1. Who we are
WIN Weather Bot ("we", "us", "the Service") is operated from Italy. We are the data controller within the meaning of the EU General Data Protection Regulation (Regulation 2016/679, "GDPR"). You can reach us at info@winweatherbot.com for any privacy-related request.
2. What data we collect
2.1 When you visit the site
- IP address — logged by our web server for security and abuse prevention; rotated after 30 days.
- Browser User-Agent — used to render the correct version of the site (mobile vs. desktop) and detect crawlers.
- Pages visited — aggregated server logs, never linked to your identity.
2.2 When you create an account
- Email address — used for login, license delivery, password recovery and transactional notices.
- Password — stored as a salted hash (bcrypt); we never have access to the plaintext.
- Verification status — whether you confirmed your email.
2.3 When you purchase a license
- Transaction record — amount, currency, plan, timestamp, payment ID returned by the payment processor.
- License key & expiry — linked to your account.
- Hardware fingerprint — when you activate the bot on a PC, the bot sends a fingerprint of the machine (hashed) so the license is locked to that device. We do not collect your serial numbers, username, or any other identifying hardware details.
Payments are processed by CoinGate (CoinGate UAB) (privacy policy). We do not receive nor store your credit-card number or your crypto-wallet private keys.
2.4 When you become an affiliate
- Crypto wallet address — for commission payouts in USDC.
- Click logs — tied to your referral code, not to the visitor's personal identity.
3. Why we collect it (legal bases)
- Performance of contract (GDPR art. 6.1.b): your email, password and licensing data are necessary to deliver the Service you purchased.
- Legal obligation (art. 6.1.c): payment records are kept 10 years for fiscal compliance.
- Legitimate interest (art. 6.1.f): IP logs and abuse prevention.
- Consent (art. 6.1.a): optional analytics or marketing emails — we currently do not run either, and we will not start without your explicit opt-in.
4. Who we share it with
We share data only with the minimum third parties required to operate the Service:
- CoinGate (CoinGate UAB) — crypto payment processing
- Our hosting provider — server operation (VPS in EU)
- Email delivery — transactional emails for account verification and license delivery (SendGrid; not used for marketing)
We do not sell your data, share it with advertisers, or integrate Facebook/Google trackers on this site.
5. How long we keep it
- Account data: until you delete the account.
- Payment records: 10 years (Italian fiscal law).
- Server logs: 30 days.
- License/device fingerprint: while the license is active, then 30 days after expiry.
6. Your rights under GDPR
You may, at any time, request:
- Access to your personal data (art. 15)
- Rectification of inaccurate data (art. 16)
- Erasure ("right to be forgotten", art. 17)
- Restriction of processing (art. 18)
- Portability of your data in a machine-readable format (art. 20)
- Objection to processing based on legitimate interest (art. 21)
- Withdrawal of consent at any time (art. 7.3)
Email info@winweatherbot.com
with the subject prefix [GDPR] and we will respond within 30
days (typically within 48 hours). You also have the right to lodge a
complaint with your national data protection authority — for Italian
residents, the Garante per la Protezione dei Dati Personali
(garanteprivacy.it).
7. Security
Our site uses TLS 1.3 for all traffic. Passwords are bcrypt-hashed. Session cookies are HTTPS-only and signed HMAC. API keys sent to the desktop bot are stored locally on your machine using Windows Keyring (DPAPI) — never on our servers.
8. International transfers
All our infrastructure is hosted within the European Union. We do not transfer personal data outside the EEA.
9. Changes to this policy
We may update this policy. Material changes will be announced by email to registered users at least 30 days before they take effect.