solarily
Legal

Privacy Policy

Last updated: April 2026

Solarily ("the App") is operated by Julian Soreavis. This policy explains what data we collect, how we use it, and the rights you have over your data under the GDPR.

Data We Collect

  • LocationUsed client-side only to display weather for your area. Coordinates are never stored on our servers.
  • Browser storageYour city list, theme, units, language, card order, radar settings, AI configuration, cached weather data, email address (if provided during invite redemption), and feedback rate-limit timestamp live in your browser only (localStorage and the Service Worker cache).
  • Name & emailCollected only when you request invite access. Stored with your explicit consent.
  • IP address (hashed)We store only a truncated SHA-256 hash of your IP, used for rate limiting and abuse prevention. The raw IP is never persisted.

How We Use It

Your data is used solely to grant access to Solarily, protect the service from abuse, and deliver weather features. We do not share, sell, or use your data for marketing or profiling.

Data Retention

  • Pending invite requests auto-delete after 7 days.
  • Used invite codes auto-delete after 90 days.
  • You may request erasure of your invite record at any time via the data erasure endpoint (see "Your Rights" below).

AI Features

  • AI providers— Solarily supports Gemini, OpenAI, Anthropic, and Ollama. Server-side keys may be configured by the operator. You may also provide your own API key; it is stored in your browser's localStorage only and never logged on our servers.
  • Weather data sent to AI — current conditions only. No personal data is included in AI prompts.

Sub-processors & Third-Party Services

  • Open-Meteoforecast, climate archive, air quality, pollen, marine, river discharge, CMIP6 projections, geocoding
  • NOAA SWPC / USGS / NWS / MeteoAlarmaurora, earthquakes, and official weather warnings (public feeds)
  • Nominatim / OSMreverse geocoding
  • NASA FIRMSactive wildfire data (VIIRS)
  • RainViewer / OpenWeatherMap / ArcGIS / CartoDBradar overlays and map tiles
  • freeipapi.com / ipapi.coIP-based location fallback (proxied)
  • Upstash Redisinvite codes, rate limiting, API cache
  • Cloudflare Turnstilebot protection
  • Resendinvite email delivery
  • Telegram Bot APIadmin notifications (name, email, and raw IP transmitted)
  • Vercelhosting, Analytics, and Speed Insights (cookieless)
  • Sentry (EU tenant)error monitoring, performance traces, session replay on errors, and feedback events
  • AI providers (Gemini, OpenAI, Anthropic, Ollama)optional AI-powered weather briefings and activity suggestions

Error Monitoring & Session Replay

Solarily uses Sentry (EU tenant, .de.sentry.io) to detect and diagnose errors:

  • Error events — JavaScript errors and 4xx/5xx API responses send the error type, stack trace, page URL, and browser metadata to Sentry. Response bodies are never captured.
  • Session replay — on error, Sentry records the last 30 seconds of interaction (clicks, scrolls, navigations, DOM mutations). No proactive recording occurs. Text content is visible in replays (masking disabled). Canvas elements are also captured.
  • Custom breadcrumbs — city searches, city selections, and language changes are attached to error reports. Never sent independently.
  • Performance traces — 30% of page loads are sampled for Web Vitals (CLS, LCP, INP, TTFB, FCP). Traces include page URLs and timing data only.

Sentry data is retained for up to 30 days per Sentry's free-tier retention policy.

Feedback

You may voluntarily submit bug reports via the "Report a bug" link in the footer. The form collects your email address (pre-filled from the invite flow if available, read-only), a free-text message, and an optional screenshot captured via html2canvas when you click "Add a screenshot." All feedback data is sent to Sentry as a feedback event with attachments and stored per Sentry's retention policy.

Cookies & Storage

  • invite-authsigned authentication cookie (30 days, functional)
  • request-cooldownrate-limit cookie (1 hour, functional)
  • preview-authoperator access cookie (7 days, functional)
  • solarily-langUI language cookie (1 year, functional, synced with localStorage and the URL)
  • localStoragecities, theme, units, language, card order, radar settings, weather cache, AI config, user email, and feedback rate-limit timestamp (browser only)
  • Service Worker cacheapp shell and weather API responses for offline use; cleared on uninstall

No advertising, tracking, or profiling cookies are used.

International data transfers

Some of our sub-processors are located outside the European Union. Sentry (error monitoring, EU tenant but with US-region processing) and Resend (transactional email, US-based) process EU-origin data outside the EU. Both providers rely on the Standard Contractual Clauses (SCCs) under GDPR Article 46 as the legal mechanism for these transfers. All other sub-processors operate within the EU or are used only for strictly public data.

Your Rights (GDPR)

  • AccessRequest a copy of your stored data.
  • ErasureDelete your invite record by POSTing your email and invite code to /api/erase-data. The endpoint verifies the record's email matches and removes it immediately. You can also email us to request erasure.
  • RectificationAsk us to correct any stored data.
  • Withdraw consentContact us to revoke your consent at any time.
  • Lodge a complaintYou may lodge a complaint with your local data protection authority.

Contact

For privacy inquiries: privacy@juliansoreavis.com

← Back