Privacy — Trockenfenster
// App-specific addendum · EN
What is this page about?
This page supplements our general Privacy Policy with specifics for the Trockenfenster app (minute-precise rain forecasts for Germany based on DWD radar data).
Controller, data subject rights, supervisory authority, contact details and general principles are defined in the master policy. This page only describes what Trockenfenster does in addition or differently.
Up front: Trockenfenster uses no advertising, no tracking, no analytics and no advertising identifiers (e.g. IDFA). Section 7 of the master policy (AdMob, Firebase Analytics, Firebase Crashlytics) does not apply to this app.
1. Location Data (GPS)
On your request, the app asks for your current location so it can compute a precise rain forecast for the correct cell of the DWD radar grid.
- What data: geographic coordinates (latitude/longitude) at the accuracy provided by the operating system. Typically 10–100 m.
- Purpose: selecting the matching 1 × 1 km radar pixel and producing the forecast for the next 0–60 minutes.
- Who processes it: your device (short-term in memory) and our backend server (see Section 3).
- Storage: your coordinates are not persisted — neither on your device nor on the server. They are deliberately transmitted in the request body (not as URL parameters) so they do not appear in Fly.io access logs. Only generic server logs (timestamp, HTTP status, IP address, path) are retained per Fly.io's retention policy — see Section 3.
- Legal basis: Art. 6(1)(b) GDPR (performance of contract — the main function cannot be delivered without coordinates) and Art. 6(1)(a) GDPR (explicit consent via the iOS/Android location dialog).
- Revocation: you can revoke the location permission at any time in your device settings. The app remains usable (map, place search), only the "location" feature is disabled.
Notification locations (e.g. "Home", "Office") and your activity profiles stay only on your device — the server does not know them (see Section 2).
2. Push Notifications (Firebase Cloud Messaging + own backend)
Notifications ("Rain in 23 min at your location") are opt-in. You must enable them actively in the app. Only then do the following data flows take effect:
2.1 FCM Device Token (Firebase Cloud Messaging)
To deliver pushes to your device, we obtain an anonymous device token from Firebase Cloud Messaging (Google Ireland Limited / Google LLC, USA). The token identifies the device, not you as a person.
- What data goes to Google: token request (operating system, app bundle ID, Google Play Services / APNs metadata). No location data, no user identifier.
- Retention at Google: see Firebase Privacy.
- Legal basis: Art. 6(1)(a) GDPR (your consent when enabling push).
- Third country: transfer to the USA, safeguarded by EU Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
2.2 Storage on our backend
When you enable push notifications, our backend stores your FCM device token together with your notification locations and their delivery parameters. This lets the server decide, per tick and per device, whether a push should be generated.
- Data on the backend:
- FCM device token, platform (iOS/Android), enabled flag, registration / last-seen timestamps, failure counter.
- Per saved location: latitude/longitude, radius (default 15 km), threshold (mm/h) and forecast horizon (minutes). Optionally a free-form label such as "Home" or "Office".
- What is not stored: advertising identifiers, device identifiers other than the FCM token, continuous live location (only the notification locations you explicitly chose), activity history, payment data.
- Purpose: per-location evaluation of the DWD radar nowcast — a push is only generated when rain above your threshold is expected within your radius and horizon.
- Retention:
- Disabling push in the app immediately deletes all associated location rows. The token row remains as a disabled entry for another 60 days (APNs/FCM take days to definitively flag a token as "dead"; the grace period prevents premature deletion after quick re-installs).
- If APNs/FCM report the token as invalid, the token and its locations are removed right away.
- Tokens that haven't been refreshed for more than 60 days are excluded from the active set and periodically deleted.
- No linkage with advertising IDs, accounts, or external identifiers.
- Hosting: SQLite database on the Fly.io volume in Frankfurt am Main (see Section 3). No export outside the EU.
- Legal basis: Art. 6(1)(a) GDPR (consent via activating push).
2.3 Targeted delivery (radius-based)
Instead of broadcasting widely, the server evaluates the current DWD radar forecast for each saved notification location separately. A circle of the configured radius is placed around the stored coordinates; only if rain above your threshold is expected inside that circle within the forecast horizon will a push be sent to your device.
- Finer-grained than before: since the switch to radius-based delivery (from 2026-04-21) we use the full RADOLAN resolution (1 km) instead of a coarser raster; you only get pushes for your own circle, not for generic grid tiles.
- Message content: location label (if set), expected onset time in minutes, peak intensity, radius. No user identifiers inside the message body.
- Legal basis: Art. 6(1)(a) GDPR (consent via activating push).
Further information on Firebase: Firebase Privacy.
3. Backend Server (Fly.io, Frankfurt)
Every forecast request goes to our own backend nowcast-regencaster.fly.dev. This server:
- runs inside the EU (Fly.io Inc., hosting region Frankfurt am Main / FRA);
- receives your coordinates, computes the forecast from DWD radar data, and returns the result;
- does not persist your coordinates;
- writes request logs (timestamp, HTTP status, IP address, requested path) to stdout. Fly.io aggregates and retains these logs per its retention policy (currently up to 30 days). Our backend itself does not persist any log files.
