Privacy Policy
Last updated: July 7, 2026
What we collect
- Account data: email address, optional full name.
- Alert preferences: countries you watch, severity threshold, channels (email / SMS), phone number if SMS is enabled.
- Authentication: session cookies, hashed password (managed by Supabase Auth).
- Usage logs: alert delivery logs, error logs.
- Contact form submissions: name, email, message, IP and user-agent for spam protection.
What we don't collect
- We do not collect health information about you.
- We do not sell your data.
- We do not run ad-tracking pixels.
How we use it
- To operate your account and deliver the alerts you opted in to.
- To diagnose problems and improve reliability.
- To respond to contact-form messages.
- To meet legal obligations.
Sub-processors
We use the following third parties to operate the Service:
- Supabase — database, authentication, file storage.
- Resend — transactional and alert email delivery.
- Twilio — SMS alert delivery.
- Vercel (or Netlify) — application hosting and edge cache.
Each operates under its own privacy terms.
Cookies
We use essential cookies for session authentication and to remember your cookie-consent choice. See our Cookie Policy.
Your rights
You can:
- Access or update your profile from your dashboard.
- Disable alerts at any time.
- Permanently delete your account from your dashboard. Deletion removes your profile, alert preferences, and alert history.
- Email us via the contact form for any privacy request.
If you are in the EEA, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA, including the right to access, port, rectify, or erase your personal data, and to lodge a complaint with your local supervisory authority.
Retention
We retain account data for as long as your account is active. Alert delivery logs are retained for 12 months for diagnostic purposes, then anonymized or deleted.
Security
Passwords are hashed by Supabase Auth. All connections are encrypted with TLS. Database access is gated by row-level security. No system is perfectly secure — please choose a strong password and don't reuse it across services.
Children
The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect data from children.
Changes
We will update this policy as needed. Material changes will be flagged on the homepage.
This is a first-pass policy. Have a qualified attorney review and adapt before going live in regulated jurisdictions (EEA, UK, CA, etc.).
