Data Privacy

Here is every byte the SkyTracker agent sends home, under what conditions, and how to audit or disable it. The agent is open source; everything described here is inspectable in the source tree.

When we send nothing

If your station is in Private mode (station.sharing: private in the config — the default), the agent makes no outbound connections to skytracker.ai. The only network traffic it generates is:

  • DNS / NTP (OS-level, nothing to do with SkyTracker)
  • Enrichment database fetches on first boot and once per week (ICAO-to-type CSV from wiedehopf's tar1090-db on GitHub)
  • OTA update checks against GitHub Releases for new agent versions (can be disabled with advanced.auto_update: false)

See Sharing Preferences for the full mode comparison.

When we send data

In Unlisted or Public mode, the agent batches aircraft sightings and sends them to api.skytracker.ai over HTTPS. Each batch looks roughly like this: 

POST https://api.skytracker.ai/api/v1/ingest
Content-Type: application/json
Authorization: Bearer <your-station-token>

{
  "station_id": "stn_abc123",
  "batch_start": "2026-04-19T15:00:00Z",
  "sightings": [
    {
      "icao": "a1b2c3",
      "ts":   "2026-04-19T15:00:02Z",
      "lat":  37.7749,
      "lon": -122.4194,
      "alt_ft": 36000,
      "speed_kt": 480,
      "heading": 90,
      "callsign": "UAL1234",
      "squawk": "1200"
    }
    // ...
  ]
}

What we explicitly do not send

  • Nothing outside aircraft sightings. No raw audio, no RF samples, no packet captures, no local network information.
  • No private user data from your device. Usernames, hostnames, connected Wi-Fi networks, other processes — none of it.
  • No IP-address-level personal data from your network. The backend sees your public IP when you POST (every HTTP client exposes this), but we do not log it, resolve it, or retain it with sightings.
  • No precise station location unless you chose to share it. In Public mode a general area is shown on the map; the precise coordinates are never displayed.

How to audit outgoing traffic

Because the agent is open source and the ingest is plain JSON over HTTPS, you can verify exactly what's going out.

Log every ingest batch

Set advanced.log_ingest: true in /etc/skytracker/config.yaml. The agent will write each outbound batch to its log at DEBUG level: 

sudo journalctl -u skytracker -f | grep ingest

Inspect with tcpdump

sudo tcpdump -A -s 0 -i any \
  host api.skytracker.ai and port 443

(You'll see TLS records, not plaintext — use a MITM proxy like mitmproxy for the cleartext version, which is what we do in development.)

Read the ingest code

In the open-source device agent, the ingest code lives in internal/platform/ingest.go. Every field that gets posted is right there.

Opting out

Two levels of opt-out:

  • Stop new data from flowing: switch the station to Private (station.sharing: private) and restart the agent. No further sightings are sent.
  • Delete historical data: on skytracker.ai, go to station Settings → Privacy → "Delete all sightings". This permanently removes everything previously ingested from that station.

If you want to delete your entire account, the same Settings page has an "Delete account" option, or email privacy@skytracker.ai.

Where the data goes after ingest

Sightings are stored in a TimescaleDB hypertable on our backend. They power:

  • Your station's live feed and history
  • Your lifer list and aircraft collections
  • The community rarity score (sightings are anonymized into regional frequency counts)
  • Tail-number stories that cross-reference sightings across stations

We don't sell sighting data. Aggregate, de-identified statistics may be exposed via the public API; individual sighting rows are only readable by the station owner and (for public stations) via the rate-limited public feed.