Privacy

Last updated

GrayCloud values your privacy. We collect only the information we need to show you the weather, keep it for as little time as the job allows, and never sell it. This policy explains what we collect, how we use it, and the choices you have.

This Privacy Policy describes how GrayCloud ("we," "us") collects, uses, and shares your information when you use graycloud.app (the "Website") or the GrayCloud apps for iPhone, iPad, Mac, and Apple Watch (the "Apps," collectively the "Service"). By using the Service, you agree to the practices described here.

Collection of Information

User Provided Information

We collect information you provide to us. Examples may include:

  • the location you enter when requesting a forecast
  • the places you save in the app
  • the contact details you provide when you email support
  • your email and billing details if you sign up for the Developer API

Automatically Collected Information

We collect information about how you interact with the Service and the device you use. This may include:

  • your device's current location, if you grant permission, for use in forecasts and alerts
  • your Apple Push Notification service (APNs) token if you enable severe-weather alerts
  • standard request data such as IP address, user agent, path, and timestamp
  • anonymous events (page views, taps, app launches) tagged with a daily-rotating hash of your IP so we can count distinct visitors without storing the IP itself

Use of Information

We use the data we collect to operate and improve the Service. This includes:

  • providing forecasts, maps, and conditions
  • sending the severe-weather alerts you request
  • understanding how the Service is used in aggregate
  • troubleshooting issues and preventing abuse
  • operating the Developer API and billing for it

We retain information only as long as needed to provide the Service. Forecast request logs are kept for up to 7 days. Analytics are retained as anonymized aggregates; the daily visitor hash becomes unlinkable once the day rolls over. Your APNs token and the coordinates of places you've enabled alerts for are kept until you turn alerts off. Developer API account and billing records are kept while your account is active and for up to 7 years afterward for invoices required by tax law.

Disclosure of Information

We do not sell or rent your information. We share data only as follows:

  • to comply with legal obligations such as subpoenas
  • to protect our rights, your safety, or the safety of others, and to investigate fraud
  • in the event of a merger, acquisition, or asset sale, only as needed to continue operating the Service

We do not use third-party analytics, advertising SDKs, advertising identifiers, or cross-site tracking. The public weather pages set no cookies; the Developer API dashboard uses a single first-party session cookie after you sign in.

Opt-out

You can stop data collection at any time:

  • revoke location access in iOS or macOS Settings to stop sending coordinates
  • turn off notifications in the app or in iOS Settings to drop your APNs token on next sync
  • delete saved places to remove them from iCloud sync
  • uninstall the app and stop using the Website to halt further collection
  • email [email protected] to delete a Developer API account

Because most data we collect is anonymized, we cannot link it back to specific users or delete previously gathered information.

Security

All traffic between your device and our servers is encrypted with TLS. API keys and session tokens are stored hashed. Access to production systems is limited to a small set of engineers and requires hardware-key two-factor authentication. No online service can be perfectly secure; if you discover a vulnerability, please email [email protected] before disclosing it publicly.

Our infrastructure is based in the United States. If you access GrayCloud from outside the US, your data will be transferred to and processed in the US, where data protection laws may differ from those in your country. By using the Service, you consent to that transfer.

Children

GrayCloud is not directed to children under 13, and we do not knowingly collect their personal information. If you believe a child has provided personal information to us, contact [email protected] and we will delete it.

Effective Date & Changes

This Privacy Policy is effective May 24, 2026.

We may update this policy from time to time. The current version will always be posted at graycloud.app/privacy, with the "Last updated" date at the top of the page. Material changes will be called out here before they take effect. Continued use of the Service is deemed approval of the updated policy.

Contact

If you have questions about this Privacy Policy or want to exercise your data rights, email [email protected].