Who we are
Perigee is operated by Cardin LLC and published under the Cardin Labs brand. In this policy, “Perigee,” “Cardin,” “we,” and “us” refer to Cardin LLC. Questions and privacy requests can be sent to ryandcardin@gmail.com.
NOAA, the National Weather Service (NWS), Stripe, Google, Firebase, Vercel, Resend, and other linked services have their own privacy practices. This policy covers Perigee's handling of information, not those organizations' independent services.
Information we collect
Information you provide
- Account information: email address, display name, profile image or selected Perigee avatar, authentication provider, and the Firebase user identifier associated with the account.
- Preferences and coastal plans: saved and home stations, ordering, activity choices, alert rules, email preferences, selected Weekly Tide station, and other settings you choose to save.
- Developer information: API-key names and prefixes, OAuth approvals, request counts, endpoint or tool names, timestamps, and related credential-management records. A newly created API secret is shown once; Perigee stores a one-way hash rather than the raw key.
- Communications and diagnostic reports: the contents and metadata of support, correction, security, and other messages you send to us. The in-product problem reporter stores your description, a standardized page route and page family, deployment release, occurrence time, and optional request, NOAA station, or opaque workspace identifier. It does not intentionally attach your email, user ID, IP address, cookies, browser history, console output, or credentials.
- Billing details: Stripe customer and subscription identifiers, plan, status, renewal timing, invoice status, and limited contact or billing-address details returned by Stripe. Stripe hosts checkout and the billing portal; Perigee does not receive your full payment-card number.
Information collected when you use Perigee
- Request and security data: IP address and request metadata may be processed transiently for delivery, abuse prevention, rate limiting, diagnostics, and security. Hosting providers may keep their own infrastructure logs under their terms.
- Product analytics: Perigee records privacy-limited events such as page family, anonymous and session identifiers, referral category, campaign tags, and completion of key product steps. The event contract rejects email addresses, exact messages, secrets, authorization values, and raw IP addresses. Perigee also uses Vercel Web Analytics for aggregate page and device statistics.
- API and MCP usage: credential or anonymous rate-limit bucket, surface, operation name, request count, and timing. Request parameters and provider responses may pass through Perigee to answer the request, but API secrets are not intentionally written into usage events.
- Browser storage: local or session storage can hold authentication state, saved-station state, anonymous analytics identifiers, attribution, and interface preferences needed to operate the requested features.
Location
Perigee asks the browser for precise location only when a feature such as “near me” needs it and you grant permission. You can deny permission and search manually. Coordinates you enter or approve can be sent to NOAA or NWS services to find stations or forecasts. Perigee does not use location for advertising.
How we use information
We use information to:
- provide, personalize, secure, and troubleshoot Perigee;
- authenticate accounts and preserve saved stations, preferences, alerts, email choices, billing state, API keys, and OAuth grants;
- process subscriptions, taxes, payment status, cancellations, and account billing through Stripe;
- send the Weekly Tide, requested alerts, service messages, and replies to communications, subject to your choices;
- enforce quotas, investigate abuse, protect users and systems, and comply with law;
- understand aggregate use, diagnose failures, and improve product and decision quality; and
- establish, exercise, or defend legal claims when necessary.
Depending on where you live, these activities may rely on performing a contract with you, your consent, compliance with law, or legitimate interests such as operating and protecting the service. You can withdraw consent for optional email or browser location without affecting prior processing.
When information is shared
Perigee may share information in these limited circumstances:
- Service providers: Google Firebase Authentication, Firestore, and Google Cloud for authentication and application data; Vercel for hosting and web analytics; Stripe for checkout and subscription management; and Resend for requested email delivery. They process data under their own terms and applicable agreements with Cardin LLC.
- Data providers: station identifiers, dates, products, or coordinates can be sent to NOAA and NWS endpoints to answer your request. Do not place personal information in free-form developer inputs when it is not needed.
- Legal and safety: when reasonably necessary to comply with law or valid legal process; protect rights, safety, and systems; investigate fraud or abuse; or enforce our terms.
- Business change: information may transfer as part of a merger, financing, acquisition, reorganization, bankruptcy, or sale of relevant assets, subject to applicable law.
- At your direction: when you connect, share, export, or otherwise direct Perigee to interact with another service or person.
Provider documentation is available from Firebase, Vercel Web Analytics, Stripe, and Resend. Those links are provided for transparency; their policies can change independently of this one.
