Overview
OnSun helps you plan appliance usage around expected solar production. The app is designed to run primarily on your device, and we do not provide user accounts. We do not use third‑party advertising SDKs, we do not track you across other apps or websites, and we do not sell your personal data.
OnSun is free to use, with an optional paid (Pro) subscription. To keep the free tier sustainable, the app can show promotional content and affiliate offers from third parties, shown primarily to users on the free plan. To choose which offers are relevant, we use a limited set of information, mostly your country, language, subscription status, and app‑usage statistics (such as how much you have saved and which appliance categories you use), much of it in aggregate form. We do not share this information with the offer or affiliate partners themselves. See “Promotional content and affiliate offers” below.
If you are reviewing this for App Store / Google Play disclosure, the data processed externally is: your location coordinates (to fetch forecasts and an optional place label), a per‑install client identifier and IP address (for rate limiting and standard networking), your country, language, and subscription status, app‑usage statistics (in aggregate), interactions with promotional content (which offers were shown, tapped, or dismissed), and crash / diagnostic data (error message and stack trace, with no IP address or device identifier attached). We do not collect your name, email, contacts, photos, or payment card details.
What data we process
The table below describes what we process, why, and where it goes.
| Category | Examples | Purpose | Stored / Shared |
|---|---|---|---|
| Precise location | Latitude, longitude | Fetch solar forecast for your site; obtain an optional place label | Stored locally in app settings. Sent (at full precision) to our forecast proxy and to the reverse‑geocoding provider as described below. Our forecast proxy does not store your precise coordinates (see “Aggregate geo analytics”). |
| Location label (optional) | City/suburb/country label derived from coordinates | Display a human-readable location | Stored locally. Retrieved via reverse geocoding (see “Third parties”). |
| Country | Country code derived from your location (e.g. AU, BR), or your device region if no location is set | Set your default currency on‑device; and select region‑relevant promotional/affiliate offers | Used on your device for currency. The country code is also sent to our insights service (to choose relevant offers) and is stored there alongside aggregate usage and offer‑interaction records. It is not your precise location. |
| Language | Language/region tag (e.g. en-AU, de) |
Formatting (dates, numbers); reverse‑geocoding language; serving offers in your language | Used locally; sent via Accept-Language to the reverse‑geocoding provider and to our insights service, where the primary language subtag is stored with aggregate usage and offer‑interaction records. |
| Subscription status | Whether you are on the free or Pro plan | Enable Pro features; tailor forecast frequency; decide whether to show promotional content | Determined on‑device from your App Store / Google Play purchase. Sent to our forecast proxy and insights service so the right tier of service and offers is provided; stored there only in aggregate (not against your identity). |
| App‑usage statistics | Estimated money saved, solar energy used (kWh), number of appliance runs, the categories of appliance you use (e.g. dishwasher, EV), appliance count, installed solar capacity, and basic in‑app engagement counts | Select relevant offers; product analytics and capacity planning | Sent to our insights service and stored in aggregate form, grouped by date and country, not against your identity, and not joined to a stable identifier. Appliance names, schedules, and exact power profiles are not sent and remain on your device. |
| Promotional‑content interactions | Which offer was shown, tapped, or dismissed, plus country, language, platform, subscription tier, and a timestamp | Measure which offers are useful | Stored as anonymous event records on our insights service. No IP address is stored (not even a hashed one), and no stable device identifier is attached, so these records do not identify you. |
| Per-install identifier | Random client ID (UUID) | Rate limiting / abuse prevention for forecast requests | Stored locally; sent as X-Client-Id only to our forecast proxy. The proxy stores it only as a one‑way hash for up to ~48 hours and does not link it to your stored region. It is not sent to our insights service. |
| Network data | IP address, request metadata | Standard internet communication; rate limiting / security | Processed by our proxy, insights service, and hosting providers as part of serving requests. IP addresses are used only transiently for rate limiting (held for up to ~20 minutes, then automatically expired) and are not stored in our analytics or insights records. Our servers and hosting providers may record an IP address in short‑lived operational logs (see “Server logs and security” below). |
| Aggregate geo analytics | Approximate geographic region (~20 km area) derived from forecast request coordinates, subscription tier, plus a daily request count | Service analytics and capacity planning | Stored in a database on our hosting infrastructure. Coordinates are rounded to a ~20 km grid before storage and retained for up to 180 days; individual users cannot be identified from this data. |
| Crash / diagnostic data | Error message, stack trace, whether the error was fatal, plus the platform (iOS/Android) and app version | Detect, group, and fix crashes and stability problems | Sent to our crash‑reporting endpoint when the app hits an unexpected error, and grouped there by a fingerprint computed from the error and stack. We do not attach an IP address or any stable device identifier to these reports, and they are de‑duplicated (each crash type is sent at most once per 24 hours). Reports are used only for stability triage and are not linked to your identity or to the analytics described above. |
| App content (local) | Appliance names, schedules, run history | Provide the app’s features | Stored on your device. Names, schedules, and detailed history are not sent to our servers (only the aggregate usage statistics described above are). |
| In‑app purchases | Subscription entitlement state | Enable Pro features if purchased | Handled by Apple / Google. We do not receive payment card details. |
Location permissions
OnSun needs a location to generate solar forecasts. You can either:
- Use your device location when you choose “Use my location”, or
- Enter latitude and longitude manually in Settings.
