Privacy Policy

1. Introduction

Flaresat ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you use our website, mobile application, and live mapping services (collectively, the "Service"). It applies to all users, including those who use the app without creating an account ("Guest Mode").

2. Information We Collect

2a. Registered Accounts

When you create an account, we collect the following through our authentication provider (Clerk):

• Name and email address, used to identify you within groups and send service notifications.
• Profile picture URL, if you connect a social account or upload one.
• Device push notification tokens, stored to deliver in-app alerts and group notifications to your device.

2b. Location Data

Location sharing is opt-in per group. You must explicitly enable it for each group you join; it is disabled by default. When enabled:

• We collect your precise GPS coordinates (latitude and longitude) while the app is in the foreground or background.
• Your location is stored in our database and shared in real-time with other members of the specific group you have enabled sharing for.
• Location data is retained until you disable sharing for that group, delete your account, or the group is deleted.
• You can disable location sharing at any time from within the group, this immediately removes your location from our servers.

We also support background location tracking for route recording features. This is only active when you explicitly start a route recording session.

2c. Messages and Media

• Text messages you send within groups are stored on our servers and visible to all members of that group.
• Voice and audio messages are stored in our file storage and linked to your message record.
• Messages are retained until the group is deleted. If you delete your account, your message content remains but your identity (name, avatar) is removed from those messages.

2d. Map Annotations

Pins, routes, and area boundaries you create within a group are stored on our servers and visible to all group members. They are retained until you delete them or the group is deleted.

2e. Usage and Analytics Data

We use PostHog to collect anonymous usage data, including app session information, screen navigation, device type, operating system, and app version. No personally identifiable information is included in these analytics. This data helps us understand how the app is used and fix issues.

2f. Guest Mode (No Account Required)

You may use Flaresat in Guest Mode without creating an account. In Guest Mode:

• All your data (groups, messages, map items, locations) is stored on your device only and is not sent to our servers.
• No personal information is collected or stored by us.
• Guest Mode is designed for offline and radio/mesh (Meshtastic) group coordination. Data shared over mesh radio is transmitted peer-to-peer via radio frequency and is not stored by Flaresat.
• If you later create an account, your guest data is not automatically transferred to your account.

3. How We Use Your Information

• To operate the Service and display your location to members of groups you have chosen to share with.
• To deliver push notifications and in-app alerts.
• To send transactional emails (account creation confirmation, announcements).
• To improve performance, fix bugs, and understand usage patterns through anonymous analytics.
• To process subscription payments and billing (via Paddle).
• To comply with legal obligations.

We do not sell your personal data or location data to third parties.

4. Third-Party Services and Data Sharing

We use the following third-party services to operate the Service. Each acts as a data processor on our behalf:

• Clerk, Authentication provider. Receives your email, name, and profile picture for account management. See Clerk's Privacy Policy.
• Convex, Backend database and real-time infrastructure. Stores all account data, messages, locations, and map items. See Convex's Privacy Policy.
• Expo (Push Notifications), Delivers push notifications to your device. Receives your device push token and notification content (title, body). No location or message content is shared.
• Mailgun, Transactional email delivery. Receives your email address and name to send service-related emails.
• Paddle, Payment processing and subscription management. Acts as our Merchant of Record for all payments. See Paddle's Privacy Policy.
• PostHog, Anonymous analytics. Receives session data, device type, OS, app version, and screen navigation. No personal data or location is shared. See PostHog's Privacy Policy.
• OpenAI, Used exclusively for admin-side analysis of aggregated, anonymised platform metrics. No individual user data, messages, or location is ever sent to OpenAI.

We do not share your personal information with any other third party except where required by law or to protect the rights, property, or safety of Flaresat, our users, or the public.

5. Data Retention

• Account data, Retained until you delete your account.
• Location data, Retained while you have location sharing enabled for a group. Deleted immediately when you disable sharing or delete your account.
• Messages and media, Retained until the group is deleted. Message history may persist after account deletion, but your identity is removed.
• Push tokens, Retained until your device deregisters or your account is deleted.
• Guest Mode data, Stored on your device only; we retain nothing.

6. Your Rights

Depending on your location, you may have rights including the right to access, correct, or delete your personal data, and the right to object to or restrict certain processing. You can:

• Delete your account and associated data directly from the app settings.
• Disable location sharing at any time from within any group.
• Request a copy of your data or ask us to delete it by contacting us at the address below.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data in transit is encrypted using TLS. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.