Menu

Data Protection

1. Data Controller

The person responsible for data processing on this website is:

Matthias Wüllenweber
Huuskoppel 68c
22397 Hamburg

You can reach the data controller via the contact form.

2. Overview

Nightbase is a personal astronomy observation logger. We take your privacy seriously and collect only the minimum data required to provide the service. We do not use your data for advertising, analytics, profiling, or any other purpose.

3. Data We Collect & Legal Basis

a) Account registration

When you register an account, we store:

  • Email address and password (password is stored as a salted hash, never in plain text)

Legal basis: Art. 6(1)(b) GDPR — performance of a contract. The account is required to use the service.

b) Observation data

When you use the application, you may choose to store:

  • Observation sessions, notes, and photos
  • Equipment information
  • Observing locations and plans

Legal basis: Art. 6(1)(b) GDPR — performance of a contract. This data is the core purpose of the service.

c) Contact form

When you use the contact form, we store your name, email address, and message to process your enquiry.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in responding to user enquiries.

d) Server log files

When you access this website, your browser automatically transmits data such as IP address, browser type, and the page requested. This data is stored in server log files for the purpose of ensuring the security and stability of the service.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the secure operation of the website.

4. Data Storage & Security

All data is stored on our server and is only accessible to you when logged in. We do not use third-party cloud services for storing your personal data.

5. Data Retention

  • Account & observation data: Retained until you delete your account.
  • Contact form messages: Retained for up to 12 months, then deleted.
  • Server log files: Automatically deleted after 30 days.

6. Third-Party Services

The application connects to the following external services to provide functionality:

  • Open-Meteo — weather forecasts (no personal data is transmitted, only location coordinates)
  • NASA JPL — solar system ephemeris data (no personal data is transmitted)

All other resources (fonts, icons, stylesheets) are hosted locally on our server. No external CDNs are used.

7. No Data Sharing

Beyond the third-party services listed above, we do not share, sell, or distribute your personal data to third parties.

8. Your Rights (GDPR Art. 15–21)

You have the right to:

  • Access (Art. 15) — request a copy of all data stored about you
  • Rectification (Art. 16) — request correction of inaccurate data
  • Erasure (Art. 17) — request deletion of your account and all associated data
  • Restriction (Art. 18) — request restriction of processing
  • Data portability (Art. 20) — receive your data in a machine-readable format
  • Objection (Art. 21) — object to processing based on legitimate interest

To exercise these rights, please contact us.

9. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Kurt-Schumacher-Allee 4
20097 Hamburg
datenschutz-hamburg.de

10. Cookies

This application uses only essential cookies required for its operation. No tracking, advertising, or analytics cookies are used.

Cookie Purpose Type
.AspNetCore.Identity.Application Authentication — keeps you logged in Essential
.AspNetCore.Antiforgery.* Security — protects forms against CSRF attacks Essential

Legal basis: Art. 6(1)(f) GDPR — legitimate interest. Essential cookies do not require consent under § 25(2) TDDDG.

We also use localStorage (not a cookie) to remember your theme preference and cookie consent choice.

11. Contact

If you have questions about data protection, please contact us.