Sent to our backend server per request to retrieve weather data. It is processed in memory and not stored in raw form. For accuracy tracking, anonymized coordinates (rounded to approximately 1 km precision) and city names are stored — these are shared geographic reference points and are not linked to any user, IP address, or device.
- Forwarded to third-party weather providers (see Section 3) to obtain forecasts. Each provider receives your coordinates only for the duration of the API call.
You can deny location permission and manually search for a city instead. You can revoke location permission at any time through your device settings.
1.2 IP Address
For rate limiting purposes, we store a one-way cryptographic hash (SHA-256) of your IP address. The original IP address cannot be recovered from this hash. Hashed IP records are automatically deleted after 7 days.
1.3 Feedback Messages
If you submit feedback through the app, we store the message text and your app language. Feedback is fully anonymous — no email, name, or identifying information is attached.
1.4 Subscription Data
If you make an in-app purchase, we store an anonymous RevenueCat identifier, your platform (iOS/Android), and subscription status. This data is not linked to your name, email, or any personal account.
1.5 Local Storage
The app stores the following on your device only:
- Your selected location (coordinates and city name)
- Language preference
- Whether you have completed the intro
- Widget location configurations
This data never leaves your device and is cleared when you uninstall the app.
1.6 Ad Impressions and Clicks
Free-tier users see one small ad card at the bottom of the main weather screen. We do not use any third-party ad network. All ads are served from our own backend and contain no tracking pixels, cookies, or third-party scripts.
The only data we store related to ads is:
- An impression counter — a single integer per ad row, incremented each time the backend serves that ad. Not linked to any user, device, or session.
- A click counter — a single integer per ad row, incremented each time the backend receives a click report. Not linked to any user, device, or session.
The schema has no foreign key, IP, timestamp, or any other field that could link an ad impression or click back to an individual user. It is technically impossible to reconstruct which user saw or clicked any given ad, even with full database access.
Ads do not read device advertising identifiers (IDFA, GAID), do not set cookies, and do not share any data with third parties.
Affiliate Links
Some ads contain affiliate links (e.g. Amazon Associates). These URLs include an affiliate tag that identifies weNow as the referral source. weNow does not pass any user data through these links — no device ID, no IP address, no session token, and no identifier of any kind.
However, once you tap an affiliate link and leave the app, the destination merchant (e.g. Amazon) operates under their own privacy policy. The merchant may use cookies or other mechanisms on their site to attribute the visit to the affiliate tag. This is standard affiliate program behavior and is outside weNow's control.
If you prefer not to be tracked by the merchant, you can choose not to tap the ad, or clear your browser cookies after visiting the merchant's site.
Advanced subscribers do not see any ads and no ad-related data is recorded for them.
1.7 Account Data (Advanced Subscribers Only)
The weNow Android and iOS apps work entirely without an account. An account is only created when you subscribe to weNow Advanced — at that point we store the minimum needed to recognize you as a subscriber and to let you use Advanced on the web through an activation code minted in the mobile app.
What we store for subscribers:
- Email address — used as your subscriber identifier. Stored lowercased so we can match the same account across devices. Some users sign in with Apple's private-relay email; in that case we only ever see the relay address, never the underlying email.
- Password hash (only if you set a password) — hashed with PBKDF2 (100,000 iterations, SHA-256, random per-user salt). Users who sign in with Apple or Google never set a password; we mark those accounts as OAuth-only.
- OAuth provider links (Apple / Google subject IDs) — only if you signed in with one of those providers.
- Active device identifier — an opaque UUID minted at sign-in. weNow Advanced is single-device per account; this UUID is what enforces that. JWTs we issue carry it as a claim, and a mismatch returns a session-revoked response.
- Activation codes — short-lived
WN-XXXX-XXXXcodes (10-minute, single-use) minted in the mobile app to unlock Advanced on the web. We store the code, who minted it, when, and whether it's been redeemed; codes auto-expire after 10 minutes regardless. - Account creation timestamp
The web version does not have a registration form. To use Advanced on the web you generate an activation code in the mobile app (Settings → Account → Activate weNow on the web) and paste it at wenow.name/activate. The web cannot create new accounts or new subscriptions on its own.
Sessions are managed via JSON Web Tokens (JWTs) signed with HMAC-SHA256, valid for 30 days. The JWT is bound to the active device identifier above — signing in elsewhere displaces the previous device after a short grace window so a single subscription can't be shared across many devices.
