WeatherByTrade
Privacy Policy
Last updated: July 16, 2026 (pre-launch draft)
This Privacy Policy explains what [ENTITY NAME PENDING] ("we," "us," "our") collects, uses, and shares in connection with the WeatherByTrade email newsletter (the "Service"), and describes your choices. The Service is a free weekly weather work-planning email for contractors, currently offered to U.S. addresses only.
1. What we collect
Directly from you:
- Email address — collected at signup; used to send your briefs and identify your account. The signup form collects your email first, so if you start signing up and don't finish, we keep the email (and any trades/ZIPs you entered) so we can send you at most an occasional reminder to finish. That record is cleared into your subscription when you complete signup, and it is removed by the "delete my data" option described below.
- ZIP code(s) — signup/settings; matches you to your local forecast grid.
- Trade(s) (e.g., roofing, painting) — signup/settings; filters the grid to trades relevant to you.
- Acquisition source — only if you arrived via a forwarded or shared link; measures how forwarding performs. Not shown to other users.
- Waitlist email + ZIP— if your ZIP isn't covered yet and you join the waitlist, so we can notify you if/when we expand there.
We do notcurrently ask for your name, business name, or phone number — the signup form doesn't collect them.
Automatically, from your use of our emails and website:
- Delivery status and opens— Resend (our email delivery provider) reports delivered / opened / bounced / complained events to us via webhook, so we know whether your brief reached you and can manage list health. Resend's event payloads may include technical metadata such as your IP address and browser/device string, which we store as received but do not separately extract or use today.
- Link clicks in emails — every outbound link in a brief routes through our own signed redirect, which records the brief, the destination URL, and a truncated browser/device string. This tells us which parts of the brief are useful. It is tied to the specific email sent to you.
- Website analytics (PostHog)— when analytics is enabled on our website, PostHog records page views, general device/browser info, click events, and IP-derived rough location (city/region level, not precise). It uses a browser-stored identifier (functionally similar to a cookie) to recognize repeat visits. It does not read your email content. Analytics is currently off in our test environment; this policy describes it as designed so you know what to expect when it's active.
- IP address for rate limiting — our signup, resend, and waitlist forms hold your IP briefly in memory only (never written to our database) to prevent abuse; it auto-expires.
2. AI-assisted phrasing
Each brief's headline and short intro line are worded with help from an AI model (currently Google's Gemini). We send the AI only aggregate, market-level weather and trade data — for example, "Des Moines, week of July 14: roofing = no-go Tue–Wed (high wind), go Thu–Fri" — never your email address, ZIP code, name, or anything that identifies you. The underlying go/caution/no-go verdicts are decided by our own deterministic weather engine, not by the AI; the AI only words the sentence describing them. If it's unavailable, we fall back to a plain template with the same verdicts. Google, as our AI subprocessor, may retain prompts/outputs for a limited window for safety monitoring under its own terms.
3. Email delivery, tracking, and unsubscribe
We use Resend to send email. Emails include standard delivery tracking and the per-link click tracking described above. Unsubscribing is one click, no login required— every email has a one-click unsubscribe link (and supports your email client's built-in Unsubscribe button), and your private settings link lets you pause, change ZIPs/trades, or unsubscribe any time.
4. Who we share data with
We don't sell your personal information. We share it only with the service providers that run the Service on our behalf, each limited to what they need:
- Resend — sends all email; sees your email address, brief content, and delivery metadata.
- Neon — hosts our production database; holds the subscriber, brief, and delivery data described above.
- Vercel— hosts our website and background jobs; standard web-hosting logs (which may include IP addresses per Vercel's own logging).
- Cloudflare R2 — stores archived brief images and older raw-forecast archives; no subscriber personal data, market-level content only.
- PostHog — website analytics as described in Section 1, when enabled.
- Google (Gemini API) — words the summary lines; aggregate market/trade weather data only, no subscriber personal data (Section 2).
- National Weather Service / Open-Meteo— we query them for forecast data; we don't send them your personal data.
All of the above are U.S.-based services, and our audience and data are U.S.-only as of this writing.
5. How long we keep data
- Subscriber record(email, ZIPs, trades, status) — until you unsubscribe and use the "delete my data" option, or indefinitely while you remain subscribed.
- Sent briefs and delivery/click eventstied to your account — deleted together with your subscriber record when you use "delete my data."
- Incomplete-signup records and waitlist entries— kept so we can follow up as described above; both are permanently removed by "delete my data."
- Raw forecast data — pruned from our live database after 90 days; a copy is archived to cold storage for audit purposes (contains no personal data).
- Website analytics events (PostHog)— governed by PostHog's standard retention (typically about a year), independent of your subscriber deletion.
6. Your choices and rights
- Edit ZIPs/trades, pause, or unsubscribe:use the "Manage my briefs" link in any email footer, or the one-click unsubscribe link.
- Delete your data: the same settings page has a delete option that permanently removes your subscriber record and every brief, delivery event, waitlist entry, and incomplete-signup record tied to it. This is immediate and irreversible — there is no recovery window.
- Access or correct your data:email us and we'll tell you what we have on file or fix it.
7. Children's privacy
The Service is intended for adults working in or operating a trade business. It is not directed to, and we do not knowingly collect information from, children under 13.
8. Security
Your settings link is a long random token that functions as your password — anyone who has it can act on your account, and it does not expire on its own. Treat it like a password: don't forward or publish it. We use signed, tamper-evident links for click tracking and verify webhook signatures from Resend before trusting delivery-status updates.
9. CAN-SPAM compliance
Every email we send includes: an accurate "From" name/address, a subject line that reflects the content, a physical postal address ([POSTAL ADDRESS PENDING]), and a working one-click opt-out honored promptly.
10. Changes to this policy
We may update this policy as the Service changes. Material changes will be reflected in the "Last updated" date above.
11. Contact
Questions, data requests, or deletion requests: [CONTACT EMAIL PENDING], [POSTAL ADDRESS PENDING].