← AuroraChaser

Privacy Policy

AuroraChaser is built to need as little of your data as possible. This policy explains who we are, the limited data we process, why we process it, and the rights you have under the GDPR.

Who we are

AuroraChaser is published by Honig Enterprises B.V., which is the data controller for the personal data described in this policy.

Honig Enterprises B.V.
Michiel de Ruyterstraat 17
7204 GG Zutphen, The Netherlands
KvK 87393921 · VAT NL864282540B01
Tilian@honig.enterprises

Our approach

We practise data minimisation. There is no user account and nothing to sign up for: when first used, the app registers itself with our server under a randomly generated device identifier, and that pseudonymous ID is the only identity it ever has. Most of what the app does happens entirely on your device.

We never sell your data, and there are no third-party advertising or tracking SDKs in the app. The only sponsored content you will ever see are the clearly marked partner promotions we serve ourselves (see "Partner promotions" below); no outside party is involved in showing them to you.

Processed on your device only

The following stays on your phone and is never sent to us:

  • Your location, if you allow it: used on-device to show your position on the map, the distance to viewing spots, and to detect that you are near a spot.
  • Cached forecasts, your settings, selected regions and your trip diary: stored locally on your device until you clear them or uninstall the app.

Data you send to our servers

When you use a feature that needs our backend, the app sends only what that feature requires. Everything below is keyed to the randomly generated, pseudonymous device identifier - not to your name, email address or any other real-world identity:

  • Device registration: your platform (iOS or Android), app version and language, so we can serve the right data and support the app.
  • Alerts: if you enable notifications, a push token and your notification preferences, so we can deliver the alerts you asked for.
  • Community features (all optional): if you report an aurora sighting, upload a photo, join or post in a chase group, check in at a spot, collect stamps, or appear on a leaderboard, we store what you submit. Sightings and check-ins reference a viewing spot - never your own coordinates - and photos are scrubbed of embedded location metadata (EXIF/GPS) the moment they reach our server, before anything is stored. Even so, please do not put anything in a photo or post that you would not want other users to see.
  • A display name is optional, does not have to be your real name, and is shown to other users only if you set one.
  • Usage events: the app sends a small number of first-party product events (for example, that a partner promotion appeared on screen or was tapped). These go only to our own server, are never shared with or enriched by any third party, and are deleted together with your device data.

Partner promotions

The app may show a small number of promotions from partners (for example, a local tour operator). These are served by our own backend and are always clearly marked as "Partner". No advertising network is involved: no third party decides what you see, and no third party learns that you saw it. We count how often each promotion appears on screen and is tapped, using the first-party usage events described above - a plain counter, not an advertising profile.

Abuse prevention

To keep the community features usable, our backend applies rate limits and abuse checks. For this it stores salted cryptographic hashes of the network your requests come from - never your raw IP address - for a rolling, capped window.

Our servers are configured not to keep access logs: your IP address is not stored after your request has been served.

Where your data lives

The AuroraChaser backend runs on a server we operate ourselves, on infrastructure provided by Gigahost AS (Sandefjord, Norway), inside the European Economic Area (EEA). Your data is not transferred outside the EEA, with the single exception of push-notification delivery described below.

Data sources and recipients

AuroraChaser combines open scientific data from the sources below. Normally our own server fetches this data, so the providers only ever see our server, not you. If our server is unreachable, the app fetches directly from the provider as a fallback; in that case the provider's servers see your device's IP address, like any internet request, but never your identity.

The sources we use:

  • NOAA Space Weather Prediction Center (swpc.noaa.gov) - aurora nowcast (OVATION model), Kp index, solar wind and geomagnetic forecasts.
  • MET Norway (met.no) - cloud cover and weather forecasts. Requests carry the coordinates of viewing regions and spots in Northern Norway - not your device's location.
  • Finnish Meteorological Institute (FMI) (space.fmi.fi) - real-time magnetometer measurements from the IMAGE network, used for the local aurora-activity indicator.
  • NASA DONKI / CCMC (ccmc.gsfc.nasa.gov) - coronal mass ejection (CME) warnings.
  • Kjell Henriksen Observatory (KHO) / UNIS (kho.unis.no) - Svalbard aurora webcam imagery, normally served through our own server.
  • CARTO (carto.com) - the map tiles in the app. Tiles are loaded directly by your device, so CARTO receives your IP address and the map area you are viewing, subject to CARTO's privacy policy.
  • PANOMAX and yr.no webcams - link-only: the app never loads their imagery. Tapping such a webcam opens the provider's own website.
  • Firebase Cloud Messaging (Google) - delivers push notifications if you enable alerts. Your push token is shared with Google solely to route notifications to your device, subject to Google's privacy policy.

International data transfers

Our backend is hosted in the EEA (Norway). Push notifications are routed through Google (Firebase Cloud Messaging), which may process your push token outside the EEA, including in the United States, under the European Commission's Standard Contractual Clauses. If the app falls back to fetching data directly from NOAA or NASA (US government services), their servers see your device's IP address for that request, nothing more.

How long we keep it

Your device registration, usage events and any community content you submit are kept until you delete them. You can delete individual content (such as a photo) in the app, or delete everything at once - see "Your rights". Abuse-prevention hashes are kept for a rolling, capped window. Data cached on your device stays until you clear it or uninstall the app.

Your rights

Under the GDPR you have the right to access, rectify, or erase your personal data, to restrict or object to its processing, and to data portability. The app has a built-in "delete my data" action that permanently removes your device registration and everything linked to it from our servers. For anything else, contact us at Tilian@honig.enterprises.

You also have the right to lodge a complaint with a supervisory authority - in the Netherlands the Autoriteit Persoonsgegevens, in Norway Datatilsynet.

Children's privacy

AuroraChaser is not directed to children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with data, contact us and we will delete it.

This website

This site is a static information page. It sets no cookies and runs no advertising or analytics trackers. The web server processes standard technical request data (your IP address and the page requested) only to deliver the page; it is configured not to keep access logs, so this data is not stored after your request has been served. Your language choice, if any, is stored only in your own browser.

Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected by the date above.

Contact

Privacy questions? Email us at Tilian@honig.enterprises - our full details are under "Who we are" above.