Privacy Policy

1. Who We Are

Aerologue Ltd is the data controller responsible for your personal data.

For any questions or concerns about how we handle your personal data, please contact us at info@aerologue.com.

The supervisory authority for data protection in the United Kingdom is the Information Commissioner's Office (ICO). You have the right to make a complaint to the ICO at any time. Details can be found at ico.org.uk.

2. What This Policy Covers

This Privacy Policy applies to all personal data collected through:

• the Aerologue website at aerologue.com and aerologue.app;
• the Aerologue web application;
• any Aerologue mobile applications; and
• any communications between you and Aerologue, including email and support requests.

This policy does not apply to third-party websites, services, or applications that you may access through links within the Aerologue platform.

3. What Data We Collect

3.1 Account Data

Data you provide when you register:

• Email address
• Display name
• Password (stored in hashed form; never in plain text)
• Profile information you choose to provide (avatar, biography)

3.2 Location Data

• GPS location data from your device during active use
• Used to trigger geo-specific content (factoids and quizzes) and location-based features during flights
• Collected only when you are actively using the application and have granted permission

3.3 Usage Data

• Quiz responses, scores, and performance statistics
• Game interactions and scores
• Factoid interactions (views, dismissals)
• Feature usage patterns
• Leaderboard rankings and achievement progress
• Travel statistics (countries overflown, flights logged, distance tracked)

3.4 Device Data

• Device type, model, operating system and version
• Browser type and version, screen resolution
• IP address and unique device identifiers
• Language and timezone settings

3.5 Uploaded Documents

Travel documents you choose to upload to the Travel Wallet, which may include boarding passes, passport photo pages, visa documents, travel insurance policies, and itineraries. These are uploaded voluntarily.

3.6 Payment Data

If you subscribe to a premium tier or make purchases, we collect payment information necessary to process your transaction. We do not store full payment card details.

3.7 Communication Data

Records of communications between you and Aerologue, including support requests, feedback, and correspondence.

4. How We Collect Your Data

Directly from You

When you register, complete your profile, upload documents, respond to quizzes, set preferences, subscribe, or contact us.

Automatically

Device and browser information, IP address, usage data, location data (with your permission), and cookie data.

From Third Parties

Authentication providers (if social login is offered), analytics providers, and advertising partners.

5. Legal Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data:

Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your rights. Where we rely on consent, you may withdraw it at any time.

6. How We Use Your Data

Providing the Service

Account management, authentication, delivering core features (flight tracking, geo-quizzes, games, travel wallet, gamification), processing scores, leaderboards, and payments.

Improving the Service

Analysing usage patterns, identifying and fixing technical issues, conducting internal research and development.

Communicating with You

Responding to support requests, sending service-related notifications, and (with consent) marketing communications.

Legal and Compliance

Complying with legal obligations, enforcing our Terms of Service, and protecting rights and safety.

7. Who We Share Your Data With

We do not sell your personal data to third parties. We share data only with:

• Amazon Web Services (AWS) — Our cloud hosting provider, acting as a data processor under a data processing agreement.
• Analytics Providers — Aggregated and anonymised usage data to understand how users interact with the Service.
• Advertising Partners — Limited data (flight destination, broad region, ad interactions). We do not share directly identifying information with advertisers.
• eSIM Providers — Information necessary to fulfil eSIM orders through the Travel Wallet.
• Payment Processors — Data necessary to complete transactions (PCI-DSS compliant).
• Professional Advisors — Legal, financial, and professional advisors subject to confidentiality.
• Legal Authorities — Where required by law, regulation, or legal process.

8. International Data Transfers

Aerologue Ltd is based in the United Kingdom. Our primary infrastructure is hosted on AWS in the EU-West-2 (London) region.

Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including UK and EU adequacy decisions, Standard Contractual Clauses (SCCs), and Data Privacy Framework certification.

9. Data Retention

When data reaches the end of its retention period, it will be securely deleted or anonymised.

10. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Request correction of inaccurate or incomplete data.
• Erasure — Request deletion of your personal data in certain circumstances.
• Restriction — Request restriction of processing in certain circumstances.
• Data Portability — Receive your data in a structured, machine-readable format (JSON or CSV).
• Object — Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent — Withdraw consent at any time where processing is based on consent.
• Complain — Lodge a complaint with the ICO (ico.org.uk, 0303 123 1113).

To exercise any of your rights, contact us at info@aerologue.com. We will respond within one month.

11. Cookies and Similar Technologies

We use the following categories of cookies:

Essential Cookies

Authentication tokens, session identifiers, and cookie consent preferences. These are necessary for the Service to function and cannot be disabled.

Analytics Cookies

Help us understand how users interact with the Service. Placed only with your consent.

Advertising Cookies

Help deliver relevant advertisements and measure performance. Placed only with your consent.

You can manage cookie preferences through our cookie banner or your browser settings.

12. Location Data

Location data is collected only when you have granted permission and are actively using the application. We do not collect location data in the background.

Raw GPS coordinates are processed in real-time and are not stored persistently. Aggregated travel statistics are derived and stored in your profile.

You can disable location data at any time through your device settings or Aerologue account settings. Disabling location will prevent geo-triggered features from functioning but will not affect other features.

13. Travel Document Storage

Your uploaded documents are:

• Encrypted at rest using AES-256 encryption
• Encrypted in transit using TLS 1.2 or higher
• Accessible only to you through your authenticated account
• Not accessed or processed by Aerologue staff unless required for support at your request or by legal obligation

You have full control and can view, download, or delete your documents at any time.

14. ADS-B Flight Data

ADS-B (Automatic Dependent Surveillance — Broadcast) data is publicly broadcast by aircraft transponders and is not personal data. It relates to aircraft, not individuals. Your interactions with ADS-B data within the Service are recorded as usage data.

15. Advertising

Aerologue displays destination-based advertisements. Ad targeting is contextual (based on where you are going) rather than behavioural (based on tracking you across the internet).

You can manage advertising preferences in your account settings. Premium subscribers may reduce or remove advertisements entirely.

16. Children's Data

The Aerologue Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. Users aged 13–18 must have parental or guardian consent. If you believe we have collected data from a child under 13, please contact us at info@aerologue.com.

17. Security

Our security measures include:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Access controls restricted to authorised personnel
• Passwords salted and hashed; JWT token-based authentication via AWS Cognito
• AWS infrastructure with VPC isolation, security groups, and IAM roles
• Regular security reviews and dependency vulnerability scanning
• Data breach response plan with ICO notification within 72 hours

While we implement robust security measures, no system is completely secure. You are responsible for maintaining the security of your account credentials.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a revised effective date, sending an email notification, and/or displaying a notice within the Service. Your continued use after changes are posted constitutes acceptance.

19. Contact Us