BlastLens Privacy Policy

Last updated: May 3, 2026

BlastLens is an educational simulator of the consequences of the use of nuclear weapons for the web version, Android, and iOS. The app is intended for journalists, researchers, educators, and users who want to better understand the scale of the consequences of the use of nuclear weapons.

BlastLens is not a game, is not intended for planning strikes, and does not provide instructions for causing harm, selecting targets, evading consequences, or taking practical action in emergency situations.

If you have questions about privacy, contact us at: support@blastlens.com.

1. Summary

BlastLens has no user accounts. We do not ask for a name, email address, phone number, address, documents, or payment details.

To operate the app, we process some technical data:

• the point selected by the user on the map and simulation parameters;
• IP address and browser or app information in technical server logs;
• technical data received by third-party services, such as Firebase and Mapbox;
• local app settings;
• anonymized data for our own advertising banners, such as whether a banner was shown or clicked.

In this Policy, “browser or app information” means technical HTTP request data, such as the User-Agent string and related technical headers.

We do not sell user data. We do not use third-party ad networks. We do not create user profiles for targeting.

2. Age restriction

BlastLens is intended for users aged 16+.

On first launch, the app shows an age confirmation screen and a warning about the nature of the content. We do not ask for a date of birth, do not verify age using documents, and do not send age to the server. Only the fact that the warning was accepted is stored locally.

3. Geolocation

The app has a “my location” button on the map. It is used only for convenience, so that the user can quickly move the map to their current area or city.

For this purpose, the app may request permission to access approximate device location. Precise location is not requested on Android. On iOS and in the web version, location accuracy depends on the operating system, browser settings, and permissions selected by the user.

In the web version, the standard browser geolocation mechanism is used. The user can limit or deny geolocation access in the browser or operating system settings.

We do not store device geolocation as separate user data. We do not create a movement history and do not track the user in the background.

Important: if the user taps the location button, moves the map, and selects that point as the detonation point, the app then treats it as the selected simulation point, not as the “user’s location”.

4. Data selected by the user in the app

For a simulation, the user selects:

• a point on the map;
• the country that produced the weapon;
• a delivery system or weapon;
• a warhead;
• the burst type;
• scenario parameters, such as MIRV mode and a step of the radiation consequences timeline.

The country that produced the weapon is not the user’s country and not the country of the selected point on the map.

To calculate consequences, the app sends the selected point coordinates, yield in kilotons, and burst type to the server. The server calculates damage zones and casualty estimates based on aggregated population density data.

Coordinates of the selected point may be rounded in the app before being sent to the server. This reduces the risk of accidentally sending overly precise coordinates if the user used the “my location” button.

Normal calculations are not stored in the database. Coordinates and scenario parameters are stored only if the user creates a scenario sharing link.

5. Scenario sharing links

The user may create a short link in the form /s/<id> to share a scenario.

When such a link is created, we store:

• a random link identifier;
• weapon ID;
• warhead ID;
• MIRV mode;
• burst type;
• latitude and longitude of the selected point;
• selected step of the radiation consequences timeline;
• view counter;
• creation date.

We do not store user data in such a scenario. In particular, we do not store: name, email, account, IP address, browser or app information, Firebase identifier, advertising identifier of the app, interface language, calculated damage zones, or calculated casualty estimate.

Damage zones and casualty estimates are recalculated when the link is opened.

Scenario sharing links are created with no fixed expiration by default. We reserve the right to periodically delete links that have not been opened for more than 12 months, in line with the principle of data minimization. At the time this Policy is published, automatic deletion of old links may not yet be enabled.

Because BlastLens has no accounts and does not connect a link to a specific user, we usually cannot confirm the authorship of a link or delete it as the “data of a specific user”. We may review requests about links for technical, legal, or ethical reasons.

6. Search for places on the map

If the user searches for an address, city, or landmark, the search text is sent to our server and then passed to the Mapbox search service.

We intentionally do not write search text to server logs because addresses and landmarks may contain sensitive information.

Mapbox receives the search text and request language, but does not receive the user’s IP address directly for search requests because the request goes through our server.

7. Mapbox map

BlastLens uses Mapbox to display maps, styles, tiles, labels, terrain, and other cartographic data.

When the map is loaded, the app may contact Mapbox directly. In this case, Mapbox may receive: the user’s IP address, browser or app information, information about the visible map area through requested tiles, map zoom level, Mapbox service events, a public Mapbox access key, and the referring page in the web version.

Mapbox processes this data according to its own terms and policies.

8. Firebase Analytics and Crashlytics

BlastLens uses Firebase Analytics in the web version, on Android, and on iOS. Firebase Crashlytics is also used on Android and iOS. In the web version, errors are sent through Firebase Analytics as error events.

The user can enable or disable analytics and error reports in the app settings.

We send our own events, for example: acceptance or rejection of the age warning; selection of the country that produced the weapon; weapon selection; MIRV mode change; calculation start; point set; opening or copying a scenario sharing link; opening a link that leads to a specific app screen; screen view; search performed; search result selected; and app error.

We do not send to Firebase: coordinates of the selected point, search text, name, email, phone number, or account data, because BlastLens has no accounts.

