Privacy Policy

1. Who we are (Controller)

Data Controller: [Legal entity name that operates Airlert]
Jurisdiction: [State/Province and Country of registration]
Mailing address: [Street address, City, Region, Postal Code, Country]
Privacy contact: admin@airlert.app (optional: privacy@airlert.app)

2. Key points (plain-language summary)

• No accounts required: Airlert does not require an email address, phone number, or password to use the app.
• We use a pseudonymous identifier: Airlert generates a random identifier on first launch (client_id) to help run the app, prevent abuse, and support purchases. This identifier is linked to your activity within Airlert, but it is not your real-world identity.
• Your posts are public: If you submit a flight observation, it may be visible to other users. Please do not include sensitive personal information in posts.
• No ad tracking: We do not sell personal information and we do not share personal information for cross-context behavioral advertising.
• Deletion requests: You can request deletion of the data associated with your Airlert identifier. We generally process deletion requests within 30 days (with limited exceptions for security, fraud prevention, and legal obligations).

Airlert provides flight information for convenience only. Flight data may be delayed or inaccurate; do not rely on Airlert for safety-critical decisions.

3. Information we collect (and why)

3.1 Pseudonymous device/user identifier (client_id)

On first launch, Airlert generates a random UUID (a “pseudonymous identifier”) and stores it on your device. We use this identifier to operate the service and to link your activity within Airlert (for example, tying your posts to your chosen display name, supporting moderation/anti-abuse, and associating purchases handled via RevenueCat).

This identifier is not your advertising identifier (IDFA/GAID) and is not intended to reveal your real-world identity. However, it can still be considered “personal data”/“personal information” under many privacy laws because it can single out a device over time.

3.2 User-generated content (public posts) and display name

If you choose to post an update, we collect and store the content you submit so it can be displayed to other users and reviewed for moderation. This may include:

• A display name (alias) you choose
• Flight observation markers/status you select
• Short text you submit with an observation (if any)
• Timestamps and the flight instance identifier related to the observation

Your posts may be visible to other users. Please avoid posting sensitive information (such as phone numbers, email addresses, or government IDs). Even after deletion/anonymization by us, copies may persist if others have taken screenshots or reposted content.

3.3 Reports and moderation-related information

If you report content, we collect the information you provide (such as the reason/details of the report) and basic metadata needed to investigate and enforce community safety (for example, the pseudonymous identifiers involved and the post reference).

3.4 Purchases and transaction information (tips)

Airlert offers optional consumable “tip” purchases. Purchases are processed by Apple or Google (depending on your device) and managed in-app via RevenueCat. We and/or RevenueCat may receive purchase-related information such as:

• Purchase history/transaction status (e.g., whether a tip was purchased and when)
• Product interaction data related to purchase flows (e.g., taps/restore attempts within purchase screens)
• App-specific identifier used by RevenueCat (appUserID), which in Airlert is your client_id

We do not receive your full payment card details. Apple/Google handle payment processing under their own terms and privacy policies.

3.5 Device/diagnostic information from service providers

Airlert does not include third-party analytics SDKs for behavior tracking. However, certain service providers may process limited device/diagnostic data to provide their services, such as device model, OS version, locale, and related troubleshooting information. Examples include RevenueCat (for in-app purchases) and, if used, Expo Updates/EAS (for app delivery/updates).

3.6 Operational log data (e.g., IP address and request metadata)

Our servers and infrastructure may process log data such as IP address, device/user agent, timestamps, and request metadata for purposes like security, abuse prevention, rate limiting, and reliability. We do not use this log data for advertising or cross-app tracking.

3.7 Support communications

If you contact us (for example, by email), we will receive the information you provide, such as your email address and the content of your message. We use this to respond to you and to resolve issues (including privacy and deletion requests).

3.8 Flight lookup information

When you look up flights, we process the flight identifiers you enter or select in order to fetch and display flight status information. To improve performance and reliability, we may cache flight identifiers and flight status data on our servers. Airlert’s flight data provider is called server-side; we do not send your client_id to the flight data provider.

4. Information we do not collect

As of this policy’s “Last updated” date, Airlert is built to avoid collecting many common categories of data. In particular:

• No email address, phone number, or password is required to use Airlert
• No precise or coarse location data (we do not request location permissions)
• No contacts/address book data
• No photos, videos, or microphone recordings
• No advertising identifiers (such as IDFA/GAID) and no cross-app/cross-site tracking
• No third-party behavioral analytics SDKs embedded in the app for advertising purposes

5. How we use information

We use the information described above to:

• Provide core app functionality (show flight information and community observations)
• Operate and maintain the service (including debugging, reliability, and performance)
• Prevent spam and abuse, enforce community rules, and moderate content
• Process and manage optional in-app purchases (tips) and restore purchases where applicable
• Respond to support requests and privacy requests
• Comply with legal obligations and protect our rights, users, and the public

Legal bases (EEA/UK users)

If GDPR/UK GDPR applies, we generally process: (a) Airlert identifier + UGC for legitimate interests (operating the service, preventing abuse, moderation, security), (b) purchase-related processing to perform a contract with you (providing the purchase feature and entitlements), and (c) certain processing to comply with legal obligations.

