WhenToWater ("the app") is a garden watering app that uses weather data to provide watering recommendations. This privacy policy explains what data we collect, why, and how we use it.

1. Data we collect

• Location data – The city name or coordinates you provide (or share via GPS), used solely to retrieve weather data. Your location is stored in our database so that daily push notifications are based on the correct location.
• Anonymous user ID – On first use, an anonymous session is created automatically via Supabase. No account, name, email address, or password is required.
• FCM push token – If you enable push notifications, we store a device token (Google Firebase) to send you daily watering reminders. This token is linked to your anonymous user ID.
• Watering history – The days on which you mark that you have watered your garden are stored both on your device (localStorage) and in our database, linked to your anonymous user ID. This allows push notification advice to stay consistent with the in-app advice across sessions and reinstalls.

2. How we use your data

• Fetching weather data (Open-Meteo, OpenWeather) to calculate watering advice.
• Sending daily push notifications based on the weather forecast for your location and your recent watering history.
• Keeping the app functional; data is not sold or shared with third parties for marketing purposes.

3. Third parties

• Supabase – Database hosting (EU region, Ireland) for anonymous user IDs, location, push tokens, and watering history.
• Open-Meteo – Free weather service; no API key or personal data required.
• OpenWeather – Weather forecast via a server-side proxy; your city name is sent, no further personal data.
• Google Firebase (FCM) – Push notifications; your device token is processed by Google in accordance with Google's Privacy Policy.

4. Data storage and retention

Location, push token, and watering history data are retained for as long as you use the app. You can disable push notifications at any time within the app, which will remove your push token. There is no account deletion flow because no personally identifiable account exists — the anonymous session contains no information that can be traced back to you as an individual.

5. Your rights (GDPR)

Because we process only anonymous data that cannot be linked to an identified individual, most GDPR rights (access, rectification, erasure) are not applicable. If you have any questions, please contact us at the email address below.

6. Contact

Questions about this privacy policy? Send an email to: [email protected]

7. Changes

This policy may be updated from time to time. The date at the top indicates the most recent version. We recommend checking this policy occasionally.