← Back to SkyBrief

Privacy Policy

Last updated: March 19, 2026

1. Responsible Entity

SkyBrief is operated by Astro (Switzerland). For data protection inquiries, contact us at privacy@skybrief.app.

2. Data We Collect

Account Data: When you sign in via VATSIM OAuth, we receive your VATSIM CID, name, email, pilot rating, and division. This data is stored in a session cookie (JWT) and is not permanently stored on our servers unless you create an account.

Flight Data: Your flight statistics, achievements, and career data are stored locally in your browser (localStorage). We do not upload this data to our servers.

Usage Data: We track anonymous usage metrics (page views, feature usage) via privacy-friendly analytics (no cookies, no personal data).

AI Interactions: When you use the AI Copilot Chat or Phraseology features, your prompts are sent to our server which forwards them to Anthropic (Claude AI). We do not store your chat history on our servers. Anthropic's data handling is governed by their privacy policy.

Voice Data: When you use voice transcription, audio is sent to OpenAI Whisper for transcription. We do not store your audio recordings.

VATSIM Data: We access publicly available VATSIM network data (pilot positions, controller frequencies, ATIS) via the official VATSIM Data API. This data is public and not personal.

3. Legal Basis (GDPR Art. 6)

We process your data based on:

  • Consent (Art. 6(1)(a)): When you sign in via VATSIM OAuth
  • Contract (Art. 6(1)(b)): To provide the SkyBrief service
  • Legitimate Interest (Art. 6(1)(f)): For anonymous analytics and service improvement

4. Data Sharing

We share data with the following third parties solely for service provision:

  • Anthropic: AI chat and phraseology (prompts only, no personal data)
  • OpenAI: Voice transcription (audio only, not stored)
  • Stripe: Payment processing (if you subscribe to Pro)
  • Vercel: Hosting and CDN
  • VATSIM: OAuth authentication

We do not sell, rent, or trade your personal data to any third party.

5. Data Storage & Retention

Session Data: JWT session cookies expire after 7 days.

Local Data: Career stats, achievements, and settings are stored in your browser's localStorage and persist until you clear them or use the "Reset All Data" function in Settings.

Server Data: When using a database-backed account (future feature), your data is stored in encrypted databases hosted in EU/Swiss data centers.

6. Your Rights (GDPR & Swiss DSG)

You have the right to:

  • Access: Request a copy of all data we hold about you
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("Right to be Forgotten")
  • Portability: Export your data in a machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdrawal: Withdraw consent at any time

To exercise these rights, use the data export/deletion features in Settings, or contact privacy@skybrief.app.

7. Cookies

SkyBrief uses only essential