Legal
The honest version
Your data stays on your phone. We don't want it, we don't store it, we don't sell it.
01
Where Sun ("we", "our", or "us") is the team behind the Where Sun mobile application (the "App"). We built Where Sun because we kept getting surprised by overcast weekends. This Privacy Policy explains what we collect, why, and how we protect it.
Our philosophy: collect only what we need to make the app work, store as little as possible, and never use your data for anything other than giving you weather results.
02
If you grant location permission, we use your GPS coordinates to find weather near you and calculate distances to sunny spots. Location data is never stored on our servers — it's used only for the current search and discarded when you close the app. You can deny permission and manually type any city name instead.
Location names and dates you search are used to fetch weather results. Your recent searches are saved locally on your device (up to 3 for free users, 15 for premium) so you can quickly repeat them. This data never leaves your device.
Places you save (name, coordinates, type) are stored locally on your device via AsyncStorage. Never sent to or stored on our servers. Free users can save up to 5 places; premium users get unlimited. Uninstalling the app deletes all saved places.
If the app crashes, we receive an anonymous report via Sentry containing: error type, stack trace, device model, OS version, and app version. No personal data, location, or search queries are included. These reports help us fix bugs.
03
Where Sun relies on external services to function. Here's exactly what each one receives:
| Service | What they receive | Purpose |
|---|---|---|
| Meteosource | GPS coordinates, date | Weather data |
| OpenStreetMap / Nominatim | Location names | Geocoding & place discovery |
| Overpass API | GPS coordinates, search radius | Finding nearby places |
| TripAdvisor | GPS coordinates | Activity recommendations |
| Photon / Komoot | Search text, GPS (optional) | Location autocomplete |
| Wikipedia | Place names | Place thumbnail images |
| Google Maps | Location name (when you tap an activity) | Navigation — opened in your browser |
| Cloudflare Workers | Same data as above APIs (proxied); IP for rate limiting (1-hour expiry) | API security proxy — hides our API keys |
| Sentry | Anonymous crash reports, device/OS/app version | Bug tracking |
| Expo Updates | App version, runtime version, platform | Over-the-air updates |
| Apple App Store | Download & update events | App distribution |
| RevenueCat | Anonymous user ID, purchase events, device/app version | Subscription management |
All API requests (except Photon autocomplete and Wikipedia images) are proxied through our Cloudflare Worker, which means your device never talks directly to weather or map services — our server does, using our API keys.
04
Siri: After each search, Where Sun donates an activity to iOS containing the location name and date. This lets iOS suggest the app in Spotlight. It's managed entirely by iOS on your device — we never access it. Turn it off in iOS Settings → Siri & Search → Where Sun.
Local notifications: If you haven't used the app in 3 days, your device may show a gentle reminder ("The sun misses you"). This is scheduled on your device — no server involved, no data sent anywhere. Turn off in iOS Settings → Where Sun → Notifications.
05
Here's where everything lives:
All API requests use HTTPS. Most go through our Cloudflare Worker which adds an extra layer of security. No user accounts, no passwords, no authentication tokens.
06
Grant, change, or revoke at any time: iOS Settings → Privacy & Security → Location Services → Where Sun.
Uninstall the app — all local data is gone. Or open Settings → "Clear All Data" inside the app to wipe everything without uninstalling.
iOS Settings → Privacy & Security → Analytics & Improvements → Share iPhone Analytics → Off.
You have the right to access, rectify, erase, restrict, and port your data, and to object to processing. Since we store nothing on our servers with your identity, most requests can be satisfied by uninstalling the app. Email sime@xpsr.eu with subject "GDPR Request" for anything else.
We do not sell your personal information. Email sime@xpsr.eu with subject "CCPA Request" to exercise your rights.
We do not sell covered information under Nevada law.
07
Where Sun is rated 4+ and does not knowingly collect personal information from children under 13. The app requires no registration, no email, and no personal details to use. If you believe a child has submitted personal information, please contact sime@xpsr.eu.
08
Because we believe in being honest about what happens with data, we publish a transparency report:
We commit to updating this annually.
09
We may update this Privacy Policy as the app evolves. When we do, we'll update the "Last Updated" date at the top. Major changes will be noted in App Store update notes. Continued use of the App after a change means you accept the updated policy.
10
We're a small team and we actually read our email. Privacy questions, GDPR requests, general support — one address handles everything. Response time is usually 3–5 business days.
Email: sime@xpsr.eu