AirFellow (“we,” “our,” “us”) is committed to protecting your privacy. This policy explains what data we collect, why, and your rights regarding that data.
Who We Are
AirFellow is a mobile application for iOS and Android developed by José Correia. Contact: [email protected]
Website Data (airfellow.net)
This privacy policy covers both the AirFellow mobile app and the airfellow.net website. The website collects limited data only when you actively submit a form.
What the Website Collects
| Data | When | Purpose | Retention |
|---|---|---|---|
| Email address | Waitlist sign-up | Launch notifications (with your consent) | Until app launch or unsubscribe |
| Email address | Contact form | Replying to your message | 90 days |
| Name | Contact form | Personalising our reply | 90 days |
| Message content | Contact form | Answering your query | 90 days |
| IP address hash | All form submissions | Spam / rate-limit prevention (sha256-hashed, not reversible) | 7 days |
| HTTP Referrer URL | Waitlist sign-up | Understanding traffic sources | 90 days |
We do not set cookies. We do not use third-party analytics on the website. We do not track users across sessions.
Website Sub-processors
| Processor | Purpose | Country | Safeguard |
|---|---|---|---|
| Cloudflare | CDN, DDoS protection, TLS termination | US (EU edge) | SCCs + EU edge servers |
| Resend | Transactional email delivery | US | SCCs (GDPR Data Processing Agreement) |
Legal Basis (Website)
- Waitlist emails: Consent (GDPR Art 6(1)(a)). You may withdraw consent at any time by replying to any email with “unsubscribe” or emailing [email protected].
- Contact form: Legitimate interest in responding to your enquiry (GDPR Art 6(1)(f)).
- IP hash: Legitimate interest in preventing spam and abuse (GDPR Art 6(1)(f)).
Your Rights (Website Data)
Same rights as listed below under GDPR — access, deletion, portability, objection. Contact [email protected].
What Data We Collect
Data We Collect via Third-Party Services
| Service | Data Type | Purpose | Opt-Out |
|---|---|---|---|
| PostHog (EU cloud) | Anonymous usage events, session data | Product analytics | In-app Settings → Privacy |
| Sentry | Crash reports, stack traces, device info | Crash diagnostics | In-app Settings → Privacy |
| RevenueCat | Purchase receipts, entitlement status | In-app purchase management | Not optional (required for IAP) |
Data We Do NOT Collect
- No accounts. No email, phone, name, or any personally identifiable information required to use AirFellow.
- No messages. All chat messages are transmitted via Bluetooth (BLE) directly between devices. No messages pass through our servers — we never see them.
- No location. AirFellow does not access GPS or location services.
- No contact list. We never access your contacts.
- BLE signals stay local. Bluetooth discovery data never leaves your device or the immediate Bluetooth range of other AirFellow users.
How We Use Your Data
- Analytics (PostHog): To understand how the app is used in aggregate — which features are used, session length, crashes. All events are anonymised. No cross-app tracking.
- Crash reporting (Sentry): To identify and fix bugs. Crash reports may include device OS version and app version.
- Purchases (RevenueCat): To validate and restore in-app purchases across your devices.
GDPR — European Users
Lawful basis:
- Analytics (PostHog): Legitimate interest (aggregate product improvement, no individual profiling). You may opt out at any time.
- Crash reporting (Sentry): Legitimate interest (app stability). You may opt out at any time.
- Purchases (RevenueCat): Contractual necessity (processing your purchase).
Your rights under GDPR:
- Access: Request a copy of data held about you.
- Deletion: Request deletion of your analytics / crash data.
- Portability: Receive your data in a machine-readable format.
- Object: Opt out of analytics at any time via in-app Settings → Privacy.
- Lodge a complaint: With your national supervisory authority (e.g. ICO in the UK, CNIL in France).
Data residency: PostHog is configured to use EU cloud servers (eu.i.posthog.com). No analytics data is routed through US infrastructure.
To exercise any right: [email protected]
CCPA — California Users
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information we collect and why.
- Delete personal information we hold about you.
- Opt out of the “sale or sharing” of your personal information.
We do not sell your personal information. Analytics data is used solely for our own product improvement.
Data categories collected: Device identifiers (anonymised), usage events, crash metadata.
Third parties: PostHog, Sentry, RevenueCat. Each operates under their own privacy policy (linked below).
To exercise CCPA rights: [email protected]
COPPA — Children Under 13
AirFellow is not directed at children under 13. The app requires users to confirm they are 13 or older on first launch.
If you enable Parental Controls mode for a family member:
- All analytics (PostHog) and crash reporting (Sentry) are automatically disabled for that session.
- No data is collected from accounts using Parental Controls mode.
- In-app purchases are hidden and inaccessible.
Parents may contact us at [email protected] to request deletion of any data that may have been collected in error.
Parental Controls
AirFellow includes optional parental controls allowing parents to restrict features for younger users travelling with them. These controls are designed for use by parents — not by children. When active, analytics collection stops entirely.
Third-Party SDK Privacy Policies
Data Retention
- PostHog analytics: 12 months rolling. You may request earlier deletion.
- Sentry crash reports: 90 days (Sentry default).
- RevenueCat purchase records: Retained as required for purchase restoration.
Security
We use industry-standard practices to protect data in transit (HTTPS, TLS 1.3). BLE data never travels to our servers.
Changes to This Policy
We will update this page when we make material changes. The “Last updated” date at the top will reflect any changes. Continued use of AirFellow after changes constitutes acceptance.
Contact
Privacy questions: [email protected]