Privacy
What we store, send, and never collect.
nebo.now does not have user accounts. Everything the application remembers about you lives in your browser; if you clear your browser data, you start fresh.
What lives in your browser
The application sets these localStorage entries on the domain you're using:
nebo-favs— up to 12 cities you have explicitly saved.nebo-recent— up to 7 cities you have recently visited.nebo-pill-precise-dismissed— a single flag remembering that you dismissed the "use exact location?" prompt. Set so it doesn't reappear.nebo-banner-cf-absent-dismissed— a single flag remembering that you dismissed the "we couldn't locate you" banner.
The application sets these cookies:
nebo-units— your unit preferences (temperature, wind, clock). Set when you change a setting. We need it as a cookie, not localStorage, so the server-rendered page renders in your units on first paint.nebo-precise— set only if you grant the browser geolocation permission via the "use exact location?" pill. Contains your latitude and longitude already rounded to a 0.02° grid (about two kilometres). Lifetime is 90 days. We need it as a cookie, not localStorage, so the server-rendered root redirect takes you to your location on first paint.
What the server sees per request
Cloudflare sits in front of nebo.now and forwards three headers with each request: an approximate latitude, an approximate longitude, and a country code, derived from your IP address. We use these to pick a default location and a default unit system on first visit.
Before any logging or upstream call, we round those coordinates to the same 0.02° grid the URL uses. Our request logs cannot pinpoint a user to their building.
Where weather data comes from
Forecasts come from Open-Meteo, a free public weather API. We send Open-Meteo a rounded coordinate (the same 0.02° grid) and receive a forecast back. We do not send any identifier with the request.
Place names — used for reverse-geocoding ("you are near Malmö") and for the search box — come from a copy of the GeoNames dataset embedded in our application binary. Reverse-geocoding never leaves our infrastructure.
What we never collect
- No accounts, no email addresses, no passwords.
- No analytics scripts. No third-party tracking pixels.
- No advertising networks.
- No precise coordinates in our logs — only the 0.02° rounded grid.
Clearing your data
The Settings panel (gear icon, top-right) has a "Clear my data" button. It deletes all four localStorage entries above and the two cookies, then reloads the page. You can do the same thing manually from your browser's site settings.
Changes
If this policy changes meaningfully, we will update the date below.