Some technical data may be collected by Firebase itself, such as device model, operating system version, app version, interface language, country based on IP address, Firebase installation technical identifier, and service events.

The Firebase installation technical identifier is created on the device and is needed for Firebase services to operate. It is not linked to a name, email address, or BlastLens account, and it can be reset by uninstalling the app or clearing app data.

When analytics is disabled, we block our own events and error reports at the app level. Some technical processing may still be performed by the third-party service as part of its own operation.

9. Our own advertising banners

BlastLens shows its own advertising banners loaded from our server. We do not use external ad networks.

When requesting a banner, the app sends: a local random advertising identifier, interface language, interface theme, banner placement, and banner format.

For advertising, we do not send: selected weapon, selected country that produced the weapon, selected point on the map, coordinates, simulation scenario, device model, operating system version, screen size, or arbitrary user parameters.

We count banner impressions and clicks. For this purpose, the database stores: advertising material ID, event type, local advertising identifier, anonymized technical fingerprint of the IP address, and event time.

The plain IP address is not stored in the advertising database. Instead, an irreversible technical fingerprint is stored, calculated using a random value that changes daily. This value is kept only in server memory and is not written to disk.

This approach lets us perform basic impression deduplication within one day and protect against abuse, but does not allow us to build a long-term user profile or track the user across days.

Currently, advertisers do not receive user data. If the advertising model changes in the future, we will update this Privacy Policy.

10. Technical server logs and abuse protection

Like most web services, our server may process technical request data: IP address, browser or app information, HTTP method and request path, HTTP status, response size, referring page, request time, and technical errors.

We do not write the request body to server logs. We do not write cookies or session data because BlastLens has no user sessions. For search requests, we do not write the search text.

The IP address is also used to limit the number of requests and protect against abuse. For this purpose, the IP address may be temporarily stored in server memory. These data are not stored in the database as a user profile.

Technical server logs are used for error diagnosis, security, and service stability. We do not use them to create user profiles or advertising targeting.

11. Local storage on the device

BlastLens stores some data locally on the device or in the browser: age warning acceptance and date, interface language, theme, units of measurement, map style, analytics setting, local advertising identifier, state of the “open in app” banner in the web version, local copy of the catalogue of countries, weapons, and warheads, and local copy of images.

On Android, iOS, and in the web version, these data are stored using operating system or browser mechanisms. This is needed for settings, faster loading, and fewer repeated requests to the server.

The local catalogue of weapons, countries, and warheads is a technical copy of public data from the server and does not contain personal user data.

BlastLens does not locally store simulation history, favorites, latest map points, or history of selected scenarios.

12. Cookies

BlastLens does not use cookies to track users.

In the web version, the app may use browser local storage for settings, local data copies, and the operation of third-party services.

13. Sharing data with third parties

We do not sell user data.

The app uses third-party services and infrastructure: Mapbox for maps, tiles, styles, place search, and map service events; Firebase / Google for analytics and error reports; and infrastructure providers for server hosting, website delivery, API operation, domain infrastructure, security, and monitoring.

These services may process technical data according to their own privacy policies.

14. International data transfers

BlastLens is available to users in different countries. Some third-party services and infrastructure providers may be located outside the user’s country.

This means that technical data, such as IP address, browser or app information, Firebase events, Mapbox map requests, and search requests, may be transferred to and processed in different jurisdictions.

We try to minimize the amount of such data and do not transfer more data to third-party services than is required for the app, map, analytics, error reports, and infrastructure protection to work.

15. Data deletion

Because BlastLens has no accounts, we usually cannot connect local data, calculations, or scenario sharing links to a specific user.

The user can delete local data by uninstalling the app, clearing app data in the operating system settings, or clearing site data in the browser.

Normal calculations are not stored on the server. Scenario sharing links are stored with no fixed expiration by default and are not connected to an author, so we usually cannot confirm who created a specific link.

If you have a question about a specific link or data, contact us at: support@blastlens.com.

16. Security

We use HTTPS to transmit data between the app, website, server, and third-party services.

We limit the number of requests, use abuse protection, and do not store request bodies in server logs. For advertising analytics, the plain IP address is not stored in the database and is replaced with an anonymized technical fingerprint.

Additional server-side protections are used, including web page security policies and limiting unnecessary data transfer between the app and the server.

Coordinates of the selected point may be rounded before being sent to the server to reduce the risk of accidentally sending overly precise location through simulation parameters.

No method of data transmission or storage can be absolutely secure, but we try to minimize the amount of data and avoid storing data that is not required for the app to function.

17. Educational and sensitive content

BlastLens shows the consequences of the use of nuclear weapons for educational and analytical purposes.

The app is not intended for planning strikes, selecting targets, causing harm, bypassing security systems, obtaining attack instructions, or obtaining practical recommendations for sheltering, survival, or action in emergency situations.

Calculations are approximate and shown as ranges. They should not be used as an exact prediction of real-world consequences.

18. Changes to this Policy

We may update this Privacy Policy if the app, server, third-party services, advertising model, or platform requirements change.

The current version is published inside the app or on the BlastLens website.

19. Contact

For privacy and data questions, contact:

support@blastlens.com