Privacy Policy

Overview

This policy explains what data Stellara handles, why it handles it, and how it is shared when you use the site. It applies to the Stellara website, accounts, community features, observing tools, and AI assistant.

Who we are

Stellara is an amateur astronomy planning tool built by one person and operated from Italy. For privacy questions or data requests, email stellara.data@gmail.com.

What data we collect

Account and profile data

When you create an account, Stellara stores your email address, username, display name, avatar, banner, bio, badges, role, and timestamps such as when the profile was created or updated. This is used to create your account, show your profile, and run community features. The legal basis is contract performance for the account itself, and legitimate interest for moderation, fraud prevention, and service security.

Session and sign-in data

Stellara stores sign-in and session data such as auth cookies, refresh cookies, session cookies, refresh attempts, and related browser storage keys used to keep you signed in. If you use Google sign-in, your Google sign-in token is also sent to Google for verification. This data is used to authenticate you and protect the account. The legal basis is contract performance and legitimate interest in account security.

Community data

If you post on Stellara, the platform stores your posts, comments, likes, uploaded images, telescope, lens, camera, and moderation-related fields such as reports or deletion records. This is used to display your content, run the community, and handle abuse reports. The legal basis is contract performance for the community service and legitimate interest for moderation and abuse prevention.

Saved observing locations

Stellara stores saved observing locations in your account, including labels, display names, latitude, longitude, provider, place ID, notes, and timestamps. The assistant and weather tools can also keep a local browser copy of the currently selected location for convenience. This is used to show local weather, sky conditions, light pollution, and astronomy data for your chosen site. The legal basis is contract performance when you save a location, and legitimate interest for keeping the tools practical to use.

AI assistant data

If you use the assistant, Stellara stores your telescope, experience level, usage counters, chat thread identifiers, and chat messages. The assistant request also includes your message, recent chat history, and, when available, your location, timezone, and local sky context such as cloud cover, seeing, transparency, moon phase, moon altitude, Bortle estimate, and best observing window. This is used to generate replies, keep conversations coherent, and apply free or Pro usage limits. The legal basis is contract performance for the assistant feature, and legitimate interest for abuse prevention and reliability.

Notifications and push subscriptions

Stellara stores notification preferences, in-app notifications, read state, global announcement dismissals, and web push subscription details such as endpoint, key material, user agent, and device fingerprint. This is used to send notifications you asked for and to stop sending them to expired devices. The legal basis is consent for optional notifications, and contract performance for in-app notification records tied to your account.

Contact and support data

If you use the contact form, Stellara sends your name, email address, subject, and message by email so the request can be answered. If you enable the optional support widget, Tawk.to may receive support-related data and any message you send through that widget. The legal basis is consent when you send a support request, and legitimate interest in answering support and abuse reports.

Technical and security data

Stellara keeps technical records needed to run the site safely. This includes verification codes for protected admin actions, rate-limit and audit information, moderation logs, request metadata needed to detect abuse, and cache records tied to feature operation. The legal basis is legitimate interest in service security, fraud prevention, moderation, and troubleshooting.

How long we keep it

Different data stays for different lengths of time.

Account and profile data stays until you close your account or ask for deletion. Community posts, comments, likes, uploaded images, and profile media stay until you delete them, your account is deleted, or a moderator removes them. Saved observing locations stay until you remove them or your account is deleted. AI profile data and AI usage records stay while your account is active. AI chat messages stay until you clear the chat or your account is deleted. Notification preferences and push subscriptions stay until you change them, unsubscribe, the subscription becomes invalid, or your account is deleted. Verification codes for protected admin actions expire after 10 minutes or when they are used. Contact emails and moderation records are kept for as long as they are needed to answer the request, investigate abuse, or keep a record of security and moderation actions. The current codebase does not define one fixed automatic deletion timer for every moderation or audit record.

Who we share it with

Stellara uses third-party services to run features. Data is sent only when the feature needs it.

Supabase

Supabase receives account data, profile data, community posts and comments, uploaded media, saved observing locations, notification records, reports, push subscriptions, AI profile data, AI usage data, and AI chat data. It is used for authentication, database storage, and file storage.

Groq

Groq receives assistant prompts, recent chat history, telescope, experience level, display name or username context, timezone, and, when available, observing location details including raw coordinates and current sky context. It is used to generate AI assistant replies.

Open-Meteo and 7Timer

These services receive raw coordinates when you request weather or observing forecasts. Open-Meteo geocoding also receives place search queries. They are used for forecast, cloud, temperature, and seeing or transparency related data.

AstronomyAPI

AstronomyAPI receives raw coordinates, date, and time when Stellara requests body positions, moon phase visuals, or local star chart images. It is used for astronomy calculations and generated astronomy images.

sunrise-sunset.org, Meteosource, ipgeolocation.io, Nominatim, and maps.co

These services are used as fallback or support providers for astronomy lookups, weather lookups, or place search. When those code paths are used, they may receive raw coordinates or place search text.

Google

If you sign in with Google, Stellara sends the Google sign-in token to Google for verification.

Tawk.to

If you allow the optional support and marketing category in the cookie controls, Tawk.to is loaded for the support widget. It may receive browser data and any support message you choose to send through the widget.

Vercel

If the site is running on the Vercel production host, optional Vercel analytics and speed-insights scripts may receive performance and browser request data. The codebase also uses Vercel for hosting.

Stripe

Stripe billing code exists in the codebase, but billing is not yet active. No live general-user billing flow is currently described by the public UI. If billing is activated later, users will be notified before any charge is made.

The codebase names these services, but it does not store a ready-made list of provider privacy-policy URLs. You can find each provider's current policy on its own website.

Your rights

If you are in the EU or EEA, you can ask for access, correction, deletion, export, or objection to processing, and you can ask for processing to be restricted where the law allows it. If you are in California, you can ask what personal information is collected, ask for deletion, and ask whether data is sold. Stellara does not sell personal data, so a separate Do Not Sell request is not needed. All users can ask to close their account and delete their data by emailing stellara.data@gmail.com. Include the email address and username tied to the account so the request can be matched safely.

Children

Stellara is not for children under 13 anywhere in the world. We do not knowingly allow under-13 accounts. If we learn that an account belongs to a child under 13, we will remove the account and related data. If you believe an underage account exists, report it at stellara.data@gmail.com.

Data security

Stellara uses authentication, validation, moderation controls, rate limiting, and other reasonable security measures. No website can promise perfect security, and we cannot guarantee that a third-party provider, hosting service, or internet connection will never fail.

International transfers

Stellara is operated from Italy, but some processing may happen in other countries through third-party providers such as Supabase, Groq, Open-Meteo, 7Timer, AstronomyAPI, geocoding providers, Tawk.to, Google, or Vercel. That means your data may be processed outside the country where you live.

Cookies

Stellara uses cookies and browser storage for login, preferences, consent, assistant convenience features, and optional support tooling. See the Cookie Policy for details.

Changes to this policy

If this policy changes in a material way, Stellara will notify account holders by email before the change takes effect, where that is practical.

Contact

For privacy questions, rights requests, or underage-account reports, email stellara.data@gmail.com.