1.8 Browser Cookies (Website Only)
The weNow marketing website (wenow.name) sets a single strictly-necessary cookie:
lang— stores your language preference (e.g.fr,ja) so subsequent visits load the site in your chosen language without re-detection. One year lifetime,SameSite=Lax,Secure. Contains only the 2–3 letter locale code. No personal data, no tracking, no cross-site sharing.
Under GDPR/ePrivacy, strictly-necessary cookies do not require prior consent. The lang cookie is set either when you explicitly choose a language via the footer switcher, or when the site auto-detects your browser's Accept-Language header and redirects you to the matching locale for the first time.
You can clear it at any time through your browser's cookie settings. The app itself (Android and the /app/ web client) does not use browser cookies.
2. Data We Do Not Collect
- No user accounts or sign-ups required for the free experience on Android, iOS, or the web
- No email addresses (unless you subscribe to weNow Advanced — see Section 1.7)
- No names or other personal identifiers
- No analytics or usage tracking
- No advertising identifiers (IDFA, GAID)
- No third-party ad networks or SDKs
- No tracking cookies (only the strictly-necessary
langcookie — see Section 1.8) - No crash reporting or telemetry
- No link between ad impressions/clicks and any user or device
3. Third-Party Services
To provide weather data, your coordinates are sent to the following services during each weather request:
- OpenWeatherMap — weather data and geocoding
- WeatherAPI — weather data
- Open-Meteo — weather data
- Visual Crossing — weather data
For in-app purchases:
- RevenueCat — subscription management
Each service has its own privacy policy linked above. We encourage you to review them.
4. Data Retention
| Data | Retention |
|---|---|
| Hashed IP (rate limiting) | 7 days (auto-deleted) |
| API usage counts | 7 days (auto-deleted) |
| Feedback messages | Until manually deleted by us |
| Subscription records | Duration of subscription + reasonable period after |
| Location coordinates (raw) | Not stored on servers (processed in memory only) |
| Location aggregates (accuracy tracking) | Indefinite (anonymized, not linked to users) |
| Local device data | Until you uninstall the app |
| Account email and password hash (web users) | Until account deletion is requested by the user |
| JWT session tokens | 30 days from issuance (then expire automatically) |
| Ad impression/click counters | Indefinite (aggregate only, no user link) |
lang cookie (website) | 1 year (browser-stored; clearable at any time) |
5. Data Processing Location
Our backend runs on Cloudflare Workers with EU smart placement enabled, meaning requests from EU users are processed within the European Union. Data is processed in memory and not persisted beyond the retention periods described above.
6. Children's Privacy
weNow does not knowingly collect data from children under 13. The app does not require an account and collects no personal information.
7. Your Rights
Under GDPR (Articles 15, 17, and 20) and similar regulations, you have the right to access, delete, and port your data. weNow provides these as self-service actions so you never need to email support or wait on a manual process.
Export your data (Art. 15 and 20)
In the mobile app: Settings → Account → Export my data. You'll get a JSON file containing every row we have linked to your account (profile, OAuth links, subscription entitlements, activation-code metadata). The export is in a structured, machine-readable format for portability to other services.
On the web: not available without a device yet — sign in to the mobile app once and use the Settings option. If you can't install the app, email support@wenow.name.
Delete your account (Art. 17)
In the mobile app: Settings → Account → Delete my account. A two-step confirmation removes every user-linked row from our database (profile, OAuth links, activation codes, subscription entitlements, webhook event history).
On the web: wenow.name/delete-account. You'll need an activation code from the mobile app, or the ability to sign in on the web. The deletion is immediate and permanent.
Important — subscriptions are billed by Apple and Google, not by us. Deleting your weNow account does not cancel your App Store or Google Play subscription. Before deleting, go to your device's Settings → Subscriptions (iOS) or Play Store → Subscriptions (Android) and cancel weNow Advanced, otherwise you will continue to be charged at renewal. We remove our entitlement record immediately so the app stops treating you as Advanced, but the billing relationship stays with the store until you cancel there.
Other rights
For objection to processing, rectification of data, complaint to a supervisory authority, or any other GDPR-related question not covered by the self-service options, email support@wenow.name.
8. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the app after changes constitutes acceptance.
9. Contact
For privacy-related questions or data requests, contact us at: support@wenow.name
This translation is provided for convenience. The English version is the authoritative legal text; in case of any discrepancy, the English version prevails.