Notamify Privacy Policy
Last Updated: 2025-08-16
1. Introduction
Skymerse Inc., doing business as Notamify ("we", "us", or "our"), is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, process, and protect your personal data when you use our websites, applications, and related services (collectively, the "Services") in compliance with the EU/UK GDPR and other applicable data protection laws.
By using the Services, you acknowledge you have read and understood this policy.
2. Data Controller
Skymerse Inc., a Delaware corporation, is the data controller responsible for your personal data processed through the Services.
Contact: [email protected]
3. Personal Data We Collect
We collect and process the following categories of personal data (depending on how you use the Services):
- Account & Identity Data: Name, username, email address, password hash, and preferences.
- Contact Data: Email address and (if provided) phone number.
- Flight Operations Data: Flight plan details (e.g., callsign, aircraft registration and ICAO type, departure/destination/alternate airports, route, planned altitude/speed, ETD/ETA, and operational notes you choose to include), watchlists, alerts, saved filters, and geofences.
- Files You Upload: Flight plan PDFs and other documents you choose to upload for parsing (see Section 7).
- Payment & Transaction Data: Subscription tier, purchase history, currency, and limited payment information processed via Stripe (we do not store full card numbers).
- Technical & Device Data: IP address, device and browser type, operating system, language, approximate location (derived from IP), and system logs.
- Usage Data: Information on how you use our website and Services, including page views, feature interactions, error/crash reports, and API call logs (time, endpoint, response status, and non-sensitive metadata).
- Marketing & Communications Data: Your preferences for receiving marketing from us and your communication preferences.
- Support & Communications Data: Messages you send to us (e.g., email or in-product support), and any data included in those messages.
We do not intentionally collect special categories of personal data (e.g., health data). Please do not include such information in your uploads or free-text fields.
4. How We Collect Your Data
- Directly from you when you create an account, upload a file (e.g., a flight plan PDF), configure alerts or watchlists, or contact support.
- Automatically via cookies, SDKs, and similar technologies (see Section 13).
- From service providers (e.g., payment processor Stripe, analytics providers PostHog and Google Analytics 4 (GA4)).
- From your use of the API (e.g., API call logs for troubleshooting and service improvement).
5. Legal Bases for Processing
We process personal data under the following legal bases (depending on context):
- Performance of a contract: To create and administer your account; provide core features (including parsing your uploaded flight plan PDF); deliver paid subscriptions; and provide support.
- Consent: Where required by law for analytics/marketing cookies, optional communications, and certain data processing that is not strictly necessary for the Services. You can withdraw consent at any time.
- Legitimate interests: To maintain and improve the Services, ensure security and fraud prevention, measure and enhance performance, and understand aggregate usage. We balance these interests against your rights and expectations.
- Legal obligations: For tax, accounting, and compliance requirements.
6. How We Use Your Data
We use your personal data to:
- Provide, operate, and personalize the Services;
- Parse uploaded flight plan PDFs into structured flight data (see Section 7);
- Process payments and manage subscriptions via Stripe (we do not store full payment details);
- Send service-related communications (e.g., critical updates, transactional emails);
- Send marketing communications with your consent (where required);
- Analyze usage patterns using GA4 and PostHog to improve the user experience (where required, based on consent);
- Maintain logs of user API calls for service reliability, abuse detection, and troubleshooting;
- Detect, prevent, and address fraud, abuse, and security incidents;
- Comply with legal obligations.
7. Flight Plan PDFs You Upload (Parsing)
What we process. When you upload a flight plan PDF, we process it to extract structured flight data such as callsign, aircraft registration and type, departure/destination/alternate aerodromes, waypoints/route, requested flight level, ETD/ETA, and other operational fields typically present in ICAO flight plan formats. Depending on the document you upload, the PDF may also contain personal contact details (e.g., pilot or dispatcher name/phone/email) that you chose to include.
