Privacy Policy
Preflio ("the App") is operated by Václav Sedlatý - IT Consulting, registered in Slovakia ("we", "us", "our"). This Privacy Policy explains what data we collect, why, and how we protect it.
We take privacy seriously. Preflio is designed to work locally on your device wherever possible, and we collect only what is necessary to deliver the service.
1. What Data We Collect
Data stored locally on your device
The following data never leaves your device unless you use online features:
- Airport searches and recent airports — ICAO codes and city names you've searched, stored to power your recent airports list.
- Briefing history — Generated NOTAM briefings, stored locally for quick reference. Automatically deleted after 14 days.
- Bookmarked NOTAMs — NOTAMs you choose to save. Stored locally until you remove them.
- App preferences — Your settings (theme, display options). Stored locally.
Data processed when using online features
When the App connects to online services (for NOTAM retrieval, briefing generation, or account features), the following data is processed:
- Airport identifiers (ICAO codes) — Sent to our server to retrieve NOTAMs for the requested airport. We do not store your search history on our servers.
- NOTAM text — Raw NOTAM data retrieved from aviation data providers is processed server-side to generate plain-language briefings. NOTAM data is cached temporarily (up to 60 minutes) to reduce redundant requests and costs. Processed briefing translations are cached for up to 14 days, keyed by content fingerprint — these caches are not linked to your identity.
- Crash reports and diagnostics — If the App encounters an error, anonymised diagnostic data (device model, OS version, app version, stack trace) is sent to our crash reporting provider (Sentry). This data does not include your name, email, searches, or briefing content.
- Account information (Sign in with Apple) — If you choose to sign in, Apple provides us with a unique user identifier and, optionally, your email address (which you may choose to hide via Apple's relay service). We use this solely to manage your account, restore purchases across devices, and enforce access entitlements.
- Subscription and purchase data — Subscription status is managed by Apple through the App Store. We receive transaction receipts to validate your subscription state. We do not see or store your payment method details.
Data we do NOT collect
- We do not collect your location.
- We do not collect your name or personal details beyond what Sign in with Apple provides.
- We do not track your behaviour across other apps or websites.
- We do not use advertising SDKs or tracking pixels.
- We do not sell, rent, or share your personal data with third parties for marketing purposes.
2. Why We Process Data (Legal Basis)
Under the GDPR, we process personal data on the following bases:
- Contract performance (Art. 6(1)(b)) — Processing necessary to provide the service you requested (retrieving NOTAMs, generating briefings, managing your subscription).
- Legitimate interest (Art. 6(1)(f)) — Crash reporting and diagnostics to maintain app stability and fix bugs. Our interest in a stable product does not override your privacy, as this data is anonymised and minimal.
- Consent — Where required (e.g., optional Sign in with Apple). You may withdraw consent at any time by signing out or contacting us.
3. Third-Party Services
We use the following third-party services to operate Preflio:
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Apple (App Store, StoreKit, Sign in with Apple) | Authentication, subscriptions, purchase validation | Apple user ID, transaction receipts | apple.com/legal/privacy |
| Supabase | Backend infrastructure (database, server functions) | Account identifier, entitlement state, usage counts | supabase.com/privacy |
| Aviation Edge | NOTAM data retrieval | Airport ICAO codes (no user identity) | aviation-edge.com/privacy-policy |
| OpenAI | NOTAM text processing (server-side only) | Raw NOTAM text (no user identity attached) | openai.com/privacy |
| Sentry | Crash reporting and error tracking | Anonymised device info, OS version, crash data | sentry.io/privacy |
No third-party service receives your name, email, or search history. NOTAM text sent to OpenAI for processing is not linked to your identity and is sent via our server — it is never sent directly from your device.
4. Data Retention
| Data | Retention |
|---|---|
| Local briefing history | 14 days (auto-deleted on device) |
| Local bookmarks | Until you remove them |
| Local app preferences | Until you uninstall the App |
| Server-side NOTAM cache | Up to 60 minutes |
| Server-side briefing translation cache | Up to 14 days |
| Account and entitlement data | While your account is active; deleted upon request |
| Crash reports (Sentry) | Retained per Sentry's default policy (90 days) |
5. Your Rights (GDPR)
As a user in the European Economic Area, you have the right to:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Ask us to correct inaccurate data.
- Erasure — Ask us to delete your data ("right to be forgotten").
- Restriction — Ask us to limit how we use your data.
- Data portability — Receive your data in a structured, machine-readable format.
- Object — Object to processing based on legitimate interest.
- Withdraw consent — Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month of receiving your request. If your request is complex, we may extend this by up to two additional months, but we will inform you of the extension and the reason within the first month.
If you believe your rights have not been respected, you have the right to lodge a complaint with the Slovak Data Protection Authority (Úrad na ochranu osobných údajov Slovenskej republiky) or your local supervisory authority.
6. Data Security
We protect your data through:
- All network communication uses HTTPS/TLS encryption.
- API keys and secrets are stored server-side only — never in the app.
- Server infrastructure uses row-level security and access controls.
- We apply the principle of data minimisation: we only process what is necessary.
No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you and the relevant authorities as required by law.
7. International Transfers
Our backend infrastructure (Supabase, Sentry) may process data outside the EEA. Where this occurs, transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by the GDPR.
8. Children
Preflio is not directed at children under 18. We do not knowingly collect personal data from anyone under 18 years of age. If you believe a minor has provided us with personal data, contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. If we make material changes, we will notify you through the App or by email.
10. Contact
For any privacy-related questions or requests:
Email: [email protected]
Data Controller: Václav Sedlatý - IT Consulting, Slovakia