Privacy Policy
RidgeOps by Bonny Doon Labs Inc.
Effective Date: May 6, 2026
Overview
RidgeOps is an environmental monitoring application that connects to ESP32-based weather stations via Bluetooth Low Energy (BLE) to collect, display, and share real-time weather and air quality data. RidgeOps is designed for fire-watch volunteers, first responders, and outdoor professionals who require ground-truth environmental data from sensors they control. Because of this audience, we hold ourselves to a higher standard for data integrity and disclosure than a general consumer weather app.
This policy explains what data we collect, why, and how we protect it.
Data We Collect
Sensor Data
•
Wind speed and direction
•
Temperature and humidity
•
Air Quality Index (AQI) and particulate matter (PM2.5/PM10) readings
This data is collected from hardware weather stations you connect to via Bluetooth. We do not collect sensor data from your phone's built-in sensors beyond what is described below.
Location Data
•
GPS coordinates (latitude and longitude) are attached to sensor readings so they can be displayed at the correct position on a map.
•
We request background location permission for two reasons:
◦
To continue tagging incoming BLE sensor readings with the correct location while the app is not in the foreground (e.g., the screen is locked while you monitor sensors in the field).
◦
On Android specifically, Bluetooth Low Energy (BLE) scanning requires location permission to function — this is an Android OS-level requirement that applies to all BLE-using apps, not unique to RidgeOps.
•
Location data is only collected while the app is actively recording sensor data. We do not build location histories or track user movement.
Account Data
•
Email address and password (used for authentication)
•
Organization membership (if you join or create an organization)
Device Data
•
Device identifiers for registered weather stations
•
BLE connection metadata (signal strength, connection state)
Subscription and Purchase Data
•
Subscription status, plan type, renewal date, and purchase history
•
We do not collect, store, or process credit card information. All subscription billing is handled exclusively by:
◦
Apple In-App Purchases (iOS) — see Apple's Privacy Policy
◦
Google Play Billing (Android) — see Google's Privacy Policy
•
We use RevenueCat (third-party subscription management) to coordinate subscription state across your devices. RevenueCat receives subscription metadata only — never payment card details.
How We Use Your Data
•
Display: Show real-time and historical sensor readings in the app and on maps
•
Alerts: Evaluate sensor data against thresholds to trigger weather and air quality alerts
•
Sharing: If you join an organization, your readings may be visible to other organization members
•
Export: You may export your own data via email
•
Subscription gating: Determine whether to unlock premium features based on your subscription status
•
Improvement: We may use de-identified, aggregated sensor data (e.g., general wind trends in a region) to improve our environmental models. This aggregated data does not contain GPS coordinates linked to specific users or organization names.
Organizations and Shared Data
When you join an Organization, your real-time sensor data, alerts, and reading locations are shared with the Organization administrators and other authorized members of that organization.
Bonny Doon Labs Inc. does not control how Organization administrators manage, view, or further share this data once it is visible within their organization. Different organizations may have different internal data-handling practices. You should review your organization's policies before sharing sensitive operational readings.
You may leave an organization at any time through the app, which prevents future readings from being shared. Already-shared past readings remain accessible to organization members per the policy of that organization.
Data Storage and Security
We employ industry-standard security measures to protect first-responder and operational data:
•
Encryption in transit: All data is transmitted over TLS 1.2/1.3
•
Account credentials: never leave your device in a readable format. Stored using Expo SecureStore on mobile (hardware-backed keystore where available); web localStorage on web with appropriate session controls
•
Database isolation: Sensor readings are stored in Supabase (PostgreSQL) with Row-Level Security (RLS) policies enforcing strict data isolation between different organizations
•
Offline resilience: Readings are queued locally when offline and uploaded when connectivity is restored
Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users by email within 72 hours of discovery (consistent with GDPR Article 33 timelines). Notifications will describe the nature of the breach, the data categories involved, and the steps we are taking in response.
Third-Party Services
•
Supabase: Database and authentication (Supabase Privacy Policy)
•
RevenueCat: Subscription management (RevenueCat Privacy Policy)
•
Apple App Store / Google Play: Subscription billing — we receive only subscription metadata, never payment card details
•
Google Maps: Map display and geocoding (Google Privacy Policy)
•
Expo / EAS: App build and update infrastructure (Expo Privacy Policy)
Data Retention
•
Sensor readings are retained as long as your account is active
•
Subscription records are retained for as long as required by tax and accounting law (typically 7 years), even after subscription cancellation
•
After account deletion (see "Your Rights"), all sensor data and account info are removed from active systems within 30 days
Your Rights
You may:
•
Access, export, or delete your sensor data at any time through the app
•
Cancel your subscription at any time through your Apple ID or Google Play account settings
•
Delete your account in two ways:
◦
Within the app: open Settings → Account → Delete Account, and follow the confirmation flow
◦
By email: send a deletion request to privacy@bonnydoonlabs.com — we will action your request within 30 days
•
Opt out of organization data sharing by leaving the organization
•
Request a copy of your data at any time by emailing privacy@bonnydoonlabs.com
California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
•
The right to know what personal information we collect, use, and disclose
•
The right to delete your personal information
•
The right to opt out of the sale or sharing of your personal information
•
The right to non-discrimination for exercising your privacy rights
We do not sell your personal information. We do not share personal information with third parties for cross-context behavioral advertising.
To exercise your CCPA/CPRA rights, contact privacy@bonnydoonlabs.com.
European Economic Area, UK, and Swiss Users (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and analogous laws apply to your data.
Legal Basis for Processing:
•
Contract (Article 6(1)(b)): Most processing is necessary to provide the RidgeOps service you've signed up for — account management, sensor data display, alerts, and subscription management.
•
Consent (Article 6(1)(a)): Optional features such as joining an Organization rely on your explicit consent.
•
Legitimate Interest (Article 6(1)(f)): De-identified, aggregated analytics for service improvement.
Your GDPR Rights:
•
Access, rectification, erasure ("right to be forgotten"), restriction of processing, portability, and objection
•
Right to lodge a complaint with your local supervisory authority
To exercise these rights, contact privacy@bonnydoonlabs.com.
Children's Privacy
RidgeOps is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child under 13, contact privacy@bonnydoonlabs.com and we will delete it.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated through the App and at this URL with a revised effective date. Continued use after the effective date of changes constitutes acceptance.
Contact
For privacy questions, data deletion requests, or any rights-related inquiries:
Bonny Doon Labs Inc.
Email: privacy@bonnydoonlabs.com