1. Information We Collect
Account information: When you create an account, we collect your email address, name (optional), and phone number (optional). Passwords are hashed using bcrypt and never stored in plaintext.
Usage data: We collect information about how you interact with the Service, including pages visited, searches performed, listings viewed, and click-through actions.
Payment data: Payment processing is handled by Stripe. We do not store credit card numbers. We receive and store your Stripe customer ID and subscription status.
Device and log data: We collect IP addresses, browser type, and device information for security purposes (login monitoring, fraud prevention).
2. How We Use Your Information
We use your information to: (a) provide and maintain the Service; (b) send flight alerts and notifications you have opted into; (c) process payments; (d) detect and prevent fraud and unauthorized access; (e) improve the Service; (f) communicate about your account, including service announcements and security notices.
3. Information Sharing
We do not sell your personal information. We share data only with: (a) Stripe for payment processing; (b) Resend for transactional email delivery; (c) Twilio for SMS verification; (d) as required by law or to protect our rights.
4. Data Retention
Account data is retained for the lifetime of your account. Usage data and audit logs are retained for 2 years. You may request deletion of your account and associated data at any time (see Section 7).
5. Security
We implement industry-standard security measures including: encrypted data transmission (TLS), hashed passwords (bcrypt), short-lived access tokens with refresh rotation, two-factor authentication, account lockout protection, and security event audit logging.
6. Cookies
We use essential cookies and local storage for authentication (JWT tokens). We do not use third-party tracking cookies or advertising cookies. See our Cookie Policy for details.
7. Your Rights
Under GDPR, CCPA, and similar regulations, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Opt out of non-essential communications
To exercise these rights, contact [email protected] or use the account deletion feature in your security settings.
8. International Transfers
Your data may be processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.
9. Children
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
10. Changes
We may update this policy from time to time. Material changes will be communicated via email. Your continued use of the Service constitutes acceptance of the updated policy.
11. Contact
For privacy inquiries, contact [email protected].