Privacy & Security First

End-to-End Encryption (account users): When you use PuffinPilot with an account, your travel data is encrypted on your device using AES-256-GCM before being stored or synced. Not even PuffinPilot can access your encrypted travel plans, notes, expenses, or documents.

Offline / no-account mode: If you use PuffinPilot without creating an account, your data is stored locally on your device only and is never synced to our servers. In this mode, data is not encrypted at the application level — it is protected solely by your device's operating system sandbox and screen lock. No data is transmitted to PuffinPilot or any third party.

Your Keys, Your Data: For account users, encryption keys are generated on your device and protected by your password (derived using Argon2id) and stored in your device's secure enclave (iOS Keychain / Android Keystore). We do not have access to your private keys or your encrypted travel content. When you share a travel with others, only those specific participants can decrypt that data.

EU Data Centers: Your account data and encrypted travel content are stored in EU data centers: Supabase (Paris, France) for the database and PowerSync (self-hosted, Germany) for sync. Analytics (PostHog) also uses EU infrastructure. Some third-party processors operate outside the EU — see the International Data Transfers section below.

Information We Collect

Account Information: When you create an account, we collect your email address and name.

Travel Data (End-to-End Encrypted, account users only): When using PuffinPilot with an account, all your travel plans, itineraries, notes, expenses, and related content are encrypted on your device before sync. We cannot access this encrypted data. In offline/no-account mode, travel data is stored locally only and is not application-level encrypted.

Location Data: With your permission, we collect location data to provide location-based features. This is optional and can be disabled in your device settings.

Device Information: We may collect device information including device type, operating system, and app version for troubleshooting and analytics purposes.

Usage Information: We collect information about how you use the app through analytics services (PostHog) to improve our service. This includes feature usage, session duration, and app interactions. No personal travel content is collected.

What We Can and Cannot Access

What We CAN Access (Non-Encrypted Metadata):

• Email addresses and account information
• Account creation dates and user IDs
• IP addresses (from server logs)
• Device types and operating system versions
• App usage patterns and feature interactions (via PostHog)
• Error logs and crash reports (via Sentry)
• Subscription status and billing information (via RevenueCat)
• Collaboration metadata (who shares travels with whom)

What We CANNOT Access (End-to-End Encrypted):

• Your travel plans, itineraries, and schedules
• Notes and personal travel content
• Expense details and financial information
• Uploaded documents and attachments
• Any other content you create within the app

How We Use Your Information

Provide Services: To create and manage your account, sync your encrypted data across devices, and provide the core functionality of PuffinPilot.

Improve Services: To understand how users interact with our app and improve features based on usage patterns and feedback.

Communicate: To send you important updates about the service, respond to your inquiries, and provide customer support.

Security: To detect and prevent fraud, abuse, and security issues.

Data Sharing and Third Parties

We do not sell your personal information. We only share data with trusted third-party services necessary to operate PuffinPilot:

Supabase (EU): Cloud database hosting for data synchronization. All travel data is encrypted before being stored in Supabase databases.

PostHog (EU): Product analytics to understand app usage and improve features. No personal travel content is collected, only usage patterns and feature interactions.

Sentry (EU — Germany): Error reporting and crash monitoring to improve app stability. Error reports do not include personal travel content.

RevenueCat (US): Subscription management and payment processing for our Explorer subscription plan. RevenueCat processes subscription and billing metadata only — no travel content is ever shared. This transfer is covered by Standard Contractual Clauses (SCCs). See revenuecat.com/dpa.

Google and Apple Sign-In: Optional authentication providers for easy sign-in. Only basic profile information (name and email) is shared.

Crisp: Customer support chat widget on our website.

Legal Requirements: We may disclose your information if required to do so by law or in response to a valid legal request. Due to end-to-end encryption, we can only provide non-encrypted metadata such as account information, IP addresses, and usage logs. We cannot provide access to your encrypted travel content.

Business Transfers: In the event that PuffinPilot is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and provide options regarding your data.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website for analytics and to improve user experience. You can manage your cookie preferences through the cookie consent banner on our website. For more details, see our Cookie Policy.

Your Rights

Access: You can access all your data within the app at any time.

Export: You can export your data in standard formats (PDF, etc.) through the app.

Deletion: You can request deletion of your account and all associated data at any time through the app settings. Your data will be permanently deleted within 30 days.

Modification: You can update or correct your information at any time through the app.

Opt-Out: You can disable analytics and location services in the app settings. You can also manage cookie preferences on our website.

Data Retention

We retain your data for as long as your account is active. When you delete your account, we permanently delete your data within 30 days, except where we are required to retain it by law (such as for tax or legal compliance purposes).

Data Security

PuffinPilot takes security seriously and implements multiple layers of protection:

• AES-256-GCM end-to-end encryption for all travel data (account users)
• RSA-2048 key wrapping with keys stored in device secure enclave
• Secure TLS connections for all data transmission
• EU-based data centers for all core infrastructure (France, Germany)
• Regular security updates and monitoring

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach affecting your account, we will notify you within 72 hours via email. Due to end-to-end encryption, any breach would primarily affect non-encrypted metadata rather than your encrypted travel content. We will provide details about the nature of the breach and steps you can take to protect your account.

Children's Privacy

PuffinPilot is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under the age of 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@puffinpilot.app so that we can delete the information.

GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at privacy@puffinpilot.app.

CCPA Compliance (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to know whether we sell or disclose personal information
• Right to request deletion of personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

To exercise any of these rights, please contact us at privacy@puffinpilot.app.

International Data Transfers

Your account data and encrypted travel content are stored exclusively in EU data centers (Supabase in Paris, PowerSync self-hosted in Germany, Sentry in Germany, PostHog EU).

One sub-processor operates outside the EU:

• RevenueCat (US) — subscription and billing metadata only. Transfer is covered by Standard Contractual Clauses (SCCs) under Article 46 GDPR. See revenuecat.com/dpa.

Google and Apple process authentication data (name and email only) in accordance with their own GDPR-compliant privacy frameworks.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we may also send you an email notification. Your continued use of PuffinPilot after any such modifications constitutes acceptance of the new Privacy Policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@puffinpilot.app
• General Inquiries: hello@puffinpilot.app
• Support: Contact Support

PuffinPilot
Christophe Leemans
Belgium
VAT: BE0792.171.680