Privacy Policy

Effective date: May 24, 2026 · Last updated: May 24, 2026

Best Days (“Best Days,” “we,” “us”) operates the website bestdays.io and the Best Days mobile apps (collectively, the “Service”). We take privacy seriously and try to collect only what we need to make the Service work. This policy explains, in plain English, what we collect, why, who else sees it, and what choices you have.

1. Information we collect

Information you give us

• Account email and password if you sign up directly, or your name, email, and profile picture from Google or GitHub if you sign in with those providers.
• Saved preferences — the cities and weather types (sunny, snowy, etc.) you choose to track.
• Email address for alerts if you subscribe to Best Days Premium.
• Payment information (card number, billing address) you enter at checkout. We never see or store your card number; it goes directly to Stripe (web) or Apple/Google (in our mobile apps).

Information we collect automatically

• Search and location queries — the city names you search or, if you tap “Use my location,” the approximate latitude and longitude from your browser/device. We send these to Open-Meteo (our weather data provider) to fetch the forecast. We store the lat/lon only if you save the location as a tracked plan.
• Usage and performance data — page views, load times, errors, and referring URL, collected through Vercel Analytics and Speed Insights.
• Device and browser information — IP address, browser type, operating system, screen size, language. Vercel anonymizes IP addresses for analytics.
• Cookies and similar technologies — see Section 6 below.

Information from third parties

• OAuth providers (Google, GitHub) share your basic profile (name, email, profile picture) with us when you sign in.
• Payment processors (Stripe, Apple, Google Play) tell us whether your subscription is active, when it renews, and when it’s cancelled, so we can deliver alerts and stop them appropriately. They do not share your full card details with us.

2. How we use information

• To run the Service: show forecasts, save your tracked plans, sign you in, deliver alert emails.
• To process payments and manage subscriptions.
• To improve the Service: understand which features get used, fix bugs, optimize performance.
• To communicate with you about your account or important changes (we don’t send marketing email).
• To detect and prevent abuse (rate limiting, fraud detection, security).
• To comply with legal obligations.

3. Who we share information with

We share information only with the service providers that help us run Best Days. We do not sell your personal information.

• Supabase — hosts our database and handles authentication. Stores your email, hashed password (if applicable), OAuth profile, and saved best days.
• Stripe — processes credit card payments and manages your web subscription. Their privacy policy: stripe.com/privacy.
• RevenueCat — manages in-app subscriptions on iOS and Android. Receives your subscription receipts and a pseudonymous device identifier so we know who is a paid subscriber. Their privacy policy: revenuecat.com/privacy.
• Apple App Store / Google Play — process payments for our mobile apps if you subscribe through the app stores. Governed by their respective privacy policies.
• Resend — sends our transactional emails (sign-in links, alert emails). Receives your email address and the contents of those messages. Their privacy policy: resend.com/legal/privacy-policy.
• Open-Meteo — provides forecast data. Receives the latitude/longitude you search but no account information. open-meteo.com/en/terms.
• Vercel — hosts the website and collects basic analytics + speed metrics. Their privacy policy: vercel.com/legal/privacy-policy.
• Google AdSense — may serve ads to non-Premium users. Google may use cookies to personalize ads based on prior visits. policies.google.com/privacy.
• Law enforcement and legal process — if required by valid legal process or to protect rights, safety, or property.

4. How long we keep information

• Account information is kept while your account is active. Delete your account and we remove your profile, saved plans, and alert subscriptions within 30 days, except as needed for legal or financial recordkeeping.
• Stripe and Apple/Google retain transaction records as required by financial regulations (typically 7 years), even if you delete your Best Days account.
• Anonymized analytics may be kept indefinitely.

5. Your rights and choices

You can:

• Access or export the data we hold about you — email us and we’ll send you a copy.
• Correct inaccurate information by updating your profile or contacting us.
• Delete your account and associated data — email us, or use the account settings in the app when available.
• Cancel your subscription at any time. Web subscribers can cancel through the Stripe customer portal linked in the app. Mobile subscribers cancel through Apple or Google's subscription settings.
• Unsubscribe from alert emails using the unsubscribe link at the bottom of every alert email.

If you are in the European Economic Area or United Kingdom (GDPR)

You also have the right to object to certain processing, to restrict processing, to data portability, and to lodge a complaint with your local data protection authority. Our legal basis for processing is: (a) contract — to deliver the Service you signed up for; (b) legitimate interests — to keep the Service secure and improve it; and (c) consent — where you have explicitly opted in (for example, alert emails).

If you are in California (CCPA / CPRA)

You have the right to know what personal information we collect, to delete it, to correct it, and to opt out of its sale or sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising beyond the AdSense relationship described above. Free users can avoid ad cookies by subscribing to Best Days Premium, which is ad-free.

6. Cookies and tracking

We use a small number of cookies and similar technologies:

• Authentication — to keep you signed in (set by Supabase).
• Preferences — to remember your theme and onboarding state (set locally by us).
• Analytics — Vercel Analytics, which is cookieless and anonymous.
• Advertising — Google AdSense may set cookies on non-Premium pages to serve ads. You can opt out at adssettings.google.com or block third-party cookies in your browser.

7. Security

We use HTTPS everywhere, hashed passwords, secure session tokens, and isolated production environments. No system is perfectly secure; if we become aware of a breach affecting your information, we will notify you and any required authorities within the timeframes required by law.

8. Children

Best Days is not directed at children under 13 (or under 16 in the European Economic Area), and we do not knowingly collect information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

9. International data transfers

Best Days is operated from the United States. Our service providers (Supabase, Stripe, Vercel, etc.) may process data in the United States, Europe, or other regions. By using the Service, you understand that your information may be transferred to and processed in countries with different data protection laws than your own.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you by email or in-app notice. Continued use of the Service after changes means you accept the updated policy.

11. Contact

Questions, requests, or complaints about this policy? Email us at support@bestdays.io.