How we process. We convert the PDF to text and/or use pattern matching and similar techniques to extract fields into a structured format usable by the Services (e.g., to create alerts, route checks, or NOTAM workflows). We use only vetted service providers for secure storage and processing. If an external parsing/recognition vendor is used, they act as our processor and process your data solely on our instructions.
Retention. We retain the original PDF no longer than necessary to complete parsing, validate results, and address immediate support or reliability issues. The structured flight data derived from your PDF is retained in your account for as long as necessary to provide the Service features you choose to use (e.g., alerts, history, or templates), and as otherwise described in Section 8. You can delete uploads and derived items from within your account where that functionality is available, or by contacting us.
Use limitations. We do not use your uploaded PDFs or the parsed flight data to train generalized AI models. We use the data only to provide and improve the Services for you, to troubleshoot, and to ensure security and compliance.
Your responsibilities. Please ensure you have the right to upload the document and that it does not include sensitive personal data not needed for the Services.
8. Data Retention
We keep personal data only for as long as necessary for the purposes set out in this policy:
- Account & Service Data: Kept while your account is active. If you close your account, we delete or anonymize data within a reasonable period, subject to backups and legal retention.
- Flight Plan PDFs: Original files are kept no longer than necessary to perform parsing and immediate support/validation, after which they are deleted or anonymized. Derived structured flight data is kept while your account remains active and for a limited period thereafter if needed for security, audit, or legal purposes.
- API Logs & Technical Telemetry: Retained for a limited period necessary to ensure reliability, security, and troubleshooting, then deleted or anonymized.
- Payment & Transaction Records: Retained as required by tax and accounting laws.
9. Data Sharing (Processors and Disclosures)
We share personal data only as needed to provide and improve the Services, or as required by law:
- Service providers (processors): e.g., Stripe (payments), analytics providers (GA4, PostHog), cloud hosting, storage, monitoring, error tracking, email delivery, and customer support tools. These providers may be located in other countries and process data solely under our instructions.
- Professional advisors and legal/regulatory authorities: Where necessary to protect rights, comply with legal obligations, prevent fraud/abuse, or respond to lawful requests.
- Business transfers: If we are involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction under appropriate safeguards.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising within the meaning of applicable U.S. state privacy laws.
A current list of key subprocessors is available on request at [email protected].
10. International Transfers
Your data may be processed outside your country of residence. Where we transfer personal data from the EEA/UK to countries without an adequacy decision, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum, as applicable), and additional technical/organizational measures.
11. Your Rights
Depending on your location, you may have the right to:
- Access your personal data;
- Correct inaccurate or incomplete data;
- Delete your personal data;
- Restrict or object to certain processing;
- Port your data to another provider;
- Withdraw consent where processing is based on consent;
- Appeal certain decisions and lodge a complaint with a supervisory authority.
To exercise your rights, contact [email protected]. We may need to verify your identity before fulfilling your request. EEA/UK residents may lodge complaints with their local data protection authority. U.S. residents may have additional rights under state privacy laws; we will honor those rights as required.
12. Data Security
We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No method of transmission or storage is 100% secure, but we continuously improve our safeguards and restrict access on a need-to-know basis.
13. Cookies and Similar Technologies
We use cookies and similar technologies to operate and improve the Services, including:
- Strictly necessary cookies (required for core functionality);
- Analytics cookies (e.g., GA4, PostHog) to understand usage and improve performance; and
- Preference cookies to remember settings.
Where required by law, we obtain your consent before placing non-essential cookies. You can update your cookie preferences via our cookie banner (where available) or your browser settings.
14. Automated Decision-Making
We do not use automated decision-making, including profiling, that produces legal or similarly significant effects about you within the meaning of applicable data protection laws.
15. Third-Party Links
The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.
16. Changes to This Policy
We may update this policy from time to time. We will post the updated version here with a new "Last Updated" date. For material changes, we will provide additional notice as required by law.
17. Contact & Complaints
If you have questions, concerns, or requests regarding this policy or your personal data, contact us at [email protected].
You have the right to make a complaint to your local data protection authority. We would appreciate the chance to address your concerns first, so please contact us in the first instance.