Privacy Policy

Mast uses location and alert preferences only to show relevant flag status information, operate alerts, provide API access, and review reports about inaccurate information.

Mast is not an official government service. Source links may take you to third-party or government websites with their own privacy practices.

You can select a country and state manually. If you use browser location, your browser asks for permission first. Mast uses that location to estimate the relevant region and stores the selected country and state on your device.

Mast does not need precise ongoing location tracking to operate, and the app does not store a continuous location history in your browser.

Mast may store preferences in your browser, including your selected location, color theme, browser alert choices, email alert preference, SMS alert preference, and notification bookkeeping such as already-seen events.

You can clear this data through your browser settings. Clearing site data may reset Mast preferences and alert settings on that device.

Browser alerts require permission from your browser. If enabled, Mast uses browser notification features for local reminders while the app is open. Push notification delivery may store a browser-generated push subscription endpoint and related keys so Mast can deliver morning notifications to that browser.

Email alert preferences are stored by Mast when email delivery is configured. Mast uses the email address, selected location, and alert preferences to send morning updates when there is a flag order for the selected location. Each Mast alert email includes a link to a management page where the recipient can review saved Mast email alerts for that address, turn off selected alert locations, or unsubscribe from all Mast email alerts for that address.

SMS alert preferences may be stored by Mast when SMS delivery is configured. Mast uses the phone number, selected location, and alert preferences only for requested Mast text alerts and related opt-out handling.

If you report inaccurate flag information, Mast sends the selected location, your optional contact information, and your report text to the site operator for review.

API requests may include a license key and ordinary request metadata such as time, route, response status, IP address, and user agent. Mast may use that information to operate the service, diagnose issues, protect against abuse, count accepted and rejected API requests, and understand usage.

Accepted API requests may be associated with the developer account that owns the license key so the site operator can review account usage, troubleshoot integrations, and investigate abuse. Mast does not display full secret keys in admin request logs.

Mast may keep approximate unique visitor counts for public pages. These counts use a hashed visitor fingerprint derived from ordinary request metadata, such as IP address, browser user agent, and language header, to help avoid counting the same browser repeatedly within a day or month. Mast may also aggregate these counts by broad operating system, such as iOS, Android, Windows, macOS, ChromeOS, or Linux. When a visitor selects a state manually, chooses a state on the map, or permits browser location, Mast may also aggregate those counts by the selected or detected region so the operator can understand which regions are using the service. Mast uses these metrics to understand traffic, operate the service, and diagnose abuse or reliability issues.

When you use Mast's share controls, Mast may record an aggregate count of the share action by platform, such as copy link, Facebook, LinkedIn, X, Threads, email, or the system share sheet. Mast does not need to store the recipient, message text, or destination account for these share metrics.

Developer and admin account features may store account email addresses, subscription records, API license records, authentication state, and passkey public credential information. Mast does not need to store passkey private keys, and passwords should be stored only in protected derived form.

Mast may use an AI service to summarize public flag orders and extract titles, descriptions, and date ranges. The information sent for that purpose is source content about public flag orders, not your private alert preferences.

AI-generated summaries are reviewed through Mast's source and parser workflow where practical, but they can still be incomplete or wrong. Official source links remain the best place to verify details.

Mast includes page areas intended for sponsorships or advertising. Mast may show its own support messages, direct sponsor messages, or a controlled third-party ad placement, such as Google AdSense. Third-party ad services may set cookies or collect usage data according to their own privacy terms.

If Google AdSense is enabled, Google and its partners may use cookies, device identifiers, or similar technologies to serve ads, measure ad performance, limit repeated ads, detect abuse, and, where permitted, personalize ads based on your visits to Mast and other sites. You can manage Google ad personalization through Google's ad settings and your browser's cookie controls.

Email, SMS, hosting, push, analytics, AI, payment, or advertising providers may process limited service data on Mast's behalf when those features are configured.

Mast may publish public flag-order summaries and generated half-staff images to Mast social media pages through configured social publishing tools. These posts are based on public source information and do not include private alert subscriber details.

Mast keeps service records only as long as reasonably needed for the feature, operation, security, troubleshooting, legal, or business purpose involved. Some cached source data, event logs, API metrics, unique visitor metrics, API request logs, social post history, and account records may persist across deployments when persistent storage is configured.

For privacy questions, requests, or corrections, use the contact method published with the Mast project or site owner.