بصيرة/Basira Privacy

Privacy Policy

Last updated: 2026-07-08

Basira is built on a simple principle: geographic analysis does not require knowing who you are. No accounts, no tracking cookies, no ads, no third-party analytics. This page explains — precisely and in plain language — what is actually collected when you use the platform, what is not, and where the data goes.

At a glance

  • No accounts, no sign-in — the platform works entirely without any identity.
  • No tracking cookies, no ads, no Google Analytics or anything like it. Measurement is in-house and self-hosted.
  • Your IP address is never stored — it is used in memory only to derive a country code, then discarded.
  • Your device location (if you allow it) stays inside your browser and is never sent to our servers.
  • Polygons you draw are sent to the server only to run the analysis; results are cached for at most one hour.
  • We fully honor the DNT (Do-Not-Track) signal — in the browser and on the server.

What we never collect

Basira does not collect or store any of the following:

  • Names, email addresses, phone numbers, or any account data — there are no accounts at all.
  • IP addresses — they are never written to any application record.
  • Raw browser User-Agent strings — reduced to a device class and a browser family only.
  • Cookies — the application sets no cookies in your browser, for tracking or anything else.
  • Browser fingerprints or cross-site tracking identifiers.
  • Full referrer URLs — we keep only the referring domain name (e.g. twitter.com), because full URLs can leak information.

What we measure

We run a small measurement system we wrote ourselves, hosted entirely on our own server. When a page is viewed, one row is recorded with the following fields — nothing more:

FieldWhat it contains
tsTime of the visit.
pathThe page path within the site.
refThe referring site's domain name only, if any.
countryA two-letter country code (e.g. SA) — derived from the IP address using a local database on our own server with no external calls; the address itself is then discarded.
deviceDevice class: desktop, mobile, or tablet.
browserBrowser family: Chrome, Firefox, Safari, Edge, Opera, or "other".
langThe interface language you chose (Arabic/English).
sessionAn ephemeral per-tab token (see the next section).

We also record anonymous usage events — such as "polygon drawn", "analysis completed", or "search" — with small metadata. When an analysis completes, the approximate location of the analyzed area is recorded (its center coordinates, size, and a simplified outline) — this describes the place that was analyzed, not you; in our statistics the area is attributed to the country it geographically sits in, not the visitor's country. Place-search text is also recorded as anonymous text so we can understand what people look for.

How measurement works

  • The per-tab token: your browser generates a random identifier stored in sessionStorage — not a cookie — which is gone forever the moment you close the tab. It cannot track you across visits or across websites.
  • Do-Not-Track: if DNT=1 is enabled in your browser, no measurement beacon is sent at all; and if one arrives anyway, the server discards it without recording anything.
  • Bots: crawler and bot traffic is filtered out and never recorded.
  • Storage: all measurement data lives in a single SQLite file on our own server. It is never sent to any cloud service or third party. Deleting that file is a complete forget.

Your drawings and analyses

When you draw an area on the map and request an analysis, the polygon is sent to our server for one purpose: running the analysis and returning the result. The result is cached briefly in server memory — keyed by a mathematical fingerprint of the polygon, not by your identity — for at most one hour, so the same area is not re-queried twice. The raw OpenStreetMap data fetched for it is cached for the same duration. After that it expires automatically.

Your device location

The "locate me" button uses your browser's geolocation API — only after your explicit permission — solely to move the map to where you are. Your location coordinates never leave your browser and are never sent to our servers. You can deny the permission without losing any other functionality.

Data sources our server contacts

Analyses rely on open data sources. These are contacted from our server, not from your browser — meaning your IP address is never exposed to any of them. They include:

  • Overpass API and Nominatim — OpenStreetMap data and place search.
  • Open-Meteo — climate and weather data.
  • NASA GIBS / HLS (Earthdata) and USGS — satellite imagery and terrain data.
  • OpenSky, Airplanes.Live, and AISstream — live aircraft and ship traffic.
  • RainViewer — precipitation radar.
  • WorldPop — population estimates.
  • Similar open-data services (such as NASA FIRMS for wildfires and OpenAQ for air quality).

What reaches these services is the coordinates of the area being processed, associated with our server's address — not yours.

Map tiles loaded by your browser

The one exception is basemaps and some imagery overlays: their tiles load directly from your browser — as with any web map — so those hosts see a standard browser request that includes your IP address and the requested tile coordinates (that is, roughly which part of the world you are viewing). These hosts are:

  • Carto (basemaps.cartocdn.com) — the light and dark basemaps.
  • OpenStreetMap and OpenTopoMap — alternative basemaps.
  • Esri / ArcGIS (arcgisonline.com) — satellite imagery.
  • NASA GIBS, RainViewer, OpenSeaMap, and Global Forest Watch — optional overlays, loaded only if you enable them.

Each operates under its own privacy policy. We pass them no identifier of ours, and our referrer policy limits what they receive to the site origin only.

Preferences stored in your browser

Your preferences — light/dark theme, basemap, and language — are kept in localStorage inside your browser only, and are never sent to our servers. You can clear them at any time from your browser settings, with no trace left on our side.

Retention

  • Cached analysis results: expire within one hour at most.
  • Aggregate measurement records: kept to understand long-term usage. Because they contain no IP addresses, no names, and no persistent identifier, they cannot be linked to any specific visitor once the tab session ends.
  • Web-server logs: like most websites, the front-end web server keeps standard access logs for security and troubleshooting; these are rotated and deleted on a routine schedule.

Your rights

If you are in the EU or a region with similar legislation (such as the GDPR), you have the rights of access, rectification, erasure, restriction of processing, objection, and data portability, and the right to lodge a complaint with your local supervisory authority.

By design, we hold no identifier linking our records to any specific person — so most of these rights are satisfied automatically: once your tab closes, we have no data that could be "yours". The legal basis for the aggregate data we do process is legitimate interest (Article 6(1)(f)) in operating, securing, and understanding the use of the service. If you have any request concerning your data, write to us and we will do our best to help.

Changes to this policy

Whenever this policy changes, we update the "last updated" date at the top of the page, and material changes are noted in the changelog. Continued use of the platform after an update means you have seen the new version.

Contact

For any privacy question or request: contact@basira.earth