Privacy Policy

1. Introduction

OpenWebcamDB ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our iOS mobile application, and access our services.

2. Information We Collect

Personal Information

• Name and email address (when you create an account, submit a webcam, or register for an API key)
• API key registration information (name and email address for API access)
• API usage data (request logs, usage statistics for rate limiting and service improvement)
• Location information for webcam submissions (coordinates, city, country)
• Contact information when reporting issues

Automatically Collected Information

• IP address and browser information
• Device and operating system information
• Pages visited and time spent on our site
• Webcam viewing preferences and history
• Mobile device identifiers and app usage data (iOS app only)

Analytics Information

We collect anonymous analytics data to improve our services:

• PostHog Analytics: Anonymous usage statistics, feature interactions, and performance metrics
• No personally identifiable information is collected through analytics
• Analytics data is used solely to improve user experience and service quality

3. How We Use Your Information

We use the collected information to:

• Process and review webcam submissions
• Manage user accounts and authentication
• Generate and manage API keys for programmatic access
• Monitor API usage for rate limiting and abuse prevention
• Respond to reports and inquiries
• Improve our website, mobile application, and services
• Analyze usage patterns and user behavior (anonymously)
• Display relevant advertisements (iOS app - free tier only)
• Send administrative communications and API-related notifications
• Comply with legal obligations

4. Cookies and Tracking Technologies

Essential Cookies

We use essential cookies required for the website to function properly:

• Session cookies for authentication and security
• CSRF protection cookies
• User preference cookies (theme selection)

Third-Party Cookies

Third-party services integrated into our website and mobile app may set their own cookies:

• YouTube (for embedded video streams)
• Apple MapKit (for location services)
• PostHog (for anonymous analytics)

5. Third-Party Services

We integrate the following third-party services that may collect data:

• YouTube: For streaming live webcam feeds. View YouTube's Privacy Policy
• Apple MapKit: For displaying webcam locations. View Apple's Privacy Policy
• PostHog: For anonymous analytics and usage tracking. View PostHog's Privacy Policy
• Google AdMob (iOS app - free tier only): For displaying advertisements. View Google's Privacy Policy and AdMob Data Usage
• CDN Providers: For delivering website resources efficiently

Advertising (iOS App - Free Tier)

Free users of our iOS application will see advertisements served by Google AdMob. AdMob may collect and use the following information:

• Device information and identifiers
• Ad interaction and viewing data
• General location information
• App usage information

You can opt out of personalized advertising by adjusting your device settings or upgrading to our premium subscription to remove all advertisements.

6. API Access and Data Collection

We provide API access for developers to programmatically access webcam data. When you register for an API key:

Information Collected

• Name and email address (required for API key registration)
• API key identifier (randomly generated, non-reversible)
• API usage logs (endpoint accessed, timestamp, request count)
• IP address and user agent for security monitoring

Purpose of Data Collection

• Rate Limiting: Enforce usage limits to ensure fair access and service stability
• Abuse Prevention: Detect and prevent automated abuse and unauthorized access
• Service Communication: Notify users of API changes, maintenance, or issues
• Service Improvement: Analyze usage patterns to improve API functionality

Data Retention for API Users

• Active API keys: retained while in use
• API usage logs: retained for 90 days for security and troubleshooting
• Registration information: retained until you request deletion or account closure
• You may revoke your API key at any time through your account settings

Legal Basis (GDPR)

For API key registration, we process your data based on:

• Consent: You voluntarily provide information when registering for API access
• Legitimate Interest: Monitoring API usage for security, fraud prevention, and service stability
• Contract Performance: Providing API services you have requested

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encrypted data transmission (HTTPS/TLS)
• Secure password storage using industry-standard hashing (bcrypt)
• API key encryption and secure storage
• Regular security updates and vulnerability monitoring
• Access controls and authentication mechanisms
• Limited access to personal information on a need-to-know basis
• Regular security audits and penetration testing
• Incident response procedures for data breaches

While we implement strong security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify affected users within 72 hours if a data breach occurs (as required by GDPR).

8. Your Rights and Privacy Choices

Depending on your location, you may have the following rights regarding your personal information:

European Union (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right to access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data to another service
• Right to object: Object to processing of your personal data
• Right to withdraw consent: Withdraw consent for data processing at any time
• Right to lodge a complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on consent, contract performance, legal obligations, and legitimate interests in providing and improving our services.

United Kingdom (UK GDPR)

UK residents have the same rights as EEA residents under the UK GDPR. You may contact the Information Commissioner's Office (ICO) if you have concerns about our data practices.

California (CCPA/CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: What personal information is collected, used, shared, or sold
• Right to delete: Request deletion of personal information
• Right to opt-out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination: Equal service and pricing regardless of exercising privacy rights
• Right to correct: Request correction of inaccurate personal information
• Right to limit use: Limit use of sensitive personal information

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@openwebcamdb.com. We will respond to your request within 30 days (or as required by applicable law).

9. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, including:

• Active account information: retained while account is active
• API keys and registration data: retained until revocation or account deletion
• API usage logs: retained for 90 days for security and troubleshooting
• Submission data: retained indefinitely unless removal is requested
• Server logs: retained for 90 days
• Analytics data (PostHog): aggregated and anonymized, retained for service improvement
• Advertising data (AdMob): managed by Google according to their retention policies
• Inactive accounts: may be deleted after 2 years of inactivity

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country.

For EEA/UK Users: When we transfer personal data outside the European Economic Area or United Kingdom, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Appropriate security measures and data protection agreements

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Material Changes: For significant changes affecting your rights under GDPR, we will provide at least 30 days' advance notice via email (if you have an account) or prominent website notice. Your continued use of our services after changes constitutes acceptance of the updated policy.