WeatherRadar AI

Privacy Policy

Last Updated: April 2026

Introduction
Information We Collect
How We Use Your Information
Data Sharing
Kalshi API Credentials
Cookies and Local Storage
Data Retention
Security
Your Rights
Children's Privacy
Changes to This Policy
Contact

1. Introduction

WeatherRadar AI ("we," "us," or "our") operates the website and platform at weatherradar.ai (the "Service"). We are committed to protecting the privacy and security of your personal information.

This Privacy Policy explains what personal data we collect about you, how we use and share it, how long we retain it, what security measures we have in place, and what rights you have with respect to your personal data. This policy applies to all users of our Service, including visitors to our website, registered account holders, and paying subscribers.

By accessing or using our Service, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with any part of this policy, please do not use our Service.

This Privacy Policy should be read alongside our Terms of Service, which governs your use of the Service and is incorporated herein by reference.

2. Information We Collect

We collect information in the following categories, depending on how you interact with the Service:

Account Data

Email address (used for authentication, billing, and communications)
Display name or username (provided during registration)
Password (stored as a salted hash using bcrypt — we never store your plaintext password)
Subscription plan and billing tier (Free, Pro, or Elite)
Account creation date and last login timestamp

Usage Data

Pages and features accessed, and timestamps of those accesses
API endpoints called and request parameters (excluding sensitive credential fields)
IP address and approximate geographic location derived from IP
Browser type, version, and operating system
Referral source (e.g., how you arrived at the site)
Session duration and navigation patterns within the platform

Preference Data

Favorite cities or geographic locations saved in your profile
Custom alert thresholds and notification settings
Display preferences (chart type, date range defaults, UI layout)
Email notification opt-in/opt-out status

Trading Data (Elite Plan)

Trade history retrieved from your connected Kalshi account (via API)
Open positions and portfolio data from your Kalshi account
Autonomous trading configurations and order parameters you set
Log of orders placed on your behalf by the autonomous trading feature

Kalshi API Credentials (Elite Plan)

Kalshi API key and secret, if you choose to connect your Kalshi account
These are stored encrypted at rest using AES-256-GCM encryption (see Section 5)

Payment Data

Payment processing is handled entirely by Stripe. We do not store your full payment card number, CVV, or banking information.
We retain only your Stripe customer ID, subscription ID, and subscription status (active, cancelled, past due, etc.)
Billing address, if provided to Stripe, may be associated with your account record

Communications Data

Email address and message content when you contact our support team
Email delivery metadata (sent/opened/bounced) processed by Resend for transactional messages

3. How We Use Your Information

We use the personal information we collect for the following purposes:

Service Provision: To authenticate your account, deliver personalized forecasts and FV estimates, maintain your preferences, and enable all features of the Service appropriate to your subscription tier.
Billing and Subscription Management: To process payments via Stripe, manage your subscription lifecycle (renewals, upgrades, downgrades, cancellations), and handle billing disputes.
Transactional Email: To send account-related emails including registration confirmation, password reset links, billing receipts, payment failure alerts, subscription renewal notices, and market alert notifications you have opted into. These communications are processed via Resend.
Service Improvement: To analyze usage patterns, identify bugs and performance issues, improve forecast model accuracy, and develop new features.
Security and Abuse Prevention: To detect and prevent fraud, abuse, unauthorized access, and other malicious activity; to enforce our Terms of Service; and to protect the integrity of the Service and other users.
Legal Compliance: To comply with applicable laws, regulations, court orders, or governmental requests, and to establish, exercise, or defend legal claims.
Customer Support: To respond to your inquiries, resolve disputes, and provide technical assistance.

We do NOT use your personal data for advertising purposes. We do not serve behavioral ads, sell your data to advertisers, or share your data with ad networks. We have no advertising relationships. Our only revenue comes from subscription fees.

