Privacy Policy

Last updated: March 2026

1. What Data We Collect

We collect the following information when you use WittIoT:

• Account data: email address, password (hashed), display name
• OAuth data: Google/GitHub/Apple user ID and profile info (when using social login)
• Device data: weather sensor readings (temperature, humidity, pressure, light, wind, rainfall), device identifiers (SN, IMEI, model)
• Usage data: preferences (units, timezone, language), API key usage timestamps

2. How We Use Your Data

• Authenticate your account and manage device access
• Display real-time and historical weather data on your dashboard
• Provide API access for third-party integrations
• Apply your unit and language preferences
• Send critical account notifications (e.g., security alerts)

3. Data Storage & Retention

• Real-time data: stored in Redis cache, overwritten on each update
• Minute-level data: stored for 7 days, then automatically deleted
• Daily statistics: stored long-term for trend analysis
• Account data: retained until you delete your account
• Deleted accounts: anonymized data retained for 30 days, then permanently removed

4. Third-Party Services

We use the following third-party services:

• Google OAuth: for social login (Google Privacy Policy applies)
• GitHub OAuth: for social login (GitHub Privacy Statement applies)
• Apple Sign In: for social login (Apple Privacy Policy applies)
• EMQX: MQTT broker for device communication (self-hosted)

We do not sell your data to any third party. We do not use advertising or tracking cookies.

5. Your Rights

You have the right to:

• Access: view all data associated with your account via the Dashboard and API
• Correction: update your profile and device settings at any time
• Deletion: delete your account and all associated data from Settings → Delete Account
• Export: export your historical data via the API (GET /history)
• Portability: all data is available in JSON format via the API

6. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking, analytics, or advertising cookies.

7. Security

We protect your data with:

• HTTPS encryption for all communications
• Bcrypt password hashing
• API keys stored as bcrypt hashes (originals never stored)
• MQTT connections secured with HMAC-SHA256 signatures

8. Contact

For privacy-related inquiries, contact us at: privacy@wittiot.com