AstroNube

Home Tonight

Tools

• Lunar
• Glossary
• Suppliers

Dwarf 3

• Intro
• Reference
• Community

Articles

About

• About
• Affiliate
• Privacy
• Cookies

Light

Privacy Policy

Last updated 26 April 2026.

This document describes how Astronube collects, uses, stores and shares personal data. It is written to comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

If you only want to know what cookies and browser storage Astronube uses, the short version is on the Cookies page.

1. Who we are

Astronube is operated by Data Vision (the “controller”).

• Address: Kilbride, Co. Wicklow, Ireland
• Contact email: [email protected]
• Data Protection contact: Same as above

2. What data we collect

2.1 Data you choose to give us

• Account data — if you register or log in, we store your email address and a hashed password. Your password is never stored in plain text.
• Session log entries — when you log an astrophotography session against a target, we store the date, location name, lens, your subjective transparency / seeing / result rating, and any free-text notes you write.
• Custom targets — targets you add via the admin page (name, season, lens, exposure, etc.).
• Dwarf 3 community submissions — if you submit settings on the Dwarf 3 community page, we store the values you entered: target, exposure, gain, filter, EQ mode, optional Bortle / sky notes / image link or uploaded image, optional display name, optional rating and notes. The display name is the only field that could identify you, and it is optional.

2.2 Data we collect automatically

• Server logs — standard web-server logs that include the requesting IP address, user-agent, and request path. Used for debugging and abuse prevention.
• Rate-limit cache — the Dwarf 3 community submit endpoint stores your IP address ephemerally in a Redis key with a 24-hour expiry, used solely to limit submissions to 5 per IP per day. The IP is not stored in the application database.
• Affiliate click log — when you click a link on our Suppliers page or any other affiliate link on the site, we record the click in our database to measure interest and conversion: the supplier you clicked, the timestamp, the AstroNube page you came from, and an approximate region code (e.g. EN, FR) derived from your browser's Accept-Language header. We do not store your IP address. Once you reach the supplier's site, that site's own privacy policy applies.

2.3 Data we do not collect

• No analytics or tracking pixels.
• No advertising or marketing identifiers.
• No third-party cookies.
• No social-network buttons or embeds.
• We do not collect special-category personal data (health, biometric, political, etc.).

3. Browser storage

Astronube stores small amounts of data in your browser using localStorage so the app remembers your preferences across visits. None of this data is sent to our servers; it stays on your device. The full inventory is on the Cookies page.

Browser storage is set only after you accept it on the consent banner. If you decline, the app continues to work for the current session but your preferences will not persist after you close the tab.

4. How we use your data

• To provide the service — account login, saving session logs, displaying community submissions.
• To prevent abuse — rate-limiting Dwarf 3 community submissions, reviewing submissions before publication.
• To debug problems — server logs are reviewed when investigating errors.

We do not sell, rent or share your data with anyone except the limited third parties listed below.

5. Third parties

5.1 Google Fonts (Dwarf 3 pages only)

The Dwarf 3 community and reference pages load typefaces (Syne and DM Mono) from Google Fonts. When loaded, your IP address and User-Agent are sent to Google LLC. Google does not set cookies for font requests, but the request itself is a transfer of personal data to a US-based controller.

Google Fonts is loaded only after you accept it on the cookie banner. If you decline, the pages fall back to your operating system fonts and no request is made to Google.

5.2 Hosting provider

Astronube is hosted on OVHcloud (a French infrastructure provider with EU data centres). Server logs are processed on their infrastructure on our behalf within the EEA.

6. Legal basis (GDPR Art. 6)

• Contract (Art. 6(1)(b)) — for processing necessary to provide the service to a logged-in user (account, sessions, custom targets).
• Consent (Art. 6(1)(a)) — for browser storage of preferences, for Google Fonts, and for community submissions.
• Legitimate interests (Art. 6(1)(f)) — for server logs, rate-limit IP caching, and abuse prevention. The interest is operating a stable, non-abusive service; the impact on the user is low.

7. How long we keep data

• Account data: until you ask us to delete your account.
• Session logs and custom targets: linked to your account; deleted with the account.
• Dwarf 3 community submissions: retained indefinitely as a community resource. You can ask us to remove a specific submission you made — contact us at the email above.
• Server logs: 30 days, then deleted.
• Rate-limit IP cache: 24 hours, then auto-expired.
• Browser storage: stays on your device until you clear it; we cannot see or delete it.

8. Your rights under GDPR

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — have your data deleted (the “right to be forgotten”).
• Restriction — restrict how we use your data while a complaint is investigated.
• Portability — receive your data in a machine-readable format. The session log already supports JSON export from the app.
• Object — object to any processing based on legitimate interests.
• Withdraw consent — for any processing based on consent (you can revisit your cookie choice at any time via the “Cookie preferences” link in the footer).
• Complain — lodge a complaint with your national data protection authority. In Ireland this is the Data Protection Commission (dataprotection.ie); in the UK it is the ICO (ico.org.uk).

To exercise any of these rights, email [email protected]. We aim to respond within 30 days.

9. International transfers

Server data is processed within the European Economic Area. Google Fonts (Section 5.1) is the only deliberate transfer of data outside the EEA, and only if you accept it.

10. Security

Passwords are hashed with a per-user salt before storage. Sessions use signed cookies with the HttpOnly, Secure, and SameSite=Strict flags. Production traffic is served over HTTPS with strict transport security. We follow standard application-security practice, including a strict Content Security Policy on the main app to limit cross-site scripting risk.

11. Children

Astronube is not directed at children under 13 (or under 16 in some EU jurisdictions). We do not knowingly collect data from children. If you believe a child has submitted data, contact us and we will remove it.

12. Changes to this policy

If we change this policy materially we will update the “Last updated” date at the top and, for registered users, send a brief notice. Minor wording or formatting changes will be made silently.

13. Contact

For privacy questions, email [email protected].