Privacy Policy

When you create a Sighted account we collect your email, username, and (optionally) a display name and avatar. When you file a sighting we collect the contents you submit: location, time, description, category, and any photos, videos, or notes you attach.

We strip GPS EXIF from uploaded photos before they reach long-term storage. We log standard request metadata (IP, user-agent, timestamp) for security and abuse prevention; those logs are rotated within 30 days.

• Show your sightings on the map and in search results.
• Send you transactional email (verification, password reset, near-me alerts).
• Detect spam, fraud, and abuse.
• Aggregate, anonymous statistics for research and the public Research API (no personal identifiers).

We do not sell your data, share witness contact info with third parties, or hand reports to governments or intelligence services. If we ever change that, we will tell you in advance and give you the right to delete your data first.

• Edit or delete any report you filed. Deletions are honored within 24 hours.
• Delete your account from Settings → Danger zone. All your reports, comments, and media are erased.
• Opt out of near-me alerts in Settings; we stop using your location for matching.
• Request a data export by emailing privacy@sighted.com.

The Sighted mobile app requests:

• Camera + Photo library — only when you attach media to a sighting.
• Location — to tag sightings with where you saw something. Background location is opt-in and used only to deliver near-me alerts you subscribed to.
• Notifications — to deliver alerts and moderation responses.

All permissions are revocable in your device settings.

Sighted runs on infrastructure provided by Railway (Postgres, Redis, app servers), Vercel (web hosting), Cloudflare (DNS, object storage), and Resend (transactional email). These vendors process data only on our instructions and under their own privacy terms.

Email privacy@sighted.com with privacy questions, data requests, or to report a concern.