Privacy Policy

Aurora Forecast

Last updated: April 25, 2026

Summary: We collect only the data necessary to deliver aurora forecasts, account features, and community sightings. We do not sell your data. You can delete your account and all associated data at any time, either from inside the app (Settings → Account → Delete account) or via https://aurora-forecast.app/delete-account.

1. Personal Data We Collect

1.1 Account Data

When you create an Aurora Forecast account we store:

Email address — used for account login, password recovery, and important service communications.
Password — never stored in clear text. We hash passwords with bcrypt before saving them in our database.
Username — the public name shown next to your sightings and reactions.
Profile picture (optional) — stored on Cloudflare R2 object storage in the EU.

1.2 Location Data

We use your geographic location to:

Calculate the probability of aurora visibility where you are.
Show observation spots and weather forecasts near you.
Tag any aurora sighting you choose to publish to the community feed.

Forecast location is processed on your device whenever possible. Only the public coordinates of a sighting that you explicitly choose to submit are stored on our servers. Live tracking location is never logged on our servers.

1.3 Sightings — User-Generated Content

When you publish an aurora sighting, the following data is stored on our servers (Cloudflare D1 + R2 in the EU):

Description text you write about the sighting.
Photos you attach (stored on R2 object storage).
GPS coordinates of the sighting (rounded to protect your privacy).
Selected colors and intensity values.
Timestamp of submission.
Username linked to the sighting.

Published sightings are visible to all users. You can delete any of your own sightings at any time from your profile.

1.4 Device & Notification Data

Push notification token (Expo Push) — used to send aurora alerts.
Advertising ID — used by Google AdMob; can be reset or limited from Android settings.
Crash logs and basic device info — used to fix bugs and improve stability.

2. Who We Share Data With

We share data only with the third parties strictly required to operate the app:

Cloudflare — hosting, D1 database, R2 image storage, KV cache. Cloudflare Privacy Policy
Google AdMob — ad delivery using a resettable advertising ID. Google Privacy Policy
Google Play Services — in-app purchases and Play Billing.
Expo Push Notifications — relays push notifications to your device. Expo Privacy Policy
NOAA SWPC — public space-weather data (Kp index, solar wind). Only public location is sent — never your personal coordinates.
Open-Meteo — weather and cloud forecast. Only the public location you query is sent.

We do not sell your personal data.

3. In-App Purchases

Aurora Premium (99 SEK / year, auto-renewing) is processed by Google Play. We only store the resulting subscription status (premium/standard) and a Play transaction reference for support purposes. We never have access to your payment-card details.

4. Data Retention

Active accounts: data is kept for as long as your account exists.
Account deletion: when you delete your account we mark it for removal and delete the data within 30 days from our live database, after which it is also purged from encrypted backups within the next backup cycle.
Push tokens: deleted immediately when you uninstall or disable notifications.
Crash logs: retained for up to 90 days for debugging and then deleted.

5. Your Rights (GDPR)

You have the following rights:

Right to delete your account: from inside the app via Settings → Account → Delete account, or on the web at https://aurora-forecast.app/delete-account.
Right to data export — request a copy of your data.
Right to information about how your data is processed.
Right to rectification of inaccurate data.
Right to object to or restrict processing.

To exercise any of these rights, contact us at the email below. We respond within 30 days.

6. Children's Privacy

The app is not directed at children under 13 years of age. We do not knowingly collect personal data from children.

7. Security

Data in transit is protected with TLS. Passwords are stored as bcrypt hashes. Backend access is restricted to the developer and is gated by API keys and JWT tokens.

8. Changes to This Policy

We may update this policy as needed. Significant changes will be communicated via the app or push notification. The "Last updated" date at the top of this page always reflects the latest revision.

Contact

If you have questions about this privacy policy or want to exercise your rights, contact:

Email: davidrydgren@gmail.com