Cookies, storage, and analytics
Perigee uses first-party browser storage and authentication mechanisms needed for sign-in, security, preferences, saved state, and privacy-safe product measurement. Vercel states that its Web Analytics product does not use third-party cookies and reports aggregate statistics. Perigee's own analytics identifiers are stored locally in your browser and are not intended to reveal your real-world identity.
You can clear browser storage, block analytics, or use browser privacy controls. Doing so can reset preferences or anonymous attribution and may prevent sign-in or other requested features from working correctly.
Email and communication consent
When you submit an address with the displayed consent control, enable the Weekly Tide or an alert, or make the same choice in account settings, you ask Cardin LLC to send that category of email to the address provided. Frequency depends on the feature: Weekly Tide is intended as a weekly brief, while an enabled condition alert is event-driven and may send nothing when its rule is not met or required data is unavailable. Consent to optional email is not a condition of purchasing a subscription.
Withdraw optional email consent at any time through the available account setting or the unsubscribe link in the message. A one-click unsubscribe can be processed without signing in. Cardin LLC may still send necessary account, authentication, billing, security, legal, or service messages that are not promotional subscriptions.
SMS is optional and uses a separate verified-number flow. Before Perigee sends account or operational texts, you must affirm the displayed recurring-message disclosure and enter a code sent to the number. Message frequency varies, and message and data rates may apply. Reply STOP to opt out or HELP for help. Consent is not a condition of purchase. A signed START message can restore consent. Trip Watch operators may also provide guest numbers with a recorded consent timestamp; that operator is responsible for collecting lawful consent and Perigee processes the communication on the operator's instruction.
Retention
Retention depends on the record and why it exists. Account settings and saved state generally remain while the account is active. Email opt-in records remain until unsubscribe or deletion. Verified phone destinations remain with the account until removal or deletion. Hashed email and phone suppression data may remain after account deletion as needed to honor an opt-out and prevent another send. Product analytics are configured with a 180-day expiration field, in-product diagnostic bug reports with a 90-day expiration field, and detailed API-key usage events with an expiration field of up to 90 days; the product only displays the history window included with the current plan. Aggregate counters and operational records may remain longer.
Billing, security, fraud-prevention, legal, backup, and transaction records may be retained as reasonably needed for those purposes. An expiration field requires the relevant storage lifecycle policy to be enabled; deletion from backups and service-provider systems may take additional time.
Your choices and requests
- Change saved stations, profile details, alerts, and available email settings from the account dashboard.
- Use the unsubscribe link in a Weekly Tide or alert email. Transactional account, security, and billing messages may still be sent when needed.
- Revoke browser location permission in your device or browser settings.
- Revoke developer credentials from the dashboard.
- Download a privacy-safe JSON export or schedule account deletion from the privacy controls in your authenticated dashboard. Account deletion has a seven-day hold and can be cancelled before processing begins.
- Organization owners can delete a workspace after resolving its access and billing responsibilities. Perigee makes it inaccessible immediately, then cancels active subscriptions, removes tenant data and membership indexes, deletes public guest pages and queued communications, and pseudonymizes retained audit references after the seven-day safety hold.
- Request correction, access help, objection, restriction, or another supported privacy action by emailing ryandcardin@gmail.com. Available rights depend on your location and legal exceptions. We may need to verify account ownership before acting.
Automated deletion excludes or pseudonymizes records that Cardin LLC or its processors must retain for security, fraud prevention, tax, accounting, charge disputes, legal compliance, or suppression of a revoked communication channel. Stripe may retain invoices, charges, and payment events under its legal obligations even after its reusable customer profile is deleted.
Security and international processing
Perigee uses safeguards described on the security page, but no internet service can guarantee absolute security. Cardin LLC and its providers may process information in the United States and other locations where they operate. Those locations may have different data-protection laws than your home.
Children
Perigee is a general-audience coastal planning and developer service, not a service directed to children under 13. We do not knowingly collect personal information from a child under 13. A parent or guardian who believes a child submitted such information should contact us.
Changes and contact
We may revise this policy as Perigee changes. The effective date above identifies the current version. Material changes will be presented in a reasonable way through the service or an appropriate account channel when required by law.
Contact: Cardin LLC / Cardin Labs, ryandcardin@gmail.com. Please write “Privacy request” in the subject and do not include passwords, API keys, payment-card numbers, or other unnecessary secrets.