Is It In Yet?

Privacy Policy

Last updated: 23 March 2026

This Privacy Policy explains how Is It In Yet? (“we”, “us”, or “our”) collects, uses, and protects your personal data when you use our website and service (“Service”). We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

Account information

When you create an account we collect your name, email address, and a hashed version of your password. We never store your password in plain text.

Location data

When you save a location we store its name, latitude, longitude, activity type, and timezone. This data is necessary to fetch weather forecasts for your chosen spots. We do not track your physical location or use GPS data from your device.

Weather condition preferences

Your condition thresholds (wind speed ranges, temperature ranges, etc.), historical condition rules, and unit preferences are stored to evaluate weather data against your requirements.

Payment information

Premium subscriptions are processed by Stripe. We store your Stripe customer ID and subscription ID to manage your subscription status. We do not store your card number, expiry date, or CVC — this data is handled entirely by Stripe.

Usage analytics

We use PostHog to collect anonymised usage analytics, such as page views and feature usage. This helps us understand how the Service is used so we can improve it. PostHog may set cookies on your device for this purpose.

Session cookies

We use authentication cookies (session tokens) to keep you signed in. These are strictly necessary for the Service to function and do not track you across other websites.

2. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Service, including fetching weather data for your locations
  • Authenticate you and manage your account
  • Process Premium subscription payments via Stripe
  • Send email notifications when conditions at your locations change (if you have opted in)
  • Improve the Service based on aggregated, anonymised usage patterns

3. Legal Basis for Processing

Under UK GDPR, we process your data on the following bases:

  • Contract: Processing necessary to provide the Service you have signed up for
  • Legitimate interest: Analytics and service improvement, where this does not override your rights
  • Consent: Email notifications (you can opt out at any time)

4. Third-Party Services

We share data with the following third parties only as necessary to operate the Service:

  • Supabase — database hosting (your account and location data)
  • Stripe — payment processing (subscription management)
  • Resend — transactional email delivery (alert notifications)
  • PostHog — usage analytics
  • Open-Meteo — weather data (we send latitude/longitude coordinates to fetch forecasts; no personal data is included)
  • OpenStreetMap Nominatim — geocoding (we send search queries to look up locations; no personal data is included)
  • AWS Amplify — application hosting

We do not sell your personal data to any third party.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it (e.g. financial transaction records). Anonymised analytics data may be retained indefinitely.

6. Your Rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (“right to be forgotten”)
  • Restriction — ask us to restrict processing of your data
  • Portability — request your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest

To exercise any of these rights, please contact us via the email address associated with your account. We will respond within one month.

7. Data Security

We take reasonable measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and secure authentication tokens. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Children

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a revised “Last updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us via the email address associated with your account. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).