Menu

Data Protection

1. Data Controller

The person responsible for data processing on this website is:

Matthias Wüllenweber
Huuskoppel 68c
22397 Hamburg

You can reach the data controller via the contact form.

2. Overview

Nightbase is a personal astronomy observation logger. We take your privacy seriously and collect only the minimum data required to provide the service. We do not use your data for advertising, analytics, profiling, or any other purpose.

3. Data We Collect & Legal Basis

a) Account registration

When you register an account, we store:

  • Email address and password (password is stored as a salted hash, never in plain text)

Legal basis: Art. 6(1)(b) GDPR — performance of a contract. The account is required to use the service.

b) Observation data

When you use the application, you may choose to store:

  • Observation sessions, notes, and photos
  • Equipment information
  • Observing locations and plans

Legal basis: Art. 6(1)(b) GDPR — performance of a contract. This data is the core purpose of the service.

c) Contact form

When you use the contact form, we store your name, email address, and message to process your enquiry.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in responding to user enquiries.

d) Server log files

When you access this website, your browser automatically transmits data such as IP address, browser type, and the page requested. This data is stored in server log files for the purpose of ensuring the security and stability of the service.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the secure operation of the website.

4. Data Storage & Security

All data is stored on our server and is only accessible to you when logged in. We do not use third-party cloud services for storing your personal data.

5. Data Retention

  • Account & observation data: Retained until you delete your account.
  • Contact form messages: Retained for up to 12 months, then deleted.
  • Server log files: Automatically deleted after 30 days.

6. Third-Party Services

The application connects to the following external services to provide functionality:

Astronomical data services

  • NASA JPL — solar system ephemeris data (no personal data is transmitted)
  • NASA APOD — Astronomy Picture of the Day images (no personal data is transmitted)
  • NASA SOHO/SDO — solar observation images from SOHO and SDO spacecraft (no personal data is transmitted)
  • NOAA SWPC — space weather data such as solar activity, geomagnetic indices, and solar wind (no personal data is transmitted)
  • CelesTrak — satellite orbital data for pass predictions (no personal data is transmitted)
  • VizieR / SIMBAD — star catalog and deep sky object data (no personal data is transmitted)
  • Sky Survey Services — deep sky survey images from DSS2, Legacy Survey, and PanSTARRS (no personal data is transmitted)

Maps and weather visualization

  • Open-Meteo — weather forecasts (only location coordinates are transmitted)
  • 7Timer! — astronomical seeing and transparency forecasts (only location coordinates are transmitted)
  • OpenStreetMap / CartoDB — map tiles for location selection (your IP address may be visible to the tile provider)
  • Windy.com — embedded satellite cloud cover map (your IP address may be visible to Windy.com)

Email delivery

  • SendGrid — email delivery for account notifications and the weekly digest (your email address is transmitted)

AI-powered features (opt-in)

  • OpenAI Whisper — audio transcription of observation notes (audio recordings you submit are sent to OpenAI for processing)
  • Anthropic Claude — AI-generated session summaries and digest introductions (observation data you choose to summarize is sent to Anthropic for processing)

AI features are only activated when you explicitly use them. No data is sent to AI providers without your action.

All other resources (fonts, icons, stylesheets) are hosted locally on our server. No external CDNs are used.

7. No Data Sharing

Beyond the third-party services listed above, we do not share, sell, or distribute your personal data to third parties. Data sent to external services is limited to the minimum necessary for their function.

8. Your Rights (GDPR Art. 15–21)

You have the right to:

  • Access (Art. 15) — request a copy of all data stored about you
  • Rectification (Art. 16) — request correction of inaccurate data
  • Erasure (Art. 17) — request deletion of your account and all associated data
  • Restriction (Art. 18) — request restriction of processing
  • Data portability (Art. 20) — receive your data in a machine-readable format
  • Objection (Art. 21) — object to processing based on legitimate interest

To exercise these rights, please contact us.

9. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Kurt-Schumacher-Allee 4
20097 Hamburg
datenschutz-hamburg.de

10. Cookies

This application uses only essential cookies required for its operation. No tracking, advertising, or analytics cookies are used.

Cookie Purpose Type
.AspNetCore.Identity.Application Authentication — keeps you logged in Essential
.AspNetCore.Antiforgery.* Security — protects forms against CSRF attacks Essential

Legal basis: Art. 6(1)(f) GDPR — legitimate interest. Essential cookies do not require consent under § 25(2) TDDDG.

We also use localStorage (not a cookie) to remember your theme preference and cookie consent choice.

11. Contact

If you have questions about data protection, please contact us.