This Privacy Policy explains how Aerolytix ("we", "our", or "us") collects, uses, and protects your information when you use our mobile application (the "App").
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).
By downloading or using the App, you acknowledge that you have read and understood this Privacy Policy.
We collect only the information necessary to provide the core functionality of the App and to improve your experience.
When you create an account using email and password, we collect:
Authentication services are provided by Google Firebase, which securely processes login credentials on our behalf. We do not have access to your plaintext password.
To provide explorer categories and trophy validation features, we collect:
This data is used solely to provide app functionality.
We may request access to your device's location only while you are actively using the App. Location access is:
The App requests access to your precise location (GPS-level accuracy). Location data may be used to validate travel trophies, display nearby ATMs, and provide visa-related information. You may disable location access at any time via your device settings. We do not store continuous location history.
If you use the trip budgeting feature, we may collect estimated trip budgets and travel-related financial estimates entered manually by you. This is user-provided information only and is not connected to any bank accounts, payment cards, or financial institutions. We do not access or process banking credentials.
If you upload a boarding pass, the document is stored securely in Firebase Storage, accessible only to your account. Boarding passes may contain personal information such as your name, flight details, and travel document references. The following applies:
We do not retain any boarding pass data after automatic or manual deletion.
The App may request access to your device's camera and photo library for two specific purposes:
Boarding Pass Upload: You may use your camera to take a photo of a boarding pass, or select an existing image (such as a screenshot) from your photo library. The selected image is uploaded to your secure account storage as described in Section 2.5.
Tourist Attraction Recognition: The App includes a feature that allows you to photograph or select an image of a tourist attraction or monument. The image is analysed to identify the landmark and provide a brief description. This image is processed temporarily and is never uploaded to our servers or stored in any form. The image is discarded immediately once you navigate away from the screen or submit a new image for recognition.
In both cases, the following applies:
The App may request access to your device's contacts solely to make it easier for you to send friend invitations to people you know. Contact information is used only to pre-populate invitation fields within the App and is never uploaded to our servers, stored, or shared with any third party.
Importantly, friend connections within the App are made by searching for other users by their in-app username — not by matching contact details. We do not upload, scan, or process your contact list on our servers. Contact access is fully optional and may be declined or revoked at any time via your device settings without affecting your ability to use the App.
If you choose to subscribe to a paid plan, payment is processed securely via credit or debit card through the Apple App Store or Google Play billing systems, depending on your device platform.
For questions about billing, refunds, or payment disputes, please refer to your App Store or Google Play account settings.
We use Google Firebase Analytics to understand how users interact with the App. Firebase Analytics may automatically collect:
Under the GDPR, we must have a lawful basis for processing your personal data:
| Processing Activity | Legal Basis | Notes |
|---|---|---|
| Account creation & authentication | Contract performance (Art. 6(1)(b)) | |
| Travel tracking & trophies | Contract performance (Art. 6(1)(b)) | |
| Boarding pass storage | Contract performance (Art. 6(1)(b)) | |
| Location data | Consent (Art. 6(1)(a)) — you opt in | |
| Analytics & usage data | Legitimate interests (Art. 6(1)(f)) | |
| Legal compliance & fraud prevention | Legal obligation (Art. 6(1)(c)) | |
| Camera & photo library (attraction recognition) | Consent (Art. 6(1)(a)) — you opt in | Photos processed on-device only; never stored or transmitted |
| Device contacts access | Consent (Art. 6(1)(a)) — you opt in | Contact data used on-device only to pre-fill invitations; never uploaded |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your privacy rights. You may object to processing based on legitimate interests at any time (see Section 7).
We use collected data to:
We do not use your personal data for behavioural advertising or sell it to third parties.
We do not sell, rent, or trade your personal data. We may share information with trusted service providers strictly necessary to operate the App, including:
These providers act as data processors and are contractually obligated to protect your data. Google Firebase may share aggregated analytics data with Google for its own business purposes. We may disclose information if required by law or to protect our rights and safety.
We implement industry-standard safeguards, including:
Passwords are securely handled through Firebase Authentication and are not stored in plaintext.
Data Retention: Account data is retained while your account is active. Boarding pass documents are automatically deleted upon flight date expiry. Analytics data is retained per Firebase Analytics settings (typically 2–14 months). We retain personal data only as long as necessary to provide the service or comply with legal obligations.
If you are located in the EEA or other regions with applicable data protection laws, you have the right to:
To exercise these rights, please contact us at aerolytix.info@gmail.com. We will respond within the timeframe required by applicable law (typically 30 days under GDPR).
You may delete your account and associated personal data at any time directly within the App via the "Delete My Account" option in Settings, or by contacting us at aerolytix.info@gmail.com.
A web-based deletion request form is also available at: aerolytix.web.app/delete-account
Upon verified deletion request, we will delete your account information, profile data, and any boarding pass documents. Some analytics data may be retained in aggregated, anonymised form.
The App is not intended for children under 13 years of age (or 16 in some EEA countries). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at aerolytix.info@gmail.com.
The App uses the following third-party services:
For more information on how Google uses data from Firebase apps, see: policies.google.com/technologies/partner-sites
Your data may be transferred to and processed in countries other than your country of residence, including the United States, where Google Firebase's servers are located. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and compliance with the EU-U.S. Data Privacy Framework where applicable.
We may update this Privacy Policy from time to time. Updates will be reflected by revising the "Last Updated" date at the top. For material changes, we will provide additional notice via in-app notification or email prior to the change taking effect.
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:
Aerolytix
Email: aerolytix.info@gmail.com
For EEA Users: If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority. In Ireland, this is the Data Protection Commission (www.dataprotection.ie).