Location is accessed only when you request it. We do not track your location in the background.
Promotional content and affiliate offers
OnSun is free to use, with an optional paid (Pro) subscription. To support the free tier, the app may show promotional content and affiliate offers from third parties, shown primarily to users on the free plan. To make these offers relevant rather than random, our insights service selects them using a limited set of information: your country and language, your subscription status, and your app‑usage statistics (for example, how much you have saved or which appliance categories you use), most of which is processed in aggregate.
- We do not share your data with the offer or affiliate partners. The selection happens on our own service. If you choose to tap an offer, you leave the app and open the partner’s website in your browser; from that point the partner’s own privacy policy and terms apply, and the partner may set its own cookies or identifiers.
- We may earn a commission if you take up an affiliate offer. This does not change the price you pay.
- No third‑party advertising SDKs and no cross‑app tracking. Offers are chosen by us, in‑app; we do not embed advertising networks and we do not build a profile of you across other apps or websites.
- We record which offers were shown, tapped, or dismissed (with country, language, platform, subscription tier, and a timestamp) to understand which offers are useful. These records are anonymous: no IP address and no stable device identifier are stored with them.
- You can turn off personalised offers for free in Settings → Notifications (where this control is shown), and Pro subscribers may see fewer or no offers. You can also dismiss individual offers at any time.
How we use and retain data
- Forecast requests: used to compute solar production estimates and scheduling recommendations.
- Local app data: schedules, appliance settings, and history remain on-device unless you delete the app.
- Rate‑limiting: counters are stored temporarily (short‑lived cache entries, up to ~20 minutes for IP‑based limits and up to ~48 hours for per‑install limits). Client identifiers used for rate limiting are stored only as one‑way hashes. IP addresses used for rate limiting are held transiently (up to ~20 minutes) and then automatically expire; they are not retained beyond that short window.
- Aggregate geo analytics: approximate geographic region (~20 km), subscription tier, and daily request counts are retained in a database for up to 180 days for capacity planning. This data is not linked to individual users.
- Aggregate impact statistics: anonymous, aggregate app‑usage statistics (grouped by date and country, not linked to any identifier or IP) are kept long‑term so we can report on collective impact, for example total energy shifted into daylight hours and money saved across all users.
- Promotional‑content interactions: the records of which offers were shown, tapped, or dismissed are anonymous (no IP address, no device identifier) and are retained for analytics. Because they do not identify anyone, we keep only what we need to understand which offers are useful.
- Crash / diagnostic reports: error messages and stack traces sent when the app hits an unexpected error are stored grouped by crash type, with no IP address or device identifier attached, and used only to fix stability problems. We keep them only as long as needed for stability triage.
We do not sell personal data, we do not use third‑party advertising SDKs, and we do not share your personal data with advertisers or affiliate partners.
Server logs and security
Like all internet services, our servers and hosting/infrastructure providers process your IP address and standard request metadata in order to deliver and secure the service. Our application access logs record the request method, path, response status and timing, but do not record your IP address. IP addresses may still be processed transiently at the hosting/network layer (for example in our provider’s edge or load‑balancer logs) and in the short‑lived rate‑limiting counters described above; these are retained only briefly under the provider’s standard log‑retention settings and are then deleted. We use this information only to operate, debug and secure the service, not to build a profile of you or to track you across other apps or websites.
Legal basis for processing
Where applicable (including for users in the UK, EEA and other jurisdictions that require a lawful basis), we process personal data on the following bases:
- Contract: processing necessary to provide the app and solar forecasting (e.g. location for forecasts, client ID for rate limiting).