6. How we share information

We share information only as needed to operate Airlert, comply with law, or protect rights and safety. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

6.1 Service providers (processors)

We use trusted service providers that process data on our behalf, such as:

• Supabase (backend hosting: database + server functions) – may process your client_id, display name, posts, reports, and operational logs.
• RevenueCat (in-app purchases management) – may process your client_id as an app user ID, purchase/transaction status, and limited device metadata (e.g., OS version, device model, locale) for purchase functionality.
• Apple App Store / Google Play (distribution and payments) – process purchases and related device/store information under their own policies.
• Expo Updates / EAS (if used for app delivery or over-the-air updates) – may receive device/network information such as IP address, device type, and OS version to provide update and delivery services.
• Website hosting provider (for airlert.app and this policy page) – may process IP address and standard web server logs when you visit our website. [Add host name, e.g., Vercel/Netlify/Cloudflare, if applicable]
• FlightAware (flight data provider) – receives flight identifiers from our servers to return flight status data. We do not send your client_id or other user identifiers to FlightAware.

6.2 Legal and safety disclosures

We may disclose information if we believe it is reasonably necessary to comply with a law, regulation, legal process, or government request; to enforce our policies; to detect, prevent, or address fraud and security issues; or to protect the rights, property, and safety of Airlert, our users, or others.

6.3 Business transfers

If Airlert is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and notice where required by law.

7. Data retention

We keep information only as long as needed for the purposes described above, unless a longer period is required or permitted by law. Target retention periods:

• Identifier / “client” records: retained while you use Airlert; may be removed or anonymized after 1–2 years of inactivity. Deletion requests are generally processed within 30 days.
• User posts/updates: retained until you request deletion; upon a valid deletion request, posts are deleted or anonymized/dissociated within 30 days (see Section 8).
• Reports/moderation records: retained for the duration of an investigation, enforcement action, or legal hold; may be retained longer where necessary for security and fraud prevention.
• Server/security logs (IP/request logs): typically rotated and deleted within 7–30 days, and in some cases archived up to 90 days for security and reliability.
• Purchase/transaction records: retained for 6–7 years to comply with accounting, tax, and legal obligations. Where feasible, we will dissociate these records from other identifiers after deletion requests, but we may retain required records.

8. Your choices & rights

8.1 Request deletion of your Airlert data (“Delete My Data”)

Airlert does not use email/password accounts. Instead, your activity is associated with your pseudonymous client_id. You can request deletion of the data associated with your Airlert identifier by contacting us at admin@airlert.app.

To protect you and prevent fraud, we may ask for reasonable information to verify your request and locate the correct data (for example, information available within the app). We generally process deletion requests within 30 days, subject to the exceptions below.

8.2 What happens to public posts when you request deletion

Upon a valid deletion request, we will delete and/or anonymize/dissociate your user-generated content so that it is no longer linked to your Airlert identifier. This may include removing your display name and removing or replacing the identifier associated with the content.

Limited exceptions may apply where retention is necessary for security, fraud prevention, dispute resolution, or to comply with legal obligations. If an exception applies, we will limit retention to what is necessary and disclose it in our records/policies.

8.3 Reset App / Clear Local Data (on-device)

Airlert may provide an in-app option such as “Reset App / Clear Local Data” to remove locally stored app data (for example, settings or cached values) and generate a new on-device identifier.

Important: Clearing local data on your device does not necessarily delete information already stored on our servers (such as posts you previously submitted). To delete server-side data, please use the deletion request method described above.

8.4 EEA/UK (GDPR/UK GDPR) rights

If you are in the European Economic Area (EEA) or the UK, you may have the right to:

• Request access to your personal data
• Request correction of inaccurate data
• Request deletion of your personal data
• Request restriction of processing
• Object to processing based on legitimate interests
• Request data portability (where applicable)
• Lodge a complaint with your local supervisory authority

You can exercise these rights by contacting us at admin@airlert.app. If we need additional information to verify and process your request, we will let you know.

8.5 California disclosures (CCPA/CPRA)

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. We do not knowingly collect sensitive personal information as defined by California law.

Categories of personal information we may collect (depending on your use of the app) include:

• Identifiers (such as a pseudonymous device/app identifier)
• Commercial information (purchase history for optional tips)
• User-generated content you submit (display name and posts)
• Internet/network activity information (such as IP address and request logs for security)

California residents may have rights to know/access, delete, and correct certain personal information. You can submit requests by contacting admin@airlert.app. We will not discriminate against you for exercising your rights.

9. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information. For example, data is generally transmitted over encrypted connections (HTTPS). However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. International transfers

Airlert and our service providers may process information in countries other than where you live. When we transfer personal data internationally, we take steps designed to provide appropriate safeguards, such as contractual protections (for example, data processing agreements and, where applicable, standard contractual clauses).

11. Children’s privacy

Airlert is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child provided personal information to us, contact admin@airlert.app and we will take steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date above and may provide additional notice as required by law (for example, in-app notice).

13. Contact us

For privacy questions or requests, email admin@airlert.app.
Mailing address: [Add your legal entity mailing address here]