Aurora GoAurora Go

Privacy Policy

Last updated: January 17, 2026

1. Data Controller

The data controller responsible for your personal data is jiseungbo, operating Aurora Go. For inquiries, contact us at [email protected]

Aurora Go ("we," "our," or "us") is committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Korean Personal Information Protection Act (PIPA).

2. Information We Collect

2.1 Information Collected Automatically

When you visit our Service, we may collect the following information with your consent:

  • Device and browser information (browser type and version, operating system, device type, screen resolution)
  • IP address (anonymized for analytics; may be collected by advertising partners)
  • Pages visited, time spent on pages, and interaction data (clicks, scrolls)
  • Referring website or source
  • Approximate geographic location (country/region level, derived from IP)
  • Language preferences
  • Advertising data: ad impressions, clicks, and browsing behavior for personalized ads (via Google AdSense)

2.2 Location Data

With your explicit, separate consent, we may access your precise location through your browser's geolocation API to show aurora visibility forecasts for your area.

  • Forecast requests: When you view aurora forecasts for your location, your coordinates are sent to our servers to calculate visibility predictions. This data is processed in real-time and not stored permanently.
  • Saved alert locations: If you choose to save locations for aurora alerts, we store the location name and coordinates you provide on our servers to enable push notifications when aurora activity exceeds your chosen threshold.

You can revoke browser location permission at any time through your browser settings, and delete saved locations at any time through the notification settings panel.

2.3 Push Notification Data

If you enable push notifications, we collect and store:

  • A unique subscription identifier (not personally identifiable)
  • Encryption keys to secure your notifications
  • Basic device information (browser type, operating system)

Notifications are delivered through your browser's push service (Google, Mozilla, or Apple depending on your browser). The notification content is encrypted and these services cannot read it. You can unsubscribe at any time, which will delete all associated data.

2.4 Aurora Sighting Reports

When you submit an aurora sighting report, we collect:

  • Approximate location: Your reported location is automatically offset by 1-3km in a random direction to protect your privacy
  • Intensity level: Your assessment of aurora brightness
  • Optional description: Any text you provide (max 500 characters)
  • Optional photo URL: If you provide a link to your aurora photo
  • Submission timestamp: When you submitted the report

Important: Sighting reports are visible to other users on the map. Your exact location is never shared - only the obfuscated approximate area is displayed. Any description or photo you provide will be visible to other users. Reports automatically expire and are deleted after 1 hour.

When you verify another user's sighting ("I also see it!"), we store your verification along with your intensity assessment.

2.5 Feedback and Email Collection

When you submit feedback through our feedback widget, we collect:

  • Feedback content: Your comments, suggestions, or bug reports
  • Email address (optional): Only if you choose to participate in our promotional reward program
  • Submission timestamp: Date and time of feedback

Feedback submitted without an email address is completely anonymous. We cannot identify or contact you based on anonymous feedback.

2.6 Information We Do NOT Collect

  • Names or account information (no user accounts required)
  • Payment or financial information
  • Social media profiles
  • Your exact location in sighting reports (automatically obfuscated by 1-3km)

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Legitimate interest: Essential website functionality (language preferences), service improvement (feedback)
  • Consent: Analytics, advertising, and optional email collection
  • Explicit consent: Location data, push notifications, and aurora sighting reports

You may withdraw your consent at any time by using our cookie consent banner or contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. Cookies and Tracking Technologies

We use a consent management system that requires your explicit consent before loading any non-essential cookies. You can manage your preferences at any time.

4.1 Essential Cookies

Required for basic functionality (e.g., language preferences, consent state). These do not require consent under GDPR.

4.2 Analytics Cookies (Google Analytics 4)

With your consent, we use Google Analytics 4 to understand how visitors interact with our Service. We have enabled IP anonymization and do not send any personally identifiable information to Google.

Google Analytics Opt-out | Google Privacy Policy

4.3 Advertising Cookies (Google AdSense)

With your consent, we use Google AdSense to display personalized advertisements. Google and its partners may collect browsing data to serve relevant ads. If you decline consent, no ads will be shown and AdSense will not be loaded.

Google Ads Privacy Policy | Ad Personalization Settings | Your Ad Choices

5. Data Sharing

We share data with the following service providers (all US-based with Standard Contractual Clauses):

  • Google LLC: Analytics
  • Google LLC (AdSense): Advertising
  • Vercel Inc.: Website hosting
  • Railway Corp.: Backend hosting

5.1 Community Features

When you submit aurora sighting reports, your approximate location (obfuscated by 1-3km), intensity level, and description are visible to other users. Your identity is never revealed. We do not share your saved locations or notification preferences with other users.

Note: Under CCPA/CPRA, personalized advertising may constitute "sharing" of personal information. We do not sell your data for monetary consideration.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. For transfers from the EU/EEA, we rely on:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission for transfers to Google and our hosting provider
  • Your explicit consent for data processing when you accept our cookie policy

You can request a copy of the applicable safeguards by contacting us.

7. Data Retention

  • Analytics & Advertising: Google Analytics data is retained for 14 months. Google AdSense data is retained per Google's privacy policy.
  • Push subscriptions & saved locations: Until you unsubscribe or delete them
  • Aurora sighting reports: Automatically deleted after 1 hour
  • Feedback: Up to 3 years for service improvement
  • Email (promotional rewards): 90 days after prize delivery
  • Server logs: 30 days (hosting provider)

8. Your Rights

8.1 For EU/EEA Residents (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing, including profiling
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority

To exercise your rights, email us at [email protected]. We will respond within 30 days.

8.2 For California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal information is collected, used, and shared
  • Delete your personal information
  • Opt-out of sharing for cross-context behavioral advertising
  • Limit use of sensitive personal information (including precise geolocation)
  • Non-discrimination for exercising your rights

"Do Not Sell or Share My Personal Information"

We do not sell your personal information for monetary consideration. However, under CCPA/CPRA, personalized advertising through Google AdSense and its partners may constitute "sharing" of personal information for cross-context behavioral advertising purposes.

To opt-out of sharing:

  • Use our cookie consent banner to decline advertising cookies
  • Enable Global Privacy Control (GPC) in your browser - we honor GPC signals
  • Contact us at [email protected] with the subject "Do Not Share"

We will respond to your request within 45 days.

8.3 For Korean Residents (PIPA)

Under Korea's Personal Information Protection Act, you have similar rights to access, correct, delete, and suspend processing of your data. Contact us to exercise these rights.

9. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted database storage for push subscriptions and user locations
  • IP anonymization in analytics
  • Automatic data expiration (sighting reports deleted after 1 hour)
  • Regular security updates and monitoring

10. Children's Privacy

Our Service is not directed to children under the age of 16 (EU) or 13 (elsewhere). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may provide additional notice (e.g., a banner on our website).

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at [email protected]

Response Time: Within 30 days (GDPR) / 45 days (CCPA)