Privacy & Security First

End-to-End Encryption: Your sensitive travel data is encrypted on your device before being stored. Not even PuffinPilot can access your encrypted travel plans, notes, expenses, or documents.

Your Keys, Your Data: Your travel data is protected by your PIN and optionally by fingerprint or face unlock. We don't have access to your private travel information. When you share a travel with buddies, only those specific people can see that shared travel data.

EU Data Centers: All data is securely stored in EU data centers (self-hosted in Germany), ensuring compliance with strict European privacy regulations.

Information We Collect

Account Information: When you create an account, we collect your email address and name.

Travel Data (End-to-End Encrypted): All your travel plans, itineraries, notes, expenses, and related content you create in the app are encrypted on your device. We cannot access this encrypted data.

Location Data: With your permission, we collect location data to provide location-based features. This is optional and can be disabled in your device settings.

Device Information: We may collect device information including device type, operating system, and app version for troubleshooting and analytics purposes.

Usage Information: We collect information about how you use the app through analytics services (PostHog) to improve our service. This includes feature usage, session duration, and app interactions. No personal travel content is collected.

What We Can and Cannot Access

What We CAN Access (Non-Encrypted Metadata):

• Email addresses and account information
• Account creation dates and user IDs
• IP addresses (from server logs)
• Device types and operating system versions
• App usage patterns and feature interactions (via PostHog)
• Error logs and crash reports (via Sentry)
• Subscription status and billing information (via RevenueCat)
• Collaboration metadata (who shares travels with whom)

What We CANNOT Access (End-to-End Encrypted):

• Your travel plans, itineraries, and schedules
• Notes and personal travel content
• Expense details and financial information
• Uploaded documents and attachments
• Any other content you create within the app

How We Use Your Information

Provide Services: To create and manage your account, sync your encrypted data across devices, and provide the core functionality of PuffinPilot.

Improve Services: To understand how users interact with our app and improve features based on usage patterns and feedback.

Communicate: To send you important updates about the service, respond to your inquiries, and provide customer support.

Security: To detect and prevent fraud, abuse, and security issues.

Data Sharing and Third Parties

We do not sell your personal information. We only share data with trusted third-party services necessary to operate PuffinPilot:

Supabase (EU): Cloud database hosting for data synchronization. All travel data is encrypted before being stored in Supabase databases.

PostHog (EU): Product analytics to understand app usage and improve features. No personal travel content is collected, only usage patterns and feature interactions.

Sentry (EU): Error reporting and crash monitoring to improve app stability. Error reports do not include personal travel content.

RevenueCat: Subscription management and payment processing for our Explorer subscription plan.

Google and Apple Sign-In: Optional authentication providers for easy sign-in. Only basic profile information (name and email) is shared.

Crisp: Customer support chat widget on our website.

Legal Requirements: We may disclose your information if required to do so by law or in response to a valid legal request. Due to end-to-end encryption, we can only provide non-encrypted metadata such as account information, IP addresses, and usage logs. We cannot provide access to your encrypted travel content.

Business Transfers: In the event that PuffinPilot is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and provide options regarding your data.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website for analytics and to improve user experience. You can manage your cookie preferences through the cookie consent banner on our website. For more details, see our Cookie Policy.

Your Rights

Access: You can access all your data within the app at any time.

Export: You can export your data in standard formats (PDF, etc.) through the app.

Deletion: You can request deletion of your account and all associated data at any time through the app settings. Your data will be permanently deleted within 30 days.

Modification: You can update or correct your information at any time through the app.

Opt-Out: You can disable analytics and location services in the app settings. You can also manage cookie preferences on our website.

Data Retention

We retain your data for as long as your account is active. When you delete your account, we permanently delete your data within 30 days, except where we are required to retain it by law (such as for tax or legal compliance purposes).

Data Security

PuffinPilot takes security seriously and implements multiple layers of protection:

• End-to-end encryption for all sensitive travel data
• PIN and biometric authentication for device-level security
• Secure TLS connections for all data transmission
• EU-based data centers with strict security standards
• Regular security updates and monitoring

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach affecting your account, we will notify you within 72 hours via email. Due to end-to-end encryption, any breach would primarily affect non-encrypted metadata rather than your encrypted travel content. We will provide details about the nature of the breach and steps you can take to protect your account.

Children's Privacy

PuffinPilot is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under the age of 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@puffinpilot.app so that we can delete the information.

GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at privacy@puffinpilot.app.

CCPA Compliance (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to know whether we sell or disclose personal information
• Right to request deletion of personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

To exercise any of these rights, please contact us at privacy@puffinpilot.app.

International Data Transfers

Your data is primarily stored in EU data centers. Some of our service providers (such as RevenueCat for subscription management) may transfer data to other jurisdictions. We ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) where applicable.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we may also send you an email notification. Your continued use of PuffinPilot after any such modifications constitutes acceptance of the new Privacy Policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@puffinpilot.app
• General Inquiries: hello@puffinpilot.app
• Support: Contact Support

PuffinPilot
Christophe Leemans
Belgium
VAT: BE0792.171.680