Last updated: May 2025

Privacy Policy

This policy describes how Forecast collects, uses, and protects your personal information. We are committed to protecting your privacy and complying with applicable data protection laws, including UK GDPR.

1. Data We Collect

Account data: When you register, we collect your email address and a hashed version of your password. We never store your password in plain text.

Billing data: Payment information (card number, billing address) is collected and stored by Stripe. Forecast only receives a Stripe customer ID and subscription status — we never see or store your full card details.

Usage data: We collect minimal session data including the timestamp and device type associated with each active session, for security and concurrent-session enforcement purposes.

2. How We Use Your Data

We use your data solely to:

  • Provide and maintain your Forecast account
  • Verify your subscription status and authenticate your access
  • Process payments and manage billing via Stripe
  • Send essential account notifications (e.g. payment failure)
  • Enforce our two-session concurrency limit

We do not sell your data, send marketing emails, or share your information with third parties beyond those described in this policy.

3. Third-Party Services

Stripe: Our payment processor. Stripe handles all payment data under their own privacy policy. See stripe.com/privacy.

Supabase: Our database provider, hosted in the EU (Ireland). Data is stored encrypted at rest. See supabase.com/privacy.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g. billing records).

5. Cookies

Forecast does not use tracking cookies or analytics cookies. The desktop application stores a JWT authentication token in local storage on your device for session management. This token is not a cookie and is not shared with any third party.

6. Your Rights (UK GDPR)

As a UK resident, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to processing of your data
  • Data portability — receive a copy of your data in a structured format

To exercise any of these rights, contact us at the address below.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), and row-level security on our database. No system is completely secure, and we cannot guarantee absolute security.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date. Continued use of the service after changes constitutes acceptance.

9. Contact

For privacy-related enquiries or to exercise your data rights, contact us at: privacy@forecastapp.co