Privacy Policy — Storm Deck

Last updated April 2026

Storm Deck ("we", "us", "our") provides a fire operations and property monitoring dashboard for rural property owners, land stewards, and small fire operations teams. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

Plain-English summary: We collect only what's needed to run your property dashboard. We don't sell your data, we don't run ads, and we don't share your information with anyone except the third-party services listed below (which are used to deliver maps, weather, and fire data to you).

Information we collect

Account information

Display name and login PIN (stored as a salted hash — we never see the actual PIN)
User role (admin, operator, viewer)
The property or properties you are assigned to

Property and operational data

Property name, coordinates, and configured alert zones
Incident logs, notes, and timestamps you create
Uploaded parcel GeoJSON files and landowner overlays
Lightning strike records fetched on your behalf
Fire hotspot records fetched on your behalf
GPS location tracks from vehicles and devices you connect via Traccar — precise geolocation data is classified as sensitive personal data under the Oregon Consumer Privacy Act (OCPA). By connecting GPS devices and viewing unit tracks in Storm Deck, you consent to the collection and processing of this data for fire operations and property monitoring purposes. You may withdraw this consent at any time by disconnecting your GPS devices from the Traccar integration.
Map pan/zoom state and layer preferences (stored locally in your browser)

Automatically collected

IP address and basic request logs (retained short-term for security and rate limiting)
Session cookies needed to keep you signed in
Session start and end times (login timestamps and session duration), used for owner analytics described below — we do not track which maps you view, which buttons you click, or any content you view within the app

How we use your information

To display your dashboard, incidents, and map layers
To send alerts you've configured (Telegram, GroupMe, email) for lightning, fires, and evacuations in your zones
To protect the service from abuse (rate limiting, audit logs)
To troubleshoot and improve the product
To provide aggregated usage analytics to the property owner (see "Property-owner visibility" below)

Property-owner visibility

Storm Deck is sold on a per-property basis. If you use Storm Deck under a property subscription, the owner of that property has access to a private analytics page that shows aggregated session activity for users assigned to their property.

Specifically, the property owner can see:

Which users assigned to their property have logged in recently
For each user, over the last 30 days: number of sign-in sessions, total time signed in, average session length, and number of distinct active days
A weekly heatmap of combined usage times (averaged across the property's users over the past 28 days) used to choose low-activity windows for maintenance

This information is visible only to the owner of the property you are assigned to — never to owners of other properties, other Storm Deck customers, or the public. The owner cannot see which maps you viewed, which GPS tracks or incidents you opened, what you typed, or any other content — only when you were signed in and how long your session lasted.

This type of operational analytics is permitted under GDPR as a legitimate interest (for EU users) and is disclosed to comply with the CCPA and similar US state privacy laws. If you don't want your session times visible to the property owner, contact the property owner or contact@stormdeck.app.

We do not sell, rent, or trade your personal information. We do not serve advertising. We do not share your data with marketing firms or analytics brokers.

Third-party services

Storm Deck relies on the following services to deliver map tiles, weather data, and fire information. Your IP address and the specific map area you're viewing are sent to these services when you load the map:

Mapbox — satellite and street base map tiles
OpenStreetMap — street base map tiles
Xweather (Aerisweather) — lightning strikes, radar, storm cells, fire weather layers
OpenWeatherMap — wind tiles and forecast data
RainViewer — precipitation radar animation
NASA FIRMS — satellite hotspot detections
NIFC / WFIGS — fire perimeters and federal incident records
WildCAD-E — Central Oregon dispatch data
Oregon RAPTOR — evacuation zone data
AirNow (EPA) — air quality data
National Weather Service — red flag warnings and alerts
Traccar — GPS device tracking (self-hosted on our servers)
Telegram Bot API — alert delivery if you opt in
Anthropic — natural-language email summarization for operational email routing (if enabled on your account)
Hetzner — hosting provider (Germany, EU)

Each of these providers has its own privacy policy. We recommend reviewing them if you have specific concerns about any one service.

Data retention

Incidents and logs: retained indefinitely for historical review. Closed incidents may be archived to JSON files on our servers.
Lightning strikes: retained indefinitely for after-action review.
Request logs: retained short-term (typically 30 days) for security monitoring.
Account data: retained as long as your account is active. On deletion request, we purge your account, incidents, and associated records within 30 days (except where longer retention is required by law).

Data location and security

Storm Deck is hosted on Hetzner Cloud servers located in Hillsboro, Oregon, USA. Hetzner is a German infrastructure provider; the physical servers serving stormdeck.app are in their US-West data center (Oregon). Data is transmitted over HTTPS. PINs are stored as salted hashes and never logged. Backups are stored on the same infrastructure.

Your rights

You may, at any time:

Request a copy of the personal data we hold about you
Request correction of inaccurate information
Request deletion of your account and data
Withdraw consent for optional features (alerts, GPS tracking)

If you are in Oregon, you have rights under the Oregon Consumer Privacy Act (OCPA), including the right to access, correct, and delete your personal data, opt out of the sale of personal data (we do not sell data), and request a list of the specific third parties we have shared your data with. If you are in the European Union, you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority. If you are in California, you have additional rights under the CCPA. To exercise any of these rights, contact us at contact@stormdeck.app.

Data portability: You may request a machine-readable export of your incident logs, personnel records, locations, parcel overlays, and lightning strike data at any time by contacting us. We will provide the export within 30 days of your request.

Children

Storm Deck is intended for adult property owners and operational staff. We do not knowingly collect information from anyone under the age of 13.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on the login page and in-app. The "Last updated" date at the top of this page will reflect the most recent revision.

Contact

Questions about this Privacy Policy or your data: contact@stormdeck.app