Privacy Policy

We collect the following categories of information when you create an account and use the App:

Account information

• Email address - used to create and identify your account, and to send password-reset emails.
• Password - stored as a one-way hash. We never store or transmit your plain-text password.

Location information

• Pinned coordinates - when you create an alert you drop a pin on a map. We store the latitude and longitude of that pin. This is the core functionality of PrimoAlerts. We do not access your device's GPS continuously or in the background; location data comes only from pins you deliberately place.
• Timezone - derived from your device at sign-in and stored against your account so that alert timing is accurate to your local time.

Alert preferences

• The conditions, thresholds, and notification settings you configure for each alert.

Device information

• Push notification token - a device-specific token issued by Expo's notification service. Required to deliver push notifications to your device.
• Operating system and version - collected to ensure compatibility and diagnose issues.

Usage information

• Last active timestamp - the time you last opened the App, used for account security and to detect inactive accounts.

We do not collect: precise real-time GPS location from your device sensor, payment information, contacts, photos, microphone or camera data, or browsing history.

We use the data we collect solely to provide and improve PrimoAlerts:

• To provide the service - authenticate your account, store your alert configurations, fetch weather forecasts for your pinned locations, evaluate your alert conditions, and deliver push notifications when conditions are met.
• To maintain the service - monitor system health, diagnose errors, and ensure the App works correctly.
• To communicate with you - send transactional emails (e.g. password resets). We do not send marketing emails without your explicit consent.
• To improve the service - aggregate, anonymised usage patterns may inform product decisions. We do not sell or share individual usage data for this purpose.

We do not use your data for targeted advertising, profiling, or any purpose beyond what is described here.

Running PrimoAlerts requires us to pass certain data to the following third-party services. We share only what is necessary for each service to function.

Expo (push notifications)

Your device push token is sent to Expo's push notification infrastructure to deliver alert notifications. Expo's privacy policy is available at expo.dev/privacy.

Weather data providers

The latitude and longitude of your pinned locations are sent to one or more weather forecast APIs to retrieve forecast data. No personally identifying information is included in these requests.

Location API providers

Coordinates from your pinned locations are sent to geocoding services to resolve a human-readable place name. No account information is included.

Hosting infrastructure

Our servers and database are hosted on cloud infrastructure. Data is stored and processed in accordance with our hosting provider's security standards.

We do not sell your personal data to any third party, ever.

We retain your account data for as long as your account is active. If you delete your account:

• Your email address, password hash, alerts, and alert history are permanently deleted from our systems.
• Your push notification tokens are removed, stopping all future notifications.
• Anonymous aggregate statistics (e.g. total number of alerts evaluated) may be retained.

To delete your account, go to the settings screen and click the "Delete Account" link.

We may retain data for longer periods where required by law.

Depending on your location, you may have the following rights regarding your personal data:

• Access - request a copy of the personal data we hold about you.
• Correction - request correction of inaccurate data. You can update your email address directly in the App.
• Deletion - you can delete all your data directly in the App.
• Portability - request your data in a machine-readable format.
• Objection / Restriction - object to or request restriction of certain processing activities.

To exercise any of these rights, contact us. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

PrimoAlerts is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, and misuse. These include:

• All data transmitted between the App and our servers is encrypted via HTTPS/TLS.
• Passwords are stored as one-way bcrypt hashes - they are never recoverable.
• API access is protected by bearer tokens scoped to the mobile app.
• Access to production systems is restricted to authorised personnel.

No method of transmission or storage is 100% secure. If you suspect a security issue, please contact us immediately.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If the changes are material, we will notify you via a push notification or email before they take effect. Continued use of PrimoAlerts after changes are posted constitutes acceptance of the revised policy.

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us via our contact form.

We aim to respond to all privacy-related enquiries within 30 days.