4. Data Sharing

We do not sell your personal data. We Do Not Sell Data

We share personal data only in the following limited and defined circumstances:

Stripe (Payment Processing): We share your email address and subscription details with Stripe, Inc. to facilitate payment processing and subscription management. Stripe processes your payment card information directly and is subject to its own privacy policy. We recommend reviewing Stripe's privacy policy at stripe.com/privacy. Stripe is certified as a PCI DSS Level 1 Service Provider.
Resend (Email Delivery): We use Resend to deliver transactional and notification emails on our behalf. Your email address and the content of system emails (e.g., password reset links, billing notices) are transmitted to Resend's infrastructure for delivery. Resend's privacy policy is available at resend.com/legal/privacy-policy.
Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request (including subpoena or court order), or where we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.
Business Transfers: If WeatherRadar AI is involved in a merger, acquisition, sale of substantially all assets, bankruptcy, or similar corporate transaction, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website at least 30 days prior to any such transfer and before your data becomes subject to a materially different privacy policy.

We do not share your personal data with any other third parties without your explicit consent.

5. Kalshi API Credentials

Elite plan subscribers may optionally connect their Kalshi account to WeatherRadar AI by providing their Kalshi API credentials. This is entirely voluntary and is required only to enable the Kalshi data integration and autonomous trading features.

We handle Kalshi API credentials with the following security measures and commitments:

Encryption at Rest: Your Kalshi API key and secret are encrypted using AES-256-GCM encryption before being stored in our database. The encryption keys are stored separately from the encrypted data and are managed with access controls. Plaintext credentials are never persisted to disk or logged.
Minimum Use: Your API credentials are used solely for the purposes you configure: (a) retrieving your portfolio and trade history for display within the platform, and (b) executing trades through the autonomous trading feature if you have enabled it.
No Third-Party Sharing: Your Kalshi API credentials are never shared with any third party, including our email provider or payment processor.
Disconnect Anytime: You may disconnect your Kalshi account at any time from your account settings (Account > Integrations). Upon disconnection, your stored API credentials will be permanently deleted from our systems within 24 hours.
Scope Recommendation: We recommend creating a Kalshi API key with the minimum permissions necessary. For display-only features, a read-only key is sufficient. The autonomous trading feature requires order placement permissions.

You are responsible for the security and management of your Kalshi API credentials, including revoking or rotating them if you believe they have been compromised. If you suspect your credentials have been exposed, disconnect them from WeatherRadar AI immediately via account settings and revoke them via Kalshi's platform.

6. Cookies and Local Storage

We use a minimal set of browser storage mechanisms to provide a functional and personalized experience. We do not use third-party tracking cookies or advertising cookies of any kind.

Cookies we set:

wr_session — An HttpOnly, Secure session cookie containing a signed JSON Web Token (JWT) used to authenticate your session. This cookie is required for login to function. It is set when you log in and expires after 7 days of inactivity, or immediately when you log out. Because it is HttpOnly, it cannot be accessed by JavaScript running on the page, which protects it from cross-site scripting (XSS) attacks.

LocalStorage we use:

UI preferences such as your selected theme (light/dark), dismissed banners or notices, selected date ranges, and chart display settings. This data is stored locally in your browser and is never transmitted to our servers.

What we do NOT use:

Third-party analytics cookies (e.g., Google Analytics, Mixpanel)
Advertising or retargeting cookies
Social media tracking pixels
Cross-site tracking of any kind

You can clear cookies and localStorage at any time via your browser's settings. Clearing the wr_session cookie will log you out of the Service. Clearing localStorage will reset your UI preferences to defaults.

7. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter, as follows:

Active Accounts: Account data, usage data, and preference data are retained for the duration of your account's active status.
After Account Deletion: When you delete your account or submit a deletion request, we will remove your personally identifiable information (including email address, name, and hashed password) from our active systems within 30 days of the request. A full purge including backups is completed within 90 days.
Trade History: Trade history and autonomous trading logs associated with your account are anonymized (your personal identifiers are removed) rather than deleted outright, so that we can maintain accurate system audit logs. Anonymized records do not identify you personally.
Kalshi API Credentials: Deleted permanently within 24 hours of account disconnection or account deletion, whichever comes first.
Billing Records: Stripe retains billing records in accordance with its own policies and applicable financial regulations (typically 7 years). We retain the Stripe customer ID and subscription history in our own records for the same period to comply with tax and accounting requirements.
Support Communications: Emails and support tickets are retained for up to 3 years to allow us to provide context for future support requests and to resolve disputes.
Usage Logs: Aggregated, anonymized usage logs may be retained indefinitely for analytics and service improvement purposes.

