Tornado Quest Privacy Policy

TORNADO QUEST, LLC – PRIVACY POLICY
Effective May 27 2008 – Last Updated November 17 2025

1. INTRODUCTION

Tornado Quest, LLC (“Tornado Quest”, “we”, “us”, “our”) respects the privacy of individuals who visit our website, blogs, social‑media accounts, and any related services (collectively, the “Site”). This Privacy Policy (“Policy”) explains what personal information we collect, how we use it, with whom we share it, and the safeguards we employ. By accessing or using the Site you consent to the practices described herein. If you do not agree, you must immediately cease all use of the Site.

2. INFORMATION WE COLLECT

Category	Examples	Collection Method
Identifying Information	Name, email address, postal address, phone number, government‑issued ID (only when voluntarily provided for account verification)	Account registration, newsletter sign‑up, contact forms
Authentication Data	Username, password (hashed), two‑factor authentication tokens	Account creation, login
Technical & Usage Data	IP address, device type, operating system, browser, referral URL, click‑stream, cookies, web‑beacon identifiers	Automatic server logs, analytics tools, cookies (see § 4)
Communications	Content of emails, support tickets, survey responses	Direct correspondence with us
Location Data	Approximate geolocation derived from IP address or voluntarily supplied GPS coordinates	Optional location‑based services (e.g., weather alerts)
Third‑Party Data	Information obtained from integrated services (e.g., Google, Facebook, Twitter) when you use “Log in with …”	OAuth APIs, social‑login connectors

We do not collect any “special categories” of personal data (health, biometric, genetic, religious, etc.) unless expressly required for a specific service and only with explicit consent.

3. LEGAL BASIS FOR PROCESSING (U.S. & INTERNATIONAL)

Contractual Necessity – Processing is required to fulfill a contract (e.g., providing requested content or support).
Legitimate Interests – We may process data for security, fraud prevention, analytics, and improving the Site, provided such interests do not override your fundamental rights.
Consent – Where required (e.g., marketing communications, location tracking), we obtain explicit opt‑in consent.
Legal Obligation – We may process data to comply with applicable laws, court orders, or governmental requests.

For residents of the European Economic Area (EEA) and United Kingdom, the above bases satisfy GDPR requirements. For California residents, the policy complies with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

4. COOKIES, TRACKING TECHNOLOGIES & AUTOMATIC DATA COLLECTION

Strictly Necessary Cookies – Enable core Site functionality (session management, security).
Performance/Analytics Cookies – Aggregate usage statistics (Google Analytics, Matomo, etc.).
Functional Cookies – Remember preferences (language, theme).
Advertising/Targeting Cookies – Only when you explicitly opt‑in to receive personalized marketing.

You may manage or disable cookies via your browser settings; however, disabling strictly necessary cookies may impair Site functionality. We honor “Do‑Not‑Track” signals where technically feasible.

5. HOW WE USE YOUR INFORMATION

Provision of Services – Account creation, authentication, delivery of weather alerts, and responding to inquiries.
Communication – Transactional emails, security notices, policy updates, and optional newsletters or promotional material (only if you have opted in).
Improvement & Development – Analyzing usage patterns, troubleshooting, and enhancing features.
Security & Fraud Prevention – Detecting unauthorized access, malicious activity, and complying with legal obligations.
Legal Compliance – Responding to lawful requests, enforcing Terms, protecting rights.
Marketing (Optional) – Sending targeted offers, surveys, or event invitations when you have provided explicit consent.

We never sell, rent, or otherwise disclose personal data to third parties for their independent marketing purposes.

6. SHARING & DISCLOSURE

Recipient	Purpose	Safeguards
Service Providers (hosting, email services, analytics, authentication)	Perform essential functions on our behalf	Written contracts requiring confidentiality and data protection equivalent to this Policy
Legal Authorities	Comply with subpoenas, court orders, or other legal processes	Only the minimum data required is disclosed
Business Transfers	Merger, acquisition, sale of assets, or bankruptcy proceedings	Acquirer assumes all obligations under this Policy
Aggregated/Anonymized Data	Statistical reporting, research, public datasets	No personally identifiable information is included

We require all third parties to adhere to at least the same level of data protection required by applicable law.

7. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to, stored, and processed in jurisdictions outside your residence, including the United States. We rely on standard contractual clauses, binding corporate rules, or adequacy decisions to ensure an adequate level of protection. By using the Site, you consent to such transfers.

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:

Data Type	Retention Period
Account information	Until account deletion (or 7 years after inactivity)
Support tickets	2 years after closure
Analytics logs (IP, device)	12 months (aggregated)
Marketing consents	Until withdrawn

You may request deletion of your data at any time (subject to legal constraints) by contacting us (see § 13).

9. YOUR RIGHTS & CONTROLS

EEA Residents (GDPR) – Right of access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent.

California Residents (CCPA/CPRA) – Right to know, delete, and opt‑out of the sale of personal information (sale does not occur).

General Rights –

Update or correct inaccurate information via your account settings or by contacting us.
Opt‑out of marketing communications through the unsubscribe link in each email or via your account preferences.
Request a copy of the personal data we hold about you.

All requests will be responded to within 30 business days. We may require proof of identity before fulfilling certain requests.

10. SECURITY MEASURES

We implement administrative, technical, and physical safeguards designed to protect personal data against accidental loss, unauthorized access, alteration, or disclosure, including:

TLS/SSL encryption for data in transit.
AES‑256 encryption for stored passwords (hashed with bcrypt).
Regular vulnerability assessments, penetration testing, and security audits.
Role‑based access controls and multi‑factor authentication for staff.
Secure data centers with ISO‑27001‑aligned controls.

While we strive for robust security, no method is 100 % foolproof. We cannot guarantee absolute protection against all conceivable threats.

11. CHILDREN’S PRIVACY

Our Site is not directed to children under 13 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will promptly delete such information.

12. DO‑NOT‑TRACK (DNT) SIGNALS

We honor DNT signals where technically feasible. If your browser sends a DNT header, we will refrain from using your data for behavioral advertising. Core functional tracking (e.g., session management) will continue.

13. INDEMNIFICATION & LIMITATION OF LIABILITY

You agree to defend, indemnify, and hold harmless Tornado Quest, its affiliates, officers, directors, employees, agents, and service providers from any claim, demand, loss, liability, damage, cost, or expense (including reasonable attorneys’ fees) arising out of:

Your breach of this Policy or any applicable law;
Your violation of any third‑party rights; or
Any alleged misuse of your personal data.

To the maximum extent permitted by law, Tornado Quest shall not be liable for any indirect, incidental, special, consequential, or punitive damages, nor for any loss of profits, revenue, data, use, goodwill, or other intangible losses resulting from your use of the Site, even if we have been advised of the possibility of such damages. Our total aggregate liability shall not exceed the greater of (i) the amount you have paid to us in the twelve (12) months preceding the claim, or (ii) $100 USD.

14. CHANGES TO THIS POLICY

We may revise this Policy at any time, in our sole discretion, without prior notice. Material changes will be posted on the Site with a 30‑day notice period. Continued use of the Site after such notice constitutes acceptance of the updated Policy.

15. GOVERNING LAW & DISPUTE RESOLUTION

This Policy shall be governed by the laws of the State of Oklahoma, United States, without regard to conflict‑of‑law principles. Any dispute arising out of or relating to this Policy shall be resolved exclusively in the state or federal courts located in Oklahoma County, Oklahoma, and you hereby consent to the personal jurisdiction of such courts.

16. CONTACT INFORMATION

If you have questions, concerns, or wish to exercise any of your privacy rights, please contact us:

Tornado Quest, LLC
Email: tornadoquest@protonmail.com
We will respond within 30 business days of receipt.

Legal Disclaimer