Privacy Policy

1. What We Collect

Information You Provide

• Display name — shown on leaderboards, player profiles, and head-to-head challenges. You choose it during onboarding and can change it in Settings. Your real name is never required.
• Email address — used for sign-in and account recovery. If you sign in with Apple's "Hide My Email," we only see the relay address Apple provides. If you sign in with Google, we receive the email address associated with your Google account. We do not currently send marketing emails.
• Location (city, state, and approximate coordinates) — used to fetch weather data from the National Weather Service for your area and to place you on city- and state-level leaderboards. Coordinates are approximate; we don't store street addresses or real-time GPS traces.
• Mode selection — your chosen difficulty level (Casual, Standard, or Expert). Displayed on your public profile and leaderboard entry.

Information Generated as You Play

• Prediction history — your daily morning and evening forecasts, adjustment-window refinements, Storm Mode predictions (Storm Prediction Center, National Hurricane Center, and Weather Prediction Center across Day 1–3 tiers), scores, and Forecast Accuracy Rating averages.
• Streak data — consecutive calendar days with qualifying predictions, tracked separately for Day, Night, and Precision categories.
• Achievements and badges — milestone unlocks and the dates they were earned.
• Head-to-head challenges — which players you've challenged, each window's predictions, results, win/loss history, and H2H streaks.
• Games tab sessions — scores and personal bests for mini-games.
• In-app preferences — accessibility settings, notification preferences, leaderboard visibility toggles.

Purchase Information

• Subscription status — whether you hold a Premium subscription ($2.99/month or $19.99/year) and which optional weather centers you've unlocked ($4.99 each). We also record Streak Freeze purchases ($0.99 each).
• Payment details — all payment processing is handled by Apple through the App Store or by Google through Google Play, and managed on our side by RevenueCat. We never see, store, or have access to your credit card number, billing address, or payment credentials.

Technical and Diagnostic Information

• Crash reports (via Sentry) — stack traces, device model, OS version, and the app version where a crash occurred. Used exclusively to diagnose and fix bugs.
• Product analytics (via PostHog) — anonymous event metrics. No personally identifiable information is included. You can opt out in Settings.
• Push notification tokens (via OneSignal) — stored only if you grant notification permission. Used to deliver prediction-window reminders, Storm Mode alerts, and challenge notifications.

Information We Do NOT Collect

• Precise real-time GPS tracking or location history
• Contacts, photos, microphone, or camera access
• Advertising identifiers (IDFA) or cross-app tracking data
• Browsing history outside the App
• Biometric data or health information

2. Why We Collect It

3. Where Your Data Is Stored

• Game data (predictions, scores, badges, streaks, profiles, H2H records, leaderboard rankings): stored in our Supabase database, hosted on AWS infrastructure in the United States. Encrypted at rest and in transit.
• Authentication (email, OAuth tokens): managed by Supabase Auth. Passwords are hashed using industry-standard algorithms and are never visible to us in plaintext.
• Leaderboard cache: computed every 15 minutes by a server-side function. Contains only display names, scores, ranks, and location scopes — no private data.
• On your device: a subset of your game data is cached locally so the app works during brief connectivity gaps. This cache is cleared when you delete the App.

4. Who We Share Data With

We do not sell your personal information. We do not share your data with advertisers. We share data only with the following service providers, and only as needed to operate the App:

Weather data sources — The App fetches forecast and observation data from public services including the National Weather Service API, CoCoRaHS, CWOP, and NOAA MRMS. These are one-way data fetches; we send only location coordinates and receive weather data in return. No user identifiers or account information are transmitted.

We may also disclose information if required by law, court order, or to protect the safety of our users.

5. Your Rights

You have the right to:

• Access your data — visible on your in-app Profile and activity history.
• Correct your display name, mode, and prediction location — available in Settings at any time.
• Delete your account and all associated data — Settings → Account → Delete Account. Deletion is immediate and irreversible.
• Opt out of analytics — Settings → Privacy → Disable Analytics.
• Opt out of push notifications — via device Settings or in-app notification preferences.

For California Residents (CCPA)

California residents have the right to know what personal information we collect, to request its deletion, and to opt out of the "sale" of personal information. We do not sell personal information. To exercise these rights, email the address in Section 10.

6. Children

RivalWx is designed for adults interested in weather forecasting. Our target audience is ages 18 and older.

We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account or provided information to us, please contact us and we will delete the account promptly.

7. Security

We use reasonable technical and organizational measures to protect your data, including:

• HTTPS/TLS encryption for all network traffic between the App and our servers
• Row-level security policies in our database, restricting each user to their own records
• Column-level access controls ensuring email addresses and private data are never readable by other users
• Server-side score validation — prediction scores are computed by Edge Functions, not by the client app
• Dependency scanning and security audits of third-party libraries
• Authentication via Apple Sign In and Google Sign-In

No system is 100% secure. In the event of a confirmed data breach affecting your personal information, we will notify you via email within 72 hours, as required by applicable law.

8. Data Retention

• Active accounts: your data is retained as long as your account is active.
• Deleted accounts: all personal data is deleted immediately upon account deletion. Anonymized, aggregated statistics may be retained indefinitely — these cannot be tied back to any individual.
• Crash reports: retained for up to 90 days, then purged.
• Analytics events: retained for up to 90 days, then purged.
• Leaderboard cache: refreshed every 15 minutes; historical snapshots are not retained.

9. Changes to This Policy

We may update this policy as the App evolves. Material changes will be communicated through an in-app notice at least 14 days before they take effect. Continued use of RivalWx after changes take effect constitutes acceptance of the updated policy.

10. Contact

Email: privacy@rivalwx.app

Mailing address: Isobar Works LLC, 5534 Saint Joe Rd, Fort Wayne, IN 46835

We aim to respond to all legitimate requests within 30 days.