StationCast (“we,” “us,” “our,” or “the App”) is a personal weather station companion. This Privacy Policy explains what information we handle when you use the StationCast iOS app, the iOS widget extension, and the StationCast backend service that the app talks to. It also covers the optional Amazon Alexa skill, when you choose to enable it.
By using StationCast, you agree to the practices described here.
StationCast is intended for users in the United States. The service is not directed at users in the European Union, the United Kingdom, or other jurisdictions with comparable data-protection regimes (including but not limited to the EU GDPR and the UK GDPR).
StationCast is not GDPR-compliant or UK-GDPR-compliant. We have not built the processes, documentation, controls, or compliance infrastructure required by those regimes, and we will not honor data-subject access, deletion, portability, restriction, objection, or transfer requests made under those regimes. We have no Data Protection Officer, no EU representative, no international-transfer safeguards, and no automated retention or deletion processes.
If you are a resident of the EU, the UK, or any other jurisdiction with a comparable data-protection regime, please do not use StationCast. We do not technically block access. If you choose to use the app despite this notice, you acknowledge that the app is not GDPR / UK GDPR compliant, that we will not accommodate GDPR / UK GDPR rights or obligations on your behalf, and that you use the app on that basis.
The app requests your device’s location (when-in-use) for these purposes:
Location access is optional. If you decline, every feature still works except the four bullets above. Your location is used on-device for the features that need it; the backend receives station identifiers, not your coordinates. (Discovery and “nearby” searches do send a center latitude and longitude to the backend so it can find stations near a point — that’s the one path where a location coordinate leaves the device, and it only happens for that specific search.)
When the app talks to our backend, the backend records server-side log lines containing:
ios), and device class (for example, phone, pad).These logs help us diagnose service problems, detect abuse, and understand which app versions are in the field. We do not build behavioral profiles of individual users from them.
The app does not ship a third-party crash reporter or analytics SDK. We do not run Sentry, Firebase, Crashlytics, MetricKit, or comparable telemetry. Apple-platform crash reports may be available to us through App Store Connect if you have opted into “Share With App Developers” in your iOS settings, but that is an Apple-controlled feature; we never collect or transmit crash data ourselves.
We use the information described above to:
We do not use the information to:
The iOS app does not talk to weather data providers directly. Every request — saved-station observations, nearby search, station discovery, the Alexa skill — goes to our backend, which then mediates with the appropriate upstream. Our backend handles caching, rate limiting, plausibility checks on sensor data, and authentication.
The iOS app does not talk to weather data providers directly. Our backend mediates with a third-party personal-weather-station data provider on your behalf. When you view a station, our backend may call that provider to retrieve current and recent observations for the station identifier you requested. The provider sees the station identifier and our backend’s IP, not your device’s IP or any identifier specific to you. We cache observations server-side to reduce the number of upstream calls.
To stop unauthorized clients from impersonating the app, StationCast uses Apple’s App Attest service. On first launch, the app asks Apple to generate a hardware-backed key for this installation of the app. It exchanges a challenge with our backend and the corresponding attestation object is verified against Apple’s certificate chain. Our backend stores the resulting public key and a key identifier so it can verify subsequent requests; the private key never leaves your device’s Secure Enclave. Subsequent authenticated requests carry a signed assertion that our backend checks. App Attest is an Apple-operated service; please see Apple’s privacy policy for what Apple does with the attestation data it processes.
If you enable the StationCast Alexa skill and link your accounts, Amazon’s Alexa service will send signed requests to our backend each time you ask Alexa about a StationCast station. Those requests include an Amazon-supplied user identifier and the spoken intent (for example, “what’s the temperature at home”). We use those to look up the station(s) you’ve linked, fetch their observations through our backend, and return a spoken response. Amazon’s handling of your voice data is governed by Amazon’s privacy policy; we never receive raw audio. Hosting and account-linking server-side data lives in our backend; see Section 7 for how to unlink and request deletion.
StationCast does not display advertisements and we do not work with advertising networks. If that changes, this policy will be updated with full details before any ads are shown.
We use standard transport security and Apple platform features to protect what’s collected:
UserDefaults (the standard preferences store), including an App Group container shared with the home-screen widget.No system is perfectly secure. We cannot guarantee absolute protection against every possible attack.
You can grant or revoke location access at any time in iOS Settings → StationCast → Location. If you deny location access, every feature continues to work except the location-dependent ones called out in Section 1.2.
In the Amazon Alexa app, go to Skills & Games → Your Skills → StationCast → Disable Skill. That disables the skill on your Amazon account. To also have the server-side link record (Amazon user hash, linked station identifiers, nickname) removed from our backend, email us per Section 10 — we do not currently provide a self-serve deletion tool for that record.
If you want the App Attest device record we hold for your installation removed from our backend, email us per Section 10. Removing it means your installation will re-attest on the next request.
StationCast is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with information, we will remove it.
We may update this policy from time to time. Material changes are signaled by updating the “Last Updated” date at the top. Your continued use of StationCast after a change is posted constitutes acceptance of the updated policy.
Email: evandhoffman@gmail.com
We respond to privacy inquiries as quickly as practical.
If you are a California resident, you have the right to:
We do not sell your personal information and we do not share it for cross-context behavioral advertising.
To exercise these rights, contact us at evandhoffman@gmail.com.
StationCast is a labor of love. We respect your privacy and will never abuse it.