- Hosting provider: Fly.io Inc., 2261 Market Street #4990, San Francisco, CA 94114, USA — the server instance runs exclusively in their Frankfurt region (FRA). A Data Processing Agreement (DPA) with Fly.io is in place.
- Legal basis for processing: Art. 6(1)(b) GDPR (performance of contract).
- Legal basis for logging: Art. 6(1)(f) GDPR (legitimate interest in a stable, abuse-free service).
4. Crash Reporting (Sentry, EU region)
For stability and bug fixing, Trockenfenster uses Sentry as its crash-tracking service.
- Provider: Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.
- Hosting: EU region (
de.sentry.io, Frankfurt am Main). - What data: error stack trace, app version, OS version, device model, timestamp, recent in-app screens ("breadcrumbs") to reconstruct the failure path.
- What is not sent: IP address (explicitly disabled via
sendDefaultPii = false), location, FCM token, user identifier, screenshots. - Retention: 30 days (Sentry Free-tier default); no extension.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring app stability).
Further information: Sentry Privacy Policy.
5. External Data Sources (public APIs)
To produce the forecast, the app and/or our backend fetch data from the following public services. These providers see the requesting IP address and the individual request — unlike with push or backend, we send them no personal data, no FCM token, and no persistent identifier.
| Service | Provider | Purpose | What is sent |
|---|---|---|---|
| DWD Open Data | Deutscher Wetterdienst (DWD), Offenbach, Germany | Radar imagery (RADOLAN-RY), severe-weather warnings, UV index, pollen forecast | backend IP only; no user data |
| BrightSky | Jakob de Maeyer / JClimate | Temperature, wind, clouds from DWD station data | backend IP + request coordinates |
| Nominatim / OpenStreetMap | OpenStreetMap Foundation, United Kingdom | Forward geocoding (place search) and reverse geocoding (federal-state lookup for warnings, postcode resolution) | backend IP + search query or coordinates |
| OpenFreeMap | Hyperknot KFT, Hungary | Map vector tiles (base map) | app IP + visible map extent |
Legal basis: Art. 6(1)(b) GDPR (performance of contract for forecast, search, and map features).
DWD legal source: DWD GeoNutzV licence — free commercial use with attribution.
6. Data That Stays on Your Device Only
The following settings and data do not leave your device (except when push is enabled, see Section 2):
- Activity profiles ("Running", "Dog walk", "Barbecue", …) with their individual rain thresholds.
- Recently searched places (local search history).
- App settings (dark mode, language, units, etc.).
These are stored in the OS-provided containers (iOS: UserDefaults; Android: SharedPreferences) and are removed with the app when uninstalled.
7. In-App Purchases (Apple)
Trockenfenster offers an optional "Pro" tier. It can be obtained as a monthly or yearly subscription or as a one-time lifetime purchase.
- Who processes the payment: The order and payment flow runs entirely through the Apple Storefront. Apple processes your Apple ID, payment method, and billing address. As the publisher, we receive no payment data and no real names from Apple; we only learn that your device holds an active Pro entitlement.
- Processor (Apple): Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Privacy policy: apple.com/legal/privacy.
- Local Pro flag: Your Pro status is stored exclusively on your device in the app-local
SharedPreferences/UserDefaults(key:pro_entitlement_v1). StoreKit re-validates the subscription against Apple at every app launch. We do not perform server-side receipt validation. - What does not happen: your Apple ID, payment details and Apple receipts are not transmitted to our backend, not to Firebase, not to Sentry, and not to any other third party.
- Renewal and cancellation: Subscriptions auto-renew through your Apple account. Management, cancellation and refunds happen exclusively inside your Apple account's subscription settings; we have no access to them.
- Legal basis: Art. 6(1)(b) GDPR (performance of contract for Pro features).
8. No Advertising, No Trackers, No Profiling
Trockenfenster does not use any of the following:
- no AdMob or any other advertising;
- no advertising identifiers (IDFA / Android Advertising ID);
- no Firebase Analytics, no Google Analytics, no other analytics SDKs;
- no Firebase Crashlytics (crash tracking uses Sentry EU instead — see Section 4);
- no tracking pixels, no fingerprinting.
9. Summary of Legal Bases
- Art. 6(1)(a) GDPR (consent): location queries, push notifications.
- Art. 6(1)(b) GDPR (contract): providing the forecast, map, place search, Pro features via Apple in-app purchases.
- Art. 6(1)(f) GDPR (legitimate interest): short-term logging, crash tracking via Sentry (EU).
10. Your Rights
All data-subject rights (access, rectification, erasure, restriction, portability, objection, withdrawal of consent) and the competent supervisory authority are documented in Sections 11 and 12 of our general Privacy Policy.
For Trockenfenster-specific requests: ceo@lucentdreams.eu.
As of: 26 April 2026 · This addendum supplements our general Privacy Policy.