To request deletion of your account and personal data, you may use the "Delete Account" option in your account settings (Account > Danger Zone), or contact us at [email protected] with the subject line "Delete My Account." We will confirm receipt of your request and complete the deletion within the timeframes stated above.

8. Security

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security practices include:

✅ Authentication: JWT-based session management with HttpOnly, Secure cookies. Passwords hashed with bcrypt (adaptive work factor).

✅ Encryption in Transit: All connections to weatherradar.ai are served exclusively over HTTPS with TLS 1.2 or higher enforced at the network layer. HTTP connections are automatically redirected to HTTPS.

✅ Encryption at Rest: Sensitive fields, including Kalshi API credentials, are encrypted using AES-256-GCM. Encryption keys are managed separately with strict access controls.

✅ Access Controls: Access to production systems, databases, and user data is restricted to authorized personnel only, on a need-to-know basis. All access is logged and audited.

✅ No Plaintext Secrets: We do not log passwords, API keys, session tokens, or other sensitive credentials in plaintext at any layer of the stack.

Despite these measures, no security system is impenetrable, and we cannot guarantee absolute security of your data. In the event of a security breach that is likely to result in a risk to your rights or freedoms, we will notify affected users in accordance with applicable law.

If you discover a security vulnerability or believe your account has been compromised, please contact us immediately at [email protected]. We appreciate responsible disclosure and will respond promptly to all security reports.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. We honor these rights for all users regardless of location:

Right to Access: You can view the personal data we hold about you, including your account details, preferences, and subscription information, via your account settings page. For data not directly accessible in the portal, you may request a copy by emailing [email protected].
Right to Correction: You can update your account information (name, email, preferences) directly in your account settings at any time. If you need help correcting information you cannot access yourself, contact us at [email protected].
Right to Deletion: You may delete your account and request erasure of your personal data via Account > Danger Zone in your account settings, or by emailing [email protected]. See Section 7 for retention timelines.
Right to Data Portability: You can export your trade history in CSV format directly from the dashboard (Dashboard > Export). For other data exports, contact us at [email protected] and we will provide your data in a structured, machine-readable format within 30 days.
Right to Opt Out of Marketing: You can opt out of marketing and promotional emails at any time via your account settings (Account > Notifications) or by clicking the unsubscribe link in any marketing email. Transactional emails (e.g., billing receipts, password resets) cannot be opted out of while your account is active, as they are necessary for service delivery.
Right to Object: You may object to certain types of data processing at any time by contacting [email protected].
Right to Withdraw Consent: Where we process your data based on consent (e.g., optional email alerts), you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond to all requests within 30 days. We may need to verify your identity before processing your request.

If you are located in the European Economic Area, United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or the California Consumer Privacy Act (CCPA) respectively. We will honor those rights to the extent applicable. Note that WeatherRadar AI is governed by Nevada law and is primarily a U.S.-focused service.

10. Children's Privacy

The Service is intended for and directed solely to users who are 18 years of age or older. Use of the Service by anyone under the age of 18 is strictly prohibited. We do not knowingly collect, solicit, or use personal information from individuals under the age of 18.

If you are a parent or legal guardian and you believe that your minor child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete any such information from our systems upon verification of the report.

If we discover that we have inadvertently collected personal data from someone under 18, we will delete that information from our active systems within 30 days of discovery.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We are committed to notifying you of material changes in advance.

Material Changes: If we make material changes to this Privacy Policy — such as changes to the types of data we collect, how we use data, or with whom we share data — we will notify registered users by email at least 30 days before the changes take effect. We will also post a prominent notice on the Service and update the "Last Updated" date at the top of this page.

Non-Material Changes: Minor or non-material changes (such as typographical corrections, clarifications, or changes that do not affect your rights) may be effective immediately upon posting, without advance email notice.

Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the Service and, if applicable, delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Previous versions of this policy are available upon request by emailing [email protected].

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to our privacy team. We take privacy seriously and will respond to all inquiries promptly.

WeatherRadar AI — Privacy Team

Email: [email protected]

Website: weatherradar.ai

Las Vegas, NV

For legal inquiries unrelated to privacy (e.g., Terms of Service, DMCA), please contact [email protected].