Privacy Policy
This Privacy Policy explains how AstroCaddy ("we", "us", "our") collects, uses, and shares information when you use the AstroCaddy mobile application and related services (the "Service"). By using the Service, you agree to the practices described here.
1. Who We Are
AstroCaddy is an astronomy social and observation-logging application based in Pennsylvania, United States. You can reach us at astrocaddydev@gmail.com. AstroCaddy is operated by Luke Vandevere as a sole proprietorship.
2. Information We Collect
2.1 Account Information
- Email address and password — used to create and secure your account (handled by Supabase Auth; passwords are hashed and never visible to us).
- Username, biography, and avatar image — provided by you for your public profile.
2.2 Observation Data
- Objects observed — celestial objects you log in your sky log.
- Optional location — observation location, only if you choose to tag it. We do not collect real-time or background location.
- Confirmation photos — images you optionally attach to observations.
2.3 Equipment Data
- Telescopes, eyepieces, cameras, and other gear you add to your equipment vault.
2.4 Social and User-Generated Content
- Posts, comments, likes, and follow relationships.
- Group memberships and group messages.
2.5 Push Notification Tokens
- Device tokens issued by Expo Notifications so we can deliver push notifications you have opted in to.
2.6 Subscription Data
- Subscription status, plan, and renewal state, retrieved through RevenueCat. Payment information is processed by Apple App Store or Google Play; we do not see or store full payment card details.
2.7 What We Do NOT Collect
- Real-time or background location.
- Your phone contacts or address book.
- Health or fitness data.
- Financial information beyond what Apple, Google, and RevenueCat require to process your subscription.
3. How We Use Your Information
- To provide and maintain your account and the Service.
- To display your profile, observations, posts, and other content to you and (where appropriate) to other users.
- To send notifications you have opted in to.
- To process subscriptions and verify entitlement to paid features.
- To moderate content and enforce our Terms of Service.
- To debug, improve, and secure the Service.
- To respond to your support requests.
4. Third-Party Service Providers
We rely on the following third parties to operate the Service. Each processes data only as needed to perform their function.
- Supabase — database, authentication, and file storage. Hosts account data, observation data, equipment data, posts, comments, group messages, and avatar/photo uploads.
- Expo & Expo Application Services — application delivery and push notification infrastructure. Receives push tokens and notification payloads.
- RevenueCat — subscription management. Receives anonymous user identifier and subscription events.
- Apple App Store / Google Play — payment processing for subscriptions. These providers receive payment information directly from you under their own privacy policies.
- Anthropic — limited AI features (such as observation plausibility checks) may send observation metadata to Anthropic's API. No personally identifying information is intentionally sent.
We do not sell your personal information to advertisers or data brokers.
5. Data Retention
We retain your information for as long as your account is active. If you delete your account, we delete or anonymize your personal information within 30 days, except for limited records we are required to keep for legal, accounting, fraud-prevention, or audit purposes.
Backups containing your data may persist for up to 90 days after deletion before being overwritten in normal backup rotation.
6. Your Rights
You have the right to:
- Access — request a copy of the personal information we hold about you.
- Correct — update inaccurate information directly in the app, or by contacting us.
- Delete — delete your account at any time from Profile → Settings → Delete account, or by emailing us.
- Export — request a portable copy of your data.
- Withdraw consent — opt out of push notifications in your device settings, and disable optional location tagging at any time.
To exercise any of these rights, email astrocaddydev@gmail.com. We will respond within 30 days.
7. Children's Privacy
AstroCaddy is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact astrocaddydev@gmail.com.
This Service complies with the Children's Online Privacy Protection Act (COPPA).
8. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete that information, the right to correct inaccurate information, and the right not to be discriminated against for exercising these rights. We do not sell personal information, so the "right to opt out of sale" does not apply. To exercise your CCPA rights, contact astrocaddydev@gmail.com.
9. European Users (GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation, including the rights of access, rectification, erasure, restriction of processing, data portability, and objection. The legal bases on which we rely are: (a) performance of a contract (operating your account and the Service), (b) your consent (push notifications, optional location tagging), and (c) our legitimate interest in keeping the Service secure and improving it. To exercise any of these rights, contact astrocaddydev@gmail.com. You also have the right to lodge a complaint with your local data protection authority.
10. Security
We use industry-standard measures to protect your information, including encrypted connections (HTTPS/TLS) and hashed passwords. No system is perfectly secure, however, and we cannot guarantee absolute security.
11. International Transfers
Our service providers are primarily based in the United States. By using the Service, you acknowledge that your information may be transferred to and processed in countries other than your own, including the United States.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced in the app or by email. The "Effective date" at the top of this page reflects the most recent revision. Your continued use of the Service after an update constitutes acceptance of the revised policy.
13. Contact
For any questions, requests, or concerns about this Privacy Policy or your data, contact us at astrocaddydev@gmail.com.