A transparent explanation of how we protect our users’ data and privacy in our app
Over here at Hello Weather HQ, we strive to be a counterexample to the dishonest tactics that many software companies use to boost their metrics and revenue (like UI dark patterns, or selling user data to advertisers behind the scenes).
It’s another thing altogether to build a real product and run an upfront ethical business, especially in an industry that seems to encourage doing the opposite.
There are tons of decisions, big and small, that can impact data use and privacy, and it requires continual discipline to make sure you’re doing it right. That’s why people keep messing this up. They’re not so much intentionally malicious as they are willfully negligent.
Given that various privacy-abusing weather apps keep getting called out, I thought it’d be a good time to detail everything we’ve done over the years to make Hello Weather into a tool we’d feel 100% safe using if someone else had made it.
Please note: This is not a marketing plug for our app (though we hope you’ll use it!) — it’s a practical explanation of how we’ve turned our values into action. We’re hoping to lead by example and get feedback about how we can do better.
1. Having strong principles.
It’s important to establish your values before you even start building a product, because all the subsequent decisions you make ultimately fall back on what you believe.
“Is this OK or not OK? Does this cross the line for us?”
You have to keep asking and answering these questions every day, every week, every year, forever. You can’t do that unless you know where you stand.
When we were figuring out the business plan for Hello Weather, we wanted it to be free upfront, and we also didn’t want to include ads, because the ad business is grody and toxic in so many ways.
But a weather app costs money to run, which meant we had to figure out how to make money some other way. We chose to ask our customers to (optionally) pay us for upgrade incentives instead.
We’re probably leaving money on the table, and we’re fine with that. We’d rather stick to our values.
2. Minimizing our dependence on outside services.
One of the nice things about making software is the vast array of 3rd party tools that make your life easier as a developer. It’s compelling to outsource lots of technical aspects of your product: things like data collection and analysis, crash reporting, business metrics, server infrastructure, and more.
But there’s a problem with outsourcing. Once your information is in someone else’s hands, you don’t really control it anymore. You have to trust that those people will be responsible too.
Suddenly you have a tree of dependencies, where you also need all your service providers to be cool citizens on privacy and data security. If any branch of the tree breaks, the whole thing comes toppling down.
That’s why we decided to simply avoid using a lot of outside services.
For a while we were using a service called Fabric to help us analyze crashes in our apps. It was a good product, and we felt OK about the company. Then Fabric got acquired by Google, so we revisited the decision. We chose to stop using 3rd party crash monitoring altogether.
Now we’re a bit more in the dark about crashes. Oh well! We rely on Apple’s built-in reporting, and it’s good enough.
After that, we took a critical eye to every outside service we were using. Do we really need this or not? We stopped using Google Analytics, and double-checked that we were good with everything else.
3. Clear and restrictive policies on data collection and retention.
In the era of Big Data, everyone wants data. Data is hot. More data! Track everything! Analyze everything!
We’re the opposite: we don’t want data. The less the better. Preferably zero.
Why? Because data is a liability. It has to be protected and cared for. That’s a risk worth taking if you’re Twitter and your business has to gather tons of data to exist, but ours doesn’t. We literally just show weather forecasts to people. That’s all we do — end of transaction!
Why are these other weather apps even collecting data on their users in the first place? It’s certainly not because it’s necessary to show forecasts.
We throw away our server logs within a few days, and retain a minimal amount of info about app performance and health, so we can make sure things are working correctly. That’s it.
4. Anonymizing and obfuscating data before we do anything with it.
The only sensitive pieces of data we have access to are: 1) a device’s location, and 2) the IP number a weather request came from. We treat them both with care. Here’s how it works.
When you check a weather forecast, we need to know where you are, in order to give you the correct info for your location. So we get your phone’s location coordinates (if you’ve given us permission to do that) and then immediately trim those coordinates down to 3 decimal places. That obfuscates the original location by about a mile radius, but it’s close enough for a good forecast.
Next, we anonymize the request by stripping away your IP number. We just discard it altogether so it can’t possibly be traced back.
Only then do we ask a weather provider to give us the forecast for that location. It’s impossible for those providers to know who or where a given request came from.
This all might seem like overkill, but we can’t be too cautious. Weather apps and weather companies are getting a bad reputation for being trojan horses to data collection. Two of our forecast providers, The Weather Channel and AccuWeather, have been caught doing shady things like covertly mining user data, then selling it ad companies. (AccuWeather claims it was accidental.)
Frankly, we’d rather not do business with these companies at all, but they control some of the highest quality weather data—and what good is a weather app without quality data?
This way, you still get the best weather forecasts in the industry, but without putting yourself at risk by using their crappy leaky apps.
5. Sharing everything we do.
The best way to be above board is to be honest about it! In the interest of total transparency, here’s a complete list of all the significant technologies we’re currently using, and what each one is for.
- Cloudflare — network caching and DDOS protection.
- Heroku—Rails app hosting and scaling.
- Datadog—monitoring weather data provider speed and health. No user identifiable data sent or stored.
- Google Places API—transcoding GPS coordinates into street addresses for display (only if location services is turned on.) No user identifiable data sent.
- AppFigures and Sensor Tower—sales and app store ranking reports, no access to any user data.
- Weather data providers: Dark Sky, AccuWeather, The Weather Company, AerisWeather, Weather Underground, WeatherOps. These providers only receive the anonymized+trimmed location coordinates, nothing else.
We hope having all this info puts your mind at ease. As a consumer, please demand this level of transparency from all of your favorite apps! We need to see more explanations like this. Please feel free to ask any questions in the comments below.
P.S. Hat tip to Basecamp for training us on doing the right stuff over the years. WE LEARNED IT FROM WATCHING YOU, OK!