What data we handle
1. Data stored on your device
Car profile (nickname, colour, type, country, region, protection, parking, wash cycle, rain strictness), wash log, event log (rain, contamination), app preferences. All in localStorage['rainorrinse.v1']. Local to your device, your browser, and this origin. Never transmitted.
2. Data sent in real time, never stored on our servers
Latitude and longitude, when you grant the browser's location permission. Destination is Open-Meteo. They log standard HTTP request data (IP, user agent, request path) for abuse protection. No user identifier because there is no account.
3. Aggregate, anonymous data
If "Partner messages" is enabled, we count how many times each partner card was shown and clicked. Aggregate counts only. No cookies, no fingerprinting.
4. What we do NOT collect
- Name, email, phone, address, NRIC, IC, driver's licence
- Vehicle plate number
- Photos
- Browsing history outside the app
- Behavioural data across other apps or websites
- Advertising IDs
How we use this data
Car profile + logs are used locally to compute your wash recommendation, score, impact window, and reminders. GPS coordinates are used at runtime to fetch local forecast from Open-Meteo. Anonymous ad counters help the team decide which partner messages to show.
Who we share with
Open-Meteo — when you request a forecast. They receive your coordinates and a basic HTTP request. They do not receive your car profile, wash log, or anything we store locally.
Our infrastructure provider (Cloudflare / Vercel / Railway) — for delivering this site. Standard HTTP serving.
No one else. We do not sell. We do not "share" for advertising under the meaning of US state privacy laws.
How long we keep it
Local data stays in your browser until you remove it (Settings → Reset all data, or clear browser data). Aggregate ad counters are kept indefinitely (no personal data).
Your rights
| Right | How to exercise |
|---|---|
| Access | Settings → Export my data (JSON download) |
| Rectification | Edit your profile or wash log in the app |
| Erasure | Settings → Reset all data |
| Withdraw consent | Revoke location at your OS / browser level |
| Opt out of partner messages | Settings → Show partner messages (toggle off) |
| Lodge a complaint | Your local DPA — see contact section |
"Do Not Sell or Share My Personal Information" (CCPA, California)
We do not sell or share personal information. To assert this right formally, email privacy@rainorrinse.com — we'll confirm in writing within 15 business days.
Children
RainOrRinse is for licensed drivers (16+ in most places, 18+ in Singapore). We do not knowingly collect personal information from anyone under 13.
Security
- All traffic HTTPS-encrypted
- No server-side personal data → no central risk to your data
- Admin backend uses bcrypt-hashed passwords, signed JWTs, rate limiting, CORS allowlists
Regional compliance
This service is designed to comply with:
- EU GDPR — privacy by architecture, no PII stored server-side, explicit opt-in for location
- UK GDPR + DPA 2018 — same standard as EU
- California CCPA / CPRA — no sale, no share; precise geolocation treated as sensitive PI
- Other US states (CO, CT, VA, UT, TX, OR) — same minimal-data approach
- Singapore PDPA — consent, purpose limitation, no transfer of personal data abroad
- Australia Privacy Act 1988, Canada PIPEDA, Brazil LGPD — equivalent approach
Detailed compliance notes are available on request.
Changes
We'll update this page when we change what we do. Material changes (e.g., adding accounts in Phase 2) will be announced in-app with an opt-in.
Contact
- General privacy: privacy@rainorrinse.com
- Data Protection Officer (Singapore PDPA): dpo@rainorrinse.com
- Legal: legal@rainorrinse.com