Privacy Policy

1. Who We Are

FlightLeague is a mobile app and website for pilots, student pilots, travellers, and aviation enthusiasts to log flights and trips, build a profile, view route maps, study, track currency and airline loyalty, and access Pro features.

For UK GDPR and EU GDPR purposes, FlightLeague is the controller for personal data processed through our services unless a separate notice says otherwise. Our public privacy contact is hello@flightleague.app.

2. Scope

This policy covers personal data processed when you visit flightleague.app, create or use a FlightLeague account, use the mobile app, contact us, subscribe to paid features, upload photos or logbook scans, interact with other users, or use AI-assisted features.

It does not cover third-party websites, app stores, payment checkout pages, or services you access outside FlightLeague. Those third parties are responsible for their own privacy notices.

3. Data We Collect

Account and profile data

• Email address, authentication identifiers, login provider, and verification status.
• Name, display name, profile photo, bio, home airport, aviation experience, licence or traveller mode, favourite airline, social handles, and friend code where you provide them.
• Airline loyalty or frequent-flyer programmes you add, including airline, programme name, membership number, status tier, and any notes you record.
• Account settings, privacy preferences, blocked users, reports, and support messages.

Flight, trip, and social data

• Flights or trips you log, including airports, routes, dates, aircraft, airline, seat, duration, distance, notes, photos, currency or recency entries, and other fields you choose to add.
• Bucket-list or wishlist destinations and airports you save.
• Visibility choices such as public or private logging.
• Friend connections, comments, reactions, leaderboard participation, badges, challenges, and activity notifications.

Training, quiz, study, import, export, and AI data

• Lesson progress, quiz answers, XP, generated quiz content, FAA library and handbook study activity, analytics prompts, and training interactions.
• Flashcard decks, study sets, and spaced-repetition study data you generate or save.
• Logbook scan images and extracted flight details when you choose to use AI scanning.
• Flight or logbook data you import, including files you upload and the records extracted from them.
• Profile text you submit, such as names, bio, social handles, and flight notes, which may be screened by an AI provider for safety and policy compliance.
• Plain CSV, signed CSV, signed PDF, and share-card data generated from your flight records.
• Export verification data, such as verification links, file fingerprints, and certificate metadata, when you choose a signed export. Public verification pages never reveal your signature image.

Subscription and payment data

• Subscription tier, status, expiry, Stripe customer ID, Stripe subscription ID, purchase events, and billing metadata needed to provide Pro features.
• We do not store full card numbers or bank details. Payment details are handled by the payment provider.

Device, technical, and website data

• Device model, operating system, app version, push notification token if you enable notifications, IP address, request logs, security logs, and diagnostic information.
• Local app cache and session data stored on your device to keep the app responsive and maintain login state.
• Approximate or precise location only if a feature requests it and you grant permission. Flight routes created from airport entries are not the same as live device location tracking.

4. How We Use Data

• To create accounts, authenticate users, and keep sessions secure.
• To provide the app's core features, including flight and trip logging, route maps, dashboards, leaderboards, the social feed, currency and loyalty tracking, study tools, imports and exports, notifications, and Pro features.
• To screen submitted text such as names, handles, bios, and notes for safety, spam, and policy compliance, including with automated and AI-assisted checks.
• To process account deletion, privacy requests, support requests, abuse reports, and service notices.
• To detect, prevent, and investigate fraud, security incidents, misuse, spam, scraping, and policy violations.
• To maintain, debug, measure, and improve the service.
• To comply with legal obligations and enforce our terms.

We do not sell your personal data. We do not use your personal data for third-party advertising. We do not make automated decisions that produce legal or similarly significant effects about you.

5. Legal Bases

Under UK GDPR and EU GDPR, we need a lawful basis for each type of processing. The main bases we rely on are:

6. Processors and Sharing

We share personal data only where needed to run the service, comply with law, protect rights and safety, or with your direction. Depending on the feature used, our processors and service providers may include:

Some providers are based outside the UK or EEA. Where UK or EU transfer rules apply, we rely on adequacy regulations, standard contractual clauses, the UK international data transfer addendum, or another lawful safeguard.

We may also disclose data if required by law, court order, regulator, payment dispute, app store review, or to protect the rights, property, or safety of FlightLeague, users, or others.

7. AI Features

Many AI-assisted features are optional. If you use them, the input you provide, such as a logbook photo, flight details, loyalty details, or a study or quiz request, may be sent to an AI provider so the feature can generate an extraction, explanation, quiz, flashcard set, timing assessment, or analytics response.

In addition, certain text you submit, such as your name, social handle, bio, or flight notes, may be sent to an AI provider automatically to screen for safety, spam, and policy compliance before it is saved or shown to others. This screening is part of operating the service.

Flight timing estimates are always calculated using AI, even if you have turned AI features off. When you log a flight, only the flight's technical details, such as the departure and arrival airports, aircraft type, airline, flight number, route distance, and duration, are sent to the AI provider so it can estimate the expected duration and whether the flight was early, on time, or late. No personal data that identifies you, such as your name, email address, or profile, is sent as part of this calculation.

You are responsible for checking AI output before relying on it. Do not upload content that is highly sensitive, confidential, unlawful, or unrelated to the feature. AI output is not aviation, safety, legal, medical, tax, or professional advice.

8. Retention

• Account and profile data is kept while your account exists.
• Flight, trip, photo, comment, reaction, friend, loyalty, bucket-list, training, quiz, and study data is kept while your account exists unless you delete it earlier or change visibility where available.
• Deleted accounts are removed from active systems as soon as reasonably practical. Backups and security logs may persist for a limited period before automatic expiry.
• Payment, invoice, dispute, tax, and legal records may be kept for the period required by law or needed to resolve claims.
• Security and server logs are kept only as long as needed for security, debugging, abuse prevention, and legal protection.

Where we no longer need identifiable data, we delete it or anonymise it.

9. Your Rights

Depending on your location and the circumstances, you may have the following rights over your personal data:

To exercise your rights, email hello@flightleague.app with the subject "Privacy Request". We may need to verify your identity before acting on the request. We aim to respond within one calendar month unless the request is complex or an extension is legally permitted.

You can also delete your account from the app settings where available. Some data may need to be retained where required for legal, security, payment, or dispute reasons.

If you are in the UK, you can complain to the Information Commissioner's Office. If you are in the EU or EEA, you can contact your local data protection authority.

10. Security

We use technical and organisational measures designed to protect personal data, including authenticated access, database row-level security, encrypted transport, provider access controls, and limited administrative access.

No online service is completely secure. If you believe your account or data has been compromised, contact us immediately at hello@flightleague.app.

11. Children

FlightLeague is not directed to children under 13. Users under 18 should use the service only with permission from a parent or guardian. If you believe a child has provided personal data without appropriate permission, email us and we will take appropriate action.

12. Changes

We may update this policy as FlightLeague changes or legal requirements evolve. We will update the date above and, for material changes, provide reasonable notice where required.

13. Contact