Privacy Policy
Last updated: December 8, 2025
1. Data Controller
The data controller responsible for your personal data is jiseungbo, operating Aurora Go. For inquiries, contact us at [email protected]
Aurora Go ("we," "our," or "us") is committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Korean Personal Information Protection Act (PIPA).
2. Information We Collect
2.1 Information Collected Automatically
When you visit our Service, we may collect the following information with your consent:
- Device information (browser type, operating system, device type)
- IP address (anonymized for analytics)
- Pages visited and time spent on pages
- Referring website or source
- Approximate geographic location (country/region level)
2.2 Location Data
With your explicit, separate consent, we may access your precise location through your browser's geolocation API to show aurora visibility forecasts for your area.
- Browser-only location: When you view forecasts without saving locations, your coordinates are processed locally in your browser and are not transmitted to or stored on our servers.
- Saved alert locations: If you choose to save locations for aurora alerts, we store the location name and coordinates you provide on our servers to enable push notifications when aurora activity exceeds your chosen threshold.
You can revoke browser location permission at any time through your browser settings, and delete saved locations at any time through the notification settings panel.
2.3 Push Notification Data
If you enable push notifications, we collect and store:
- Push subscription endpoint: A unique URL provided by your browser's push service
- Encryption keys: Public keys (p256dh and auth) required to encrypt notifications
- Subscription timestamp: When you subscribed
This data is used solely to send you aurora alerts and sighting notifications. We do not share this data with third parties. You can unsubscribe at any time through the notification settings panel, which will delete all associated data.
2.4 Aurora Sighting Reports
When you submit an aurora sighting report, we collect:
- Approximate location: Your reported location is automatically offset by 1-3km in a random direction to protect your privacy
- Intensity level: Your assessment of aurora brightness
- Optional description: Any text you provide
- Submission timestamp: When you submitted the report
Important: Sighting reports are visible to other users on the map. Your exact location is never shared - only the obfuscated approximate area is displayed. Reports automatically expire and are deleted after 1 hour.
When you verify another user's sighting ("I also see it!"), we store your verification along with your intensity assessment.
2.5 Feedback and Email Collection
When you submit feedback through our feedback widget, we collect:
- Feedback content: Your comments, suggestions, or bug reports
- Email address (optional): Only if you choose to participate in our promotional reward program
- Submission timestamp: Date and time of feedback
Feedback submitted without an email address is completely anonymous. We cannot identify or contact you based on anonymous feedback.
2.6 Information We Do NOT Collect
- Names or account information (no user accounts required)
- Payment or financial information
- Social media profiles
- Your exact location in sighting reports (automatically obfuscated by 1-3km)
3. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
| Purpose | Data | Legal Basis |
|---|---|---|
| Essential website functionality | Language preference | Legitimate interest |
| Analytics (Google Analytics 4) | Device info, pages visited, anonymized IP | Consent |
| Advertising (Google AdSense) | Browsing behavior, ad interactions | Consent |
| Location-based forecasts | Precise geolocation | Explicit consent |
| Push notifications | Push subscription endpoint, encryption keys | Explicit consent |
| Saved alert locations | Location name, coordinates, thresholds | Explicit consent |
| Aurora sighting reports | Obfuscated location, intensity, description | Explicit consent |
| Feedback collection | Feedback content, timestamp | Legitimate interest |
| Promotional rewards | Email address | Consent (opt-in) |
You may withdraw your consent at any time by using our cookie consent banner or contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
4. Cookies and Tracking Technologies
We use a consent management system that requires your explicit consent before loading any non-essential cookies. You can manage your preferences at any time.
4.1 Essential Cookies
Required for basic functionality (e.g., language preferences, consent state). These do not require consent under GDPR.
4.2 Analytics Cookies (Google Analytics 4)
With your consent, we use Google Analytics 4 to understand how visitors interact with our Service. We have enabled IP anonymization and do not send any personally identifiable information to Google. Data is retained for 14 months.
