Security Policy

Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability, please report it responsibly:

• Email: admin@snowday-calculator.online
• Subject: Include "SECURITY" in the subject line
• Details: Provide detailed information about the vulnerability

Security Measures

Our website implements several security measures to protect users:

Content Security Policy (CSP)

We implement a strict Content Security Policy that:

• Restricts resource loading to trusted sources
• Prevents XSS attacks through script injection
• Controls external connections to weather APIs and advertising partners

HTTPS Enforcement

All traffic is encrypted using HTTPS with modern TLS protocols.

Data Protection

We minimize data collection and processing:

• No personal information is stored on our servers
• Weather data requests are made client-side to Open-Meteo API
• Location searches are processed without storing user data

Third-Party Services

We only integrate with trusted services:

• Weather Data: Open-Meteo (open-source weather API)
• Analytics: Privacy-focused analytics (no personal data)
• Advertising: Google AdSense (with privacy controls)

Responsible Disclosure

We follow responsible disclosure practices:

• We will acknowledge receipt of vulnerability reports within 48 hours
• We will provide regular updates on remediation progress
• We will credit researchers (with permission) for responsible disclosure
• We ask that you do not publicly disclose vulnerabilities until we have had time to address them

Security Updates

This security policy was last updated on August 29, 2025. We regularly review and update our security practices.