Privacy Policy

Effective 22 April 2026

The short version Astraflare has no account, no sign-in and no paywall. We don't use IDFA. We don't run analytics. We don't track you across apps or websites. Your location stays on your device except to fetch a local cloud-cover forecast — and even then it's rounded to ~1 km before it leaves.

What we store on your device

All settings and caches live in the app's sandboxed storage on your iPhone:

Your notification thresholds (Kp, flare class, conjunction separation, eclipse lead time)
Your UI preferences (UTC or local time, enabled alert categories)
Cached API responses so the app works offline
A record of which event IDs have already notified you, so you don't get duplicates
Your APNs device token, used to receive push notifications from our backend

What we send to third parties

The app fetches live data from public, unauthenticated sources. These requests do not include your name, email, device identifier, or any account (there isn't one):

NOAA SWPC (swpc.noaa.gov) — Kp index, aurora-oval data, X-ray flux, solar wind, alert bulletins. Anonymous.
NASA CCMC DONKI (kauai.ccmc.gsfc.nasa.gov) — CME, flare and geomagnetic-storm history. Anonymous.
NASA Helioviewer (helioviewer.org) — SDO and SOHO solar imagery. Anonymous.
U.S. Naval Observatory (aa.usno.navy.mil) — sun and moon astronomical data. Anonymous.
CelesTrak (celestrak.org) — satellite TLEs, sunspot and F10.7 history. Anonymous.
Minor Planet Center (minorplanetcenter.net) — comet orbital elements. Anonymous.
Open-Meteo (open-meteo.com) — local cloud-cover forecast. Includes your latitude and longitude rounded to two decimal places (about 1 km). This is a deliberate privacy measure and also prevents GPS jitter from fragmenting our cache.

What our backend stores

Astraflare uses a small push backend at api.astraflare.eldwynlabs.com to relay space-weather alerts to your phone. It stores only:

An anonymous APNs device token
Your notification threshold settings (Kp cutoff, minimum flare class, etc.)

No email, no name, no location, no identifier tied to you. Deleting the app invalidates the token and the backend stops sending to it.

Location

If you grant location permission, your coordinates are used on your device to compute aurora visibility, eclipse local circumstances, satellite-pass geometry, Bortle light-pollution hints and planet altitude. The only outbound use is the Open-Meteo cloud-cover request described above. Location is never sent to our backend.

Notifications

All alert categories are off by default. You opt in per category in the Alerts tab. iOS lets you revoke notification permission at any time in Settings.

Analytics and tracking

None. Astraflare contains no analytics SDK, no crash-reporting SDK, no advertising SDK, no IDFA usage. The app declines App Tracking Transparency; there is nothing to track.

Children

Astraflare is not directed at children under 13. We do not knowingly collect personal information from anyone — there are no accounts and no personal-data collection.

Your rights

Because Astraflare stores no personal data on our servers, there is nothing to request, export or delete. You control every local setting inside the app; deleting the app removes all of it.

Changes to this policy

If this policy materially changes we will update the effective date above and note the change in the next app release.

Contact

Questions about this policy: support@eldwynlabs.com.