Privacy Policy

1. Introduction

Welcome to Flight PA. This Privacy Policy explains how Joshua Williams trading as JJW Apps ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use the Flight PA mobile application (the "App").

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy regulations.

By using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the App.

2. Data Controller

The data controller responsible for your personal data is:

Joshua Williams t/a JJW Apps

Email: support@jjwapps.com

3. Information We Collect

We collect the following categories of personal data:

3.1 Account Information

When you create an account (available with a premium subscription), we collect:

• Email address - used for account authentication, communication, and account recovery
• Password - securely encrypted and used solely for account authentication

3.2 Flight Data

When you use the App to track flights, we collect flight information that you manually enter, including flight numbers, dates, times, and airline information. This data is used to provide you with live flight status updates and notifications.

3.3 Device and Technical Data

We automatically collect certain technical information when you use the App:

• Device identifiers - unique identifiers assigned to your device
• IP address - your internet protocol address
• Crash logs and diagnostics - technical information about app errors and performance (see Section 6.6 Sentry)

3.4 Analytics Data

We use analytics services to understand how users interact with the App. This includes information about app usage patterns, feature engagement, and general usage statistics. See Section 6 for details on specific analytics services.

3.5 Data We Do Not Collect

We do not collect location data, biometric data, financial information, advertising identifiers, or any other sensitive personal data beyond what is described in this Privacy Policy.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

4.1 To Provide Our Services

• Create and manage your user account
• Authenticate your identity when you log in
• Process and display your flight information
• Provide live flight status updates
• Send push notifications about flight changes (premium feature)
• Back up your flight data to the cloud (premium feature)

4.2 To Improve and Maintain the App

• Diagnose and fix technical issues
• Analyse usage patterns to improve features
• Monitor and enhance app performance
• Develop new features and services

4.3 To Communicate With You

• Respond to your support requests and inquiries
• Send important notices about the App or your account
• Notify you of changes to our terms or policies

5. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Contract Performance - Processing necessary to provide you with the App and its features as part of our agreement with you
• Legitimate Interests - Processing necessary for our legitimate interests in improving and securing the App, provided these interests do not override your rights
• Consent - Where required, we will obtain your consent before processing (e.g., for push notifications)

6. Third-Party Services

We share your personal data with the following third-party service providers who assist us in operating the App. These providers are contractually obligated to protect your data and may only use it for the purposes we specify:

6.1 Firebase (Authentication & Database)

We use Firebase for user authentication, cloud database services (Firestore), and cloud storage. Your account data and flight information are stored securely on Firebase servers located in the EU (europe-west1 region). For more information, see Google's Privacy Policy and the Firebase Data Processing Terms.

6.2 Firebase Analytics

We use Firebase Analytics to understand how users interact with the App. Firebase Analytics collects:

• App usage events (e.g., screen views, button taps, feature usage)
• Screen views and navigation patterns
• User properties (e.g., subscription status, app version)

No advertising identifiers are collected. For more information, see Google's Privacy Policy. You can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.

6.3 PostHog

We use PostHog for product analytics and session replay to understand feature usage and improve the App. PostHog data is stored in the EU (eu.i.posthog.com). PostHog receives:

• Feature usage events
• User ID (for authenticated users)
• App lifecycle events
• Screen views and touch interactions (autocapture)
• Session replay recordings (all text inputs and images are masked for privacy)
• Network request metadata (URLs and status codes, not request/response content)
• Feature flag evaluations (used for product improvement, not advertising)

Session replays mask all text, images, and embedded content for privacy. For more information, see PostHog's Privacy Policy.

6.4 RevenueCat

We use RevenueCat to manage subscriptions and in-app purchases. RevenueCat receives:

• Your user ID (for subscription entitlement verification)
• Subscription status and purchase history

RevenueCat does not receive your email address. For more information, see RevenueCat's Privacy Policy.

6.5 Expo Push Service

We use Expo's push notification service to deliver flight update notifications. Expo receives:

• Push notification device tokens

Device tokens are used solely for flight update delivery. For more information, see Expo's Privacy Policy.

6.6 Sentry

We use Sentry (sentry.io) for crash reporting, performance monitoring, and session replay. Sentry receives:

• Your user ID
• For authenticated accounts, your email address (to correlate crash reports)
• Device type, operating system, and app version
• Error stack traces and performance metrics

Session replays mask all text and images for privacy. Sentry data is processed in the EU (Frankfurt). For more information, see Sentry's Privacy Policy.

7. Data Storage and Security

7.1 Data Location

Your personal data is stored on secure servers located in:

• European Union - User account data, flight information (Firebase europe-west1), crash reports (Sentry Frankfurt), analytics and session replay data (PostHog EU)
• United States - Feedback and support files (with appropriate safeguards)

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the relevant authorities.

7.2 Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of user credentials using Google Cloud Identity Platform
• Secure access controls via Firebase Security Rules
• User flight data accessible only to the individual user and authorised administrators
• Regular security reviews and updates

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data - Retained while your account is active and deleted immediately upon account deletion
• Flight data - Retained while your account is active and deleted immediately upon account deletion
• Analytics data - Retained in anonymised form for up to 26 months
• Support correspondence - Retained for up to 3 years to assist with ongoing support and legal compliance

We may retain certain data for longer periods where required by law or to establish, exercise, or defend legal claims.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access - Request a copy of the personal data we hold about you
• Right to Rectification - Request correction of inaccurate or incomplete data
• Right to Erasure - Request deletion of your personal data
• Right to Restriction - Request restriction of processing of your data
• Right to Data Portability - Request your data in a structured, commonly used format
• Right to Object - Object to processing based on legitimate interests
• Right to Withdraw Consent - Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@jjwapps.com. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your rights have been violated:

• Website: https://ico.org.uk
• Telephone: 0303 123 1113
• Live chat: https://ico.org.uk/global/contact-us/live-chat
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Account Deletion

You can delete your account and associated data directly within the App through the account settings. Upon deletion:

• Your account and all associated personal data will be permanently and immediately deleted
• This action is irreversible - your data cannot be recovered after deletion
• Any active subscriptions must be cancelled separately through Apple App Store or Google Play Store
• Certain data may be retained where required by law

You can also request account deletion online without needing to reinstall the App.

11. International Users

11.1 Users in the European Economic Area

If you are located in the EEA, the processing of your personal data is governed by the EU GDPR, and you have all rights described in Section 9 above.

11.2 Users in California, USA

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information is collected and how it is used
• The right to delete personal information
• The right to opt-out of the sale of personal information
• The right to non-discrimination for exercising your rights

We do not sell your personal information.

12. Children's Privacy

The App is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@jjwapps.com, and we will take steps to delete such information.

13. Push Notifications

With your consent, we may send push notifications about flight updates and other relevant information. You can manage notification preferences in your device settings or within the App at any time.

14. Apple Privacy Manifest

Our iOS app includes an Apple-required privacy manifest declaring all system APIs accessed and data types collected, in compliance with Apple's App Store requirements. This manifest provides transparency about the technical data access required for the App to function.

15. Business Transfers

In the event that we are involved in a merger, acquisition, reorganisation, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice within the App of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Any successor entity will be bound by the terms of this Privacy Policy until such time as they notify you of changes in accordance with Section 16 below.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by:

• Posting the updated policy within the App
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification for significant changes (if you have an account)

We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Joshua Williams t/a JJW Apps

Email: support@jjwapps.com

We aim to respond to all enquiries within 30 days.