PRIVACY
POLICY

Arcticlyn is a mobile application for real-time aurora borealis monitoring developed and operated as an independent product. For any privacy-related questions, you can reach us at arcticlyn.dev@gmail.com.

Arcticlyn is designed to minimize data collection. Here is a complete and honest list of what the app accesses:

• Location (GPS) — used in real time to fetch your local cloud cover forecast, calculate your OVATION aurora probability, determine astronomical darkness at your latitude, and assess moon impact during the viewing window. Location is never stored on our servers and never shared with third parties.
• Device push token — only if you opt in to aurora alerts. Used exclusively to deliver notifications to your device. Stored securely and never used for advertising.
• Local cache — the app stores recent aurora data locally on your device to enable instant loading and reduce API calls. This data never leaves your device.

We do not collect your name, email address, browsing history, contacts, or any other personal identifier unless you are a hotel operator registering for the For Hotels plan.

The app uses the following external data sources. None of them receive personally identifiable information from us:

• NOAA SWPC — provides Kp index, solar wind data, and Bz. Public API, no personal data transmitted.
• NOAA OVATION — aurora probability model. Your rounded GPS coordinates are used to query local probability; coordinates are processed without any identifier and cannot be linked to an individual user.
• Open-Meteo — cloud cover forecast by GPS position. According to their documentation, coordinates are sent per request but not stored or linked to any identity. See open-meteo.com for their privacy policy.
• OneSignal — used to deliver push notifications to opted-in users. OneSignal acts as a data processor under its own terms. We transmit only the device push token; no personal identifier or account information is shared. See onesignal.com/privacy-policy for their privacy policy.
• Nominatim / OpenStreetMap — used for reverse geocoding your location into a human-readable city name displayed in the app header. No data is retained by us; third-party handling is subject to their own policies.

Every piece of data we access has a single, specific purpose. We process data based on user consent (for notifications) and legitimate interest (for core functionality):

• GPS coordinates → calculate aurora visibility at your location
• Push token → deliver critical aurora alerts you have opted into
• Local cache → faster load times and reduced network usage

We do not use any data for advertising, profiling, behavioral analysis, or any purpose other than providing the aurora forecasting service.

Because the app operates without a user account, there is no user profile to retain. All data processed by Arcticlyn is either transient (used for a single request and discarded) or stored locally on your device under your control.

If you are a hotel operator with a For Hotels account, we retain your account information (business name, email address, subscription status) for as long as your subscription is active for the purpose of providing the service and fulfilling contractual obligations. Upon account deletion, your data is permanently removed within 30 days.

Aurora alerts are entirely opt-in. You can withdraw consent at any time through your device Settings → Notifications → Arcticlyn or by toggling alerts off within the app. Withdrawing consent does not affect any other functionality of the app.

If you are a guest at a partner hotel and connected via QR code, your device token is linked to that property for a period of up to 5 days without identifying the individual user. You can unlink at any time by removing the app or revoking notification permissions.

Under the GDPR and applicable laws, you have the right to access, correct, or request the erasure of your personal data. You also have the right to restriction of processing, the right to data portability, and the right to lodge a complaint with a supervisory authority.

Since the consumer app collects no personal data on our servers, these rights primarily apply to hotel operator accounts. To exercise any of these rights, contact us at arcticlyn.dev@gmail.com. We will respond within 30 days.

Arcticlyn is not directed at children under the age required by applicable law (e.g., 13 in the U.S., up to 16 in the EEA). We do not knowingly collect any information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

We may update this Privacy Policy as the product evolves — particularly when new features such as push notifications or hotel management are rolled out. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.