What we collect, and what we don't.

Account & sign-in. Subscriber accounts are handled by Clerk, our identity provider. When you sign up or sign in, Clerk processes the data you give it (such as your email and authentication credentials). We rely on Clerk for that account record rather than storing passwords ourselves.

Entitlement status. We keep the minimal subscriber metadata needed to gate access — principally whether an account is an approved subscriber — so the subscriber pages can check entitlement.

Usage events. The public pages send a small number of first-party events (for example, a page view or that a visitor scrolled past the hero) to our own endpoint, which records them as structured log lines. These events are limited to a coarse event name, the page path, the referring origin, and which headline variant was shown. We do not load a third-party analytics SDK, and these events are not used to build a personal profile.

Operational & security logs. Like any hosted service, our infrastructure produces server and security logs that can include IP address, user-agent, and request metadata. We use these to keep the service running, diagnose problems, and guard against abuse. In the usage-event path specifically, an IP is only hashed transiently for rate-limiting and is not stored as part of the event.

Signing in relies on necessary cookies and session tokens — set by Clerk and the app — to authenticate you, keep you signed in, and protect the session against abuse. These are required for the subscriber area to work; if you block them, sign-in will not function. We do not use advertising or cross-site tracking cookies.

We do not sell personal data, run targeted advertising, or share your data with advertisers. We do not custody funds or hold any customer money — PolyWeather never touches your balances. There is no waitlist file: earlier passcode/waitlist collection has been retired and is no longer part of the product.

Server-side service tokens and API keys are operational configuration held on our servers. They are not your personal data and are never exposed to the browser.

Clerk — subscriber identity, sign-in, and session management. Your account data is processed under Clerk's own terms and privacy policy.

Hosting / VPS infrastructure — the server and reverse proxy that run the site and produce the operational logs described above.

Usage analytics are first-party: events are logged by our own server, not sent to an external analytics vendor.

To operate accounts and sign-in, to gate subscriber-only pages by entitlement, to keep the service reliable and secure (including rate-limiting and abuse prevention), and to understand aggregate usage of the public funnel. We do not use it to make automated decisions about you beyond checking whether your account is an approved subscriber.

You can request access to, or deletion of, the account data associated with you. Account and identity data is managed through Clerk; you can raise a request through the same channel by which you obtained or requested access, and we will act on it within a reasonable period. Deleting your Clerk account removes the associated sign-in record.

We may update this page as the product changes. Material changes will be reflected in the effective date above. Related reading: the terms and the risk disclosure.

This page is a practical transparency baseline describing what the product does today. It is not legal advice and should be reviewed by counsel before a broad public launch.