Privacy Policy

Last updated: February 19, 2026

Also available in: Español

Download as PDF

1. Introduction

This Privacy Policy describes how the personal data of users of the FlyBook mobile application ("the App") is collected, used, and protected.

FlyBook is developed and operated by an individual developer based in Spain. As such, the processing of personal data is governed by Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD) on Data Protection and the Guarantee of Digital Rights.

2. Data Controller

  • Name: Individual developer
  • Country of residence: Spain
  • Contact: Via the in-app feedback form or the contact options available in the App

3. Data We Collect

We collect only the minimum data necessary to provide the service:

3.1 Account Data

  • Email address — used for account creation and authentication.
  • Password — stored in hashed form; we never have access to your plain-text password.

3.2 Flight Data

  • Flight information you add manually, by scanning boarding passes, or by importing from emails (flight number, departure/arrival airports, dates, airline, seat, etc.).
  • This data is stored solely to provide you with your personal flight history within the App.

3.3 Technical and Analytics Data

  • Crash reports — collected automatically via Firebase Crashlytics (Google) to detect and fix technical errors. These reports may include device model, operating system version, and app state at the time of the crash, but do not include personal flight or account data.
  • Anonymous usage analytics — collected via Firebase Analytics (Google) to understand how features are used in aggregate. This data is anonymised and cannot identify you individually.

4. Purposes and Legal Basis for Processing

Purpose Data Used Legal Basis (GDPR Art. 6)
Provide and maintain the App and user account Account data, Flight data Art. 6(1)(b) — Performance of a contract
Detect and fix crashes and technical errors Crash reports Art. 6(1)(f) — Legitimate interests
Understand aggregate feature usage to improve the App Anonymous analytics Art. 6(1)(f) — Legitimate interests

We do not sell your data, display advertising, or use your data for any purpose beyond those listed above.

5. Data Sharing and Third Parties

We do not sell or share your personal data with third parties for commercial or marketing purposes. We use the following sub-processors to operate the App:

Supabase, Inc.

Authentication and database hosting. Your account and flight data are stored on Supabase infrastructure, which may be hosted in the European Union. Supabase acts as a data processor on our behalf and is bound by GDPR-compliant data processing agreements.

supabase.com/privacy

Google LLC (Firebase)

Crash reporting (Crashlytics) and anonymous usage analytics. Google may transfer data to servers outside the EU; however, Google participates in the EU–US Data Privacy Framework and provides appropriate safeguards.

firebase.google.com/support/privacy

6. International Data Transfers

Your data may be processed on servers located outside the European Economic Area (EEA) by our sub-processors (Supabase, Google). Any such transfers are governed by appropriate safeguards as required by GDPR Chapter V, including Standard Contractual Clauses or equivalent mechanisms.

7. Data Retention

  • Account and flight data — retained for as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days.
  • Crash reports — retained for 90 days as per Firebase Crashlytics default settings.
  • Analytics data — aggregated and anonymised; not retained in identifiable form.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access — obtain confirmation of whether we process your data and receive a copy.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your data ("right to be forgotten").
  • Right to restriction — request that we limit processing in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us via the in-app feedback form. We will respond within 30 days.

You also have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD)www.aepd.es.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (TLS), hashed password storage, and access controls on backend infrastructure.

No method of transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. Children's Privacy

FlyBook is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Advertising and In-App Purchases

FlyBook does not display any advertising. There are no in-app purchases, subscriptions, or premium features. The App is entirely free.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the App after any changes constitutes acceptance of the updated policy.

13. Contact

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us through the in-app feedback form available in FlyBook.