Privacy Policy

WHAT THIS COVERS

This policy explains what data Aurora Outpost (“we”, “us”) collects from users of the website at auroraoutpost.com and the Aurora Outpost web application (the “Service”), how we use it, who we share it with, and your rights. We try to collect as little as possible and never sell user data.

WHO WE ARE

Aurora Outpost is operated by Scott Lefevre, a sole proprietor based in New York, USA. Reach us at scott@auroraoutpost.com.

WHAT WE COLLECT

Account information. When you sign up, we collect your email address and a chosen username. If you sign up with Google, we receive your email + name + profile picture from Google.

Profile information you choose to add. Optional fields you fill in: display name, home region, home latitude/longitude (rounded), bortle class, bio. All optional.

Locations and sighting reports. Locations you save (with photos, notes, coordinates) and sighting reports you submit (with intensity, photos, approximate location, time). Locations are private by default; sightings are shared with the community by design.

Push notification subscriptions. When you enable alerts, your browser/device generates a unique push subscription endpoint we store so we can send you notifications. Tied to your device, not to your identity outside the app.

Friend connections and alert preferences. Friend lists, blocked users, alert thresholds, quiet hours.

Donation records. If you donate via Stripe, we receive your donation amount, tier, and payment confirmation from Stripe. We do not receive or store your full credit card number.

Telegram link (optional). If you opt to link Telegram for alerts, your Telegram chat ID.

Technical data. Approximate IP address (for fraud prevention and rate limiting; not stored long-term), browser/device info from standard HTTP request headers, and anonymous traffic stats from Cloudflare Web Analytics (no cookies, no fingerprinting).

HOW WE USE IT

• To run the Service: display your dashboard, deliver push alerts, save your locations, post your sightings, match friend requests.
• To process donations and recognize donor tiers (badge on profile, optional Wall of Founders entry if/when shipped).
• To send transactional emails: welcome message, password reset, donation thank-you. We do not send marketing emails.
• To diagnose bugs and improve the Service. Server logs and error reports may include technical details about your session.
• To enforce the Terms of Service and prevent abuse.

WHO WE SHARE IT WITH

We share data with third-party processors who run parts of the Service. We pick reputable providers and don’t sell data to anyone:

• Supabase — auth and database hosting. Stores your account record, profile, locations, sightings, alerts.
• Cloudflare — DNS, CDN, and anonymous web analytics for the marketing site.
• Google — OAuth identity verification when you sign in with Google.
• Stripe — donation payment processing. We never see your full card number; Stripe handles that.
• Resend — transactional email delivery (welcome, password reset, donation thank-you).
• Telegram (optional) — if you link Telegram for alerts, we send messages through Telegram’s Bot API.
• NOAA / NASA / CCMC — we read public space-weather data from these sources; we do not send them anything about you.

We may disclose information if required by law (subpoena, court order, etc.). We will push back on overbroad requests where reasonable.

SIGHTING REPORTS AND PUBLIC CONTENT

Sighting reports you submit are shared with other users by design. Photos, intensity ratings, approximate location, and your username are visible to other chasers. We round sighting coordinates to ~1km to avoid revealing your home. Saved locations are private by default unless you explicitly share a collection with friends or list a spot publicly.

COOKIES AND TRACKING

We use a Supabase auth session cookie that keeps you signed in. We do not use third-party advertising cookies. Cloudflare Web Analytics is cookieless and does not fingerprint you. The Aurora Outpost web application uses a Service Worker (offline cache) that stores app assets locally on your device.

DATA SECURITY

We use industry-standard practices: HTTPS everywhere, hashed passwords (handled by Supabase Auth), JWT-based session tokens, RLS (row-level security) policies on the database so users can’t access each other’s private data. We are not perfect; if you discover a security issue, email scott@auroraoutpost.com.

DATA RETENTION

Active accounts: data is retained while your account is open. Deleted accounts: we remove your profile and content within 30 days of your deletion request, except where we’re legally required to retain certain records (e.g., donation receipts for tax purposes). Backups may retain data for an additional 90 days before being purged. Sighting reports posted publicly may persist as anonymized historical data even after account deletion.

YOUR RIGHTS

You can:

• Access your data via the in-app dashboard at any time.
• Edit profile info, locations, alert preferences, etc.
• Export your data — email scott@auroraoutpost.com and we’ll send you a JSON export within 30 days.
• Delete your account by contacting support. Account deletion is permanent.

If you’re in the EU/UK or California, you have additional rights under GDPR/CCPA respectively. We honor these requests for all users regardless of region.

CHILDREN

Aurora Outpost is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has signed up, contact us and we will delete the account.

INTERNATIONAL USERS

The Service is hosted in the United States. By using the Service from outside the US, you understand your data is processed in the US. We comply with applicable US privacy laws and honor international privacy rights where they apply.

CHANGES TO THIS POLICY

If we make material changes to this policy, we’ll notify users via an in-app notice or email before they take effect. Minor wording or clarification updates may be made without notice. The “Last updated” date at the top of this page reflects the most recent change.

CONTACT

Questions about this privacy policy? Email scott@auroraoutpost.com.