Effective Date: March 2025
Last Updated: December, 2025
At Borealis, we take your privacy seriously. This policy explains what data we collect, why we collect it, and how we use it. By using the Borealis mobile application, you accept the practices described in this policy.
Data Controller
The data controller for your personal data is Viktor Gidlöf, located in Stockholm, Sweden. For any privacy-related questions, contact us at borealis@gidlof.dev.
Data Collected
Data You Provide to Us
When you use Borealis, you provide us with your location data (with your permission) so we can calculate aurora visibility at your position. You also configure notification settings including your alert preferences, time windows, and probability thresholds. We store your city name for display purposes and to provide local weather forecasts.
Automatically Collected Data
The app automatically collects technical data including your device type, operating system, and app version. We collect usage data such as which features you use and how often (in an anonymized form). To enable push notifications, we store your device notification token. Our advertising partners collect your advertising identifier (IDFA on iOS), ad interaction data, and IP address to display relevant advertisements.
Processing Purpose
We use your personal data to provide and maintain the Borealis service, calculate aurora probability at your specific location, and send personalized aurora alerts based on real-time space weather conditions. Your data helps us display accurate weather conditions like cloud cover and daylight hours. We show advertisements to keep the app free. The data also helps us improve our service, develop new features, respond to support requests, and ensure the security of our platform.
Legal Basis for Processing
We process your personal data based on several legal grounds. Processing is necessary to execute our contract with you by providing the aurora prediction service you requested. We rely on your consent for location access, push notifications, and personalized advertising. Our legitimate interest justifies processing for service improvement, security measures, and non-personalized advertising. Finally, we process data when required to comply with legal obligations.
Advertising
Borealis is supported by advertisements. We partner with third-party advertising networks (Google AdMob) to display ads within the app. These advertising partners collect your advertising identifier, device information such as model and operating system version, approximate location for geo-targeted ads, and data about your ad interactions including views and clicks.
You have control over advertising personalization. On iOS, you can disable tracking through Settings → Privacy & Security → Tracking, or disable personalized ads through Settings → Privacy & Security → Apple Advertising. Please note that opting out means you’ll continue to see advertisements, but they will be less relevant to your interests.
For more information about how our advertising partners handle your data, please review their privacy policies at https://policies.google.com/privacy.
Data Recipients
Your data may be shared with several categories of service providers. We use cloud hosting providers Google Cloud Platform and Heroku to run our backend services. Weather data providers, Apple WeatherKit receive requests for local cloud cover and conditions. We access publicly available space weather data from NOAA and SWPC. Advertising networks, Google AdMob, receive data necessary to display ads. Analytics services (like Google Firebase and Crashlytics) receive anonymized usage data. We may disclose data to authorities when required by law. We never sell your personal data to third parties for monetary consideration.
International Transfers
Some of your data may be processed outside the European Union, particularly in the United States where our cloud hosting and advertising network partners operate. These transfers are conducted in accordance with GDPR requirements using appropriate safeguards such as the European Commission’s standard contractual clauses.
Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy. Location data is kept for 90 days for active users and 180 days after your last app use if you become inactive. Device notification tokens are stored until you uninstall the app, plus an additional 30 days. Your notification settings are retained as long as you keep notifications enabled. Usage analytics are kept for 90 days in their individual form and indefinitely in anonymized aggregate form. Advertising data retention is controlled by our ad network partners according to their respective policies. You can request deletion of your data at any time by contacting us at borealis@gidlof.dev.
Your Rights
Under GDPR and applicable privacy laws, you have several important rights regarding your personal data. You have the right to access and obtain a copy of your personal data. You can request rectification of any inaccurate or incomplete data. You have the right to erasure, also known as the ”right to be forgotten,” allowing you to request deletion of your data. You can request restriction of processing in certain circumstances. You have the right to data portability, meaning you can receive your data in a structured, machine-readable format. You can object to certain types of processing. Additionally, you have the right to withdraw your consent for location access, notifications, or personalized advertising at any time, though this does not affect any processing that occurred before you withdrew consent.
To exercise any of these rights, contact us at borealis@gidlof.dev with ”Privacy Request” in the subject line. We are committed to responding within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.
Children’s Privacy
Borealis is not intended for children under 13 years of age, or under 16 in the European Union. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at borealis@gidlof.dev and we will delete it promptly.
Security
We implement appropriate technical and organizational measures to protect your personal data. All data transmitted between your device and our servers is encrypted using HTTPS and TLS protocols. Data stored on our servers is encrypted at rest. We use secure authentication and restrict access to personal data to authorized personnel only. We conduct regular security reviews to identify and address potential vulnerabilities. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated ”Last updated” date. In case of substantial changes that materially affect your rights, we will notify you through an in-app notification or via email if you have previously contacted us. Your continued use of the app after such changes constitutes your acceptance of the updated policy.
Contact
For any questions regarding this privacy policy or the handling of your personal data, please contact us at borealis@gidlof.dev. We are committed to responding to your request within 30 days.