Privacy Policy

Last updated: 29 June 2026

FlyTracker ("we", "us") is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable national laws.

1. Data Controller

The data controller is the operator of FlyTracker, reachable at privacy@flytracker.eu.

2. Personal data we process

• Account data: email address, password (hashed), display name, profile slug, unit preferences.
• Flight log data: flights you log (date, route, airline, aircraft, seat, notes), wishlist, achievements.
• Technical data: IP address, browser, device, timestamps — for security and abuse prevention.

3. Purposes & legal bases

• Providing the service (Art. 6(1)(b) — contract).
• Security, fraud prevention, legal obligations (Art. 6(1)(c), 6(1)(f) — legal obligation, legitimate interest).
• Optional analytics & marketing cookies (Art. 6(1)(a) — consent, freely withdrawable).

4. Retention

Account and flight data is kept as long as your account exists. When you delete your account, all personal data is erased within 30 days, except where law requires longer retention (e.g. accounting records).

5. Recipients & processors

Your data is hosted within the EU/EEA on infrastructure provided by our backend processor (Supabase / AWS) under a GDPR-compliant Data Processing Agreement. We do not sell your data and do not transfer it outside the EEA without appropriate safeguards (SCCs).

6. Your rights

Under the GDPR you have the right to:

• Access your data (Art. 15)
• Rectification (Art. 16)
• Erasure / "right to be forgotten" (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20) — export available from Settings
• Object to processing (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with your national data protection authority (Art. 77)

You can exercise most rights directly from your Settings page, or by writing to privacy@flytracker.eu.

7. Cookies

See our Cookie Policy for the categories of cookies used and how to manage them.

8. Security

Data is encrypted in transit (TLS) and at rest. Access is protected by row-level security and audited.

9. Changes

We may update this policy. Material changes will be notified in-app.