Specific cookies used:
_ga- Distinguishes unique users (expires: 2 years)_ga_*- Maintains session state (expires: 2 years)_gid- Distinguishes users (expires: 24 hours)
Google Analytics Opt-out Browser Add-on | Google Privacy Policy
4.3 Advertising Cookies (Google AdSense)
With your consent, we use Google AdSense to display advertisements. Google and its partners may use cookies to serve ads based on your browsing history. If you decline consent, we will serve non-personalized ads only.
5. Data Sharing and Recipients
We share data with the following categories of recipients:
| Recipient | Purpose | Location |
|---|---|---|
| Google LLC (Analytics) | Website analytics | USA (SCCs) |
| Google LLC (AdSense) | Advertising | USA (SCCs) |
| Vercel Inc. | Frontend hosting | USA (SCCs) |
| Railway Corp. | Backend hosting, feedback storage | USA (SCCs) |
| Google LLC (Sheets) | Feedback data storage | USA (SCCs) |
5.1 Community Features - Data Visible to Other Users
When you use our community features, certain information becomes visible to other Aurora Go users:
- Aurora sighting reports: When you report a sighting, other users can see the approximate location (obfuscated by 1-3km), intensity level, and any description you provide. Your identity is not revealed.
- Sighting verifications: When you verify another user's sighting, your intensity assessment is visible to other users. Your identity is not revealed.
- Nearby sighting notifications: When someone reports a sighting near your saved location (within 150km), you will receive a push notification with the approximate distance and intensity. The reporter's identity is not shared.
Important: We do not share your saved locations, notification preferences, or any identifying information with other users.
Note on Advertising: Under CCPA/CPRA, personalized advertising through AdSense may constitute "sharing" of personal information for cross-context behavioral advertising. We do not "sell" your data for monetary consideration.
6. International Data Transfers
Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. For transfers from the EU/EEA, we rely on:
- Standard Contractual Clauses (SCCs) adopted by the European Commission for transfers to Google and our hosting provider
- Your explicit consent for data processing when you accept our cookie policy
You can request a copy of the applicable safeguards by contacting us.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Google Analytics data | 14 months |
| Consent preferences | Until withdrawn or 12 months |
| Server logs | 30 days (hosting provider) |
| Browser location (forecasts) | Not stored (browser only) |
| Push subscription data | Until unsubscribed |
| Saved alert locations | Until deleted by user or unsubscribed |
| Aurora sighting reports | 1 hour (automatically deleted) |
| Notification logs | 7 days |
| Feedback content | 3 years (for service improvement) |
| Email (promotional rewards) | 90 days after prize delivery, or until withdrawal |
8. Your Rights
8.1 For EU/EEA Residents (GDPR)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing, including profiling
- Withdraw consent at any time
- Lodge a complaint with your local supervisory authority
To exercise your rights, email us at [email protected]. We will respond within 30 days.
8.2 For California Residents (CCPA/CPRA)
You have the right to:
- Know what personal information is collected, used, and shared
- Delete your personal information
- Opt-out of sharing for cross-context behavioral advertising
- Limit use of sensitive personal information (including precise geolocation)
- Non-discrimination for exercising your rights
"Do Not Sell or Share My Personal Information"
We do not sell your personal information for monetary consideration. However, under CCPA/CPRA, personalized advertising through Google AdSense may constitute "sharing" of personal information for cross-context behavioral advertising purposes.
To opt-out of sharing:
- Use our cookie consent banner to decline advertising cookies
- Enable Global Privacy Control (GPC) in your browser - we honor GPC signals
- Contact us at [email protected] with the subject "Do Not Share"
We will respond to your request within 45 days.
8.3 For Korean Residents (PIPA)
Under Korea's Personal Information Protection Act, you have similar rights to access, correct, delete, and suspend processing of your data. Contact us to exercise these rights.
9. Security Measures
We implement appropriate technical and organizational measures to protect your data:
- HTTPS encryption for all data in transit
- IP anonymization in analytics
- No server-side storage of personal data
- Regular security updates
10. Children's Privacy
Our Service is not directed to children under the age of 16 (EU) or 13 (elsewhere). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may provide additional notice (e.g., a banner on our website).
12. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at [email protected]
Response Time: Within 30 days (GDPR) / 45 days (CCPA)