- Consent: where you grant location or other permissions; you may withdraw consent via device settings or by uninstalling.
- Legitimate interests: operating and securing our services (e.g. IP and request metadata for security and abuse prevention); producing aggregate analytics; and selecting and measuring relevant promotional/affiliate content to support the free tier, in each case balanced against your rights.
- Legal obligation: where we must retain or disclose data to comply with law.
We do not rely on consent for processing that is necessary to perform our contract with you; we will only use your data beyond that with your consent or another valid basis. You have the right to object at any time, and free of charge, to the processing of your data for direct‑marketing‑style personalisation of offers. Where this right applies, you can exercise it directly in the app under Settings → Notifications (the “Personalised offers” control); you may also upgrade to Pro (Pro subscribers may see fewer or no offers) or contact us. Once you object, we stop personalising offers to you.
International transfers
Your data may be transferred to, stored in, or processed in countries outside your country of residence. Our forecast and reverse-geocoding providers (and their subprocessors) may operate in multiple jurisdictions. Where we transfer data from the UK or EEA to countries not deemed to provide adequate protection, we rely on appropriate safeguards provided by those service providers, including Standard Contractual Clauses (SCCs) or equivalent mechanisms where required by law.
We minimise data sent to third parties (e.g. coordinates and minimal identifiers) and do not transfer your personal data for purposes other than providing and securing the app.
Third parties
OnSun uses the following services to function:
- Open‑Meteo (forecast data). When you request a forecast, your latitude/longitude are sent (via our forecast proxy) to retrieve solar data. Open‑Meteo operates under its own terms and policies: https://open-meteo.com/en/terms.
-
OpenStreetMap Nominatim (reverse geocoding). When a place label is needed, your coordinates are sent to
nominatim.openstreetmap.orgto obtain a human-readable label. - Our forecast proxy & insights service (operated for us on cloud hosting). The forecast proxy relays forecast requests and keeps the aggregate geo analytics described above. The insights service receives your country, language, subscription status, and aggregate app‑usage statistics in order to select promotional/affiliate offers, and records which offers were shown, tapped, or dismissed. These are our own back‑end services; they do not pass your data to the offer or affiliate partners.
- Affiliate / promotional partners (third‑party offers). We do not send your data to these partners. If you tap an offer, you open the partner’s website in your browser, and from that point the partner’s own privacy policy and terms apply.
- Hosting/Infrastructure providers (to serve forecast proxy and insights requests). As with all internet services, requests include your IP address and standard request metadata.
- Apple App Store / Google Play (in-app purchases). Subscription purchases and entitlements are handled by Apple/Google.
These third parties are independent data controllers or processors under their own terms and privacy policies. OnSun does not control their practices, and we are not responsible for their handling of data. We encourage you to read their privacy policies and terms before using the app.
Data subject rights
Depending on your jurisdiction, you may have rights (e.g. access, correction, erasure, restriction of processing, data portability, objection, and the right to lodge a complaint with a supervisory authority). To exercise them or for questions, Contact us. Data stored only on your device can be removed by deleting the app.
California privacy rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, to request access to or deletion of it, and to opt out of its “sale” or “sharing”. We do not sell your personal information, and we do not share it for cross‑context behavioural advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). The categories of information we process and the purposes for which we use them are described in “What data we process” above; we do not use third‑party advertising SDKs and we do not build cross‑app profiles. We will not discriminate against you for exercising your rights. To make a request, Contact us.
Your choices
- You can disable location permission in your device settings and enter coordinates manually.
- You can turn off personalised offers for free in Settings → Notifications (where shown); Pro subscribers may see fewer or no offers; and you can dismiss individual offers in the app.
- You can delete the app to remove locally stored app data and reset the per‑install identifier.
- You can control notification permissions via your device settings.
Security
We take reasonable measures to protect data processed through the app and supporting services. However, no method of transmission or storage is 100% secure.
Children’s privacy
OnSun is not directed to children and we do not knowingly collect personal information from children. Where local law sets a minimum age for consent to data processing (for example, between 13 and 16 in parts of the EU/EEA), users below that age should only use the App with the consent or involvement of a parent or guardian.
Changes to this policy
We may update this policy from time to time. Changes will be posted on this page with an updated effective date.
Contact
If you have questions about this Privacy Policy:
Contact us