Effective date: February 7, 2026 · Last updated: February 7, 2026
The data controller for Volcast is Volcast ("we", "us", "our").
For any privacy-related inquiries, data access requests, or complaints, please contact us at the email address above.
When you create an account, we collect:
To generate solar forecasts, we collect details about your photovoltaic installation:
We request foreground GPS location permission during the system setup wizard to detect your PV installation's coordinates. This is optional — you can enter coordinates manually instead. We store:
We do not track your real-time location, collect background location data, or build movement profiles. Location data is used solely to fetch weather forecasts for your installation site from the Open-Meteo weather API.
If you manually log your actual solar production for calibration purposes, we store:
If you enable notifications, we store your device's Expo Push Token to deliver push notifications. This token is a device identifier specific to our app — it cannot be used to identify you personally or track you across other apps.
Premium purchases are processed through Apple App Store or Google Play Store via RevenueCat. We store only your purchase status (premium or free) and entitlement. We do not process or store your payment card details — these are handled entirely by Apple/Google.
If you join our waitlist on the landing page, we collect your email address and the source (e.g., "landing"). This email is used only to notify you about Volcast launch and early access.
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Account creation & authentication | Email, password hash, Google ID | Contract performance (Art. 6(1)(b)) |
| PV production forecasting | System config, location, weather data | Contract performance (Art. 6(1)(b)) |
| Auto-calibration of forecasts | Actual production data, historical weather | Contract performance (Art. 6(1)(b)) |
| Push notifications | Push token, alert preferences, forecast data | Consent (Art. 6(1)(a)) — you explicitly enable notifications |
| Premium feature access | Purchase status (via RevenueCat) | Contract performance (Art. 6(1)(b)) |
| Waitlist sign-up | Email address | Consent (Art. 6(1)(a)) |
| Debugging & service reliability | Error logs (anonymized) | Legitimate interest (Art. 6(1)(f)) |
| Security (rate limiting, fraud prevention) | Login attempt counts, timestamps | Legitimate interest (Art. 6(1)(f)) |
auth.uid() verification to prevent unauthorized access| Data Type | Retention Period |
|---|---|
| Account & profile data | Until account deletion |
| PV system configuration | Until account deletion |
| Manual production entries | Until account deletion |
| Forecast cache | 15 minutes (auto-refreshed) |
| Forecast snapshots | Until account deletion |
| Calibration logs | Until account deletion |
| Waitlist email | Until launch or unsubscribe request |
| On-device cache (AsyncStorage) | Until app uninstall or cache clear |
You can delete your account at any time from Settings > Account > Delete Account in the app. Alternatively, you can request deletion by emailing hello@volcast.app. Upon deletion, all your personal data is permanently removed from our servers within 30 days.
We share data with the following third-party services only as necessary to provide our core features:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication, serverless functions | All account and app data | AWS (US/EU) |
| Open-Meteo | Weather forecasts for PV production | Installation coordinates only | Germany (EU) |
| Google OAuth | Optional sign-in method | Email, name (from Google) | US |
| Expo Push Service | Delivering push notifications | Push token, notification content | US |
| RevenueCat | In-app purchase management | Anonymous user ID, purchase status | US |
| Apple App Store / Google Play | App distribution, payment processing | Purchase transactions | US |
We do not share, sell, rent, or trade your personal data with any other third parties, data brokers, or advertising networks.
Some of our service providers are located outside the European Economic Area (EEA). When your data is transferred outside the EEA, we ensure appropriate safeguards are in place:
Under the General Data Protection Regulation, you have the following rights:
To exercise any of these rights, email us at hello@volcast.app. We will respond within 30 days. If we need additional time (up to 60 additional days for complex requests), we will inform you.
You also have the right to lodge a complaint with your local data protection authority. In Poland, this is the President of the Personal Data Protection Office (UODO) (uodo.gov.pl).
The Volcast mobile app does not use cookies.
The Volcast website (volcast.app) does not use cookies or third-party tracking scripts. The waitlist form communicates directly with our database API.
On-device, the app uses platform-native storage mechanisms (AsyncStorage, SecureStore) to cache forecasts, store your session, and remember your preferences. This data never leaves your device except for authentication tokens sent to our servers over HTTPS.
Volcast is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@volcast.app and we will promptly delete the data.
We may update this Privacy Policy from time to time. When we make significant changes, we will:
Continued use of Volcast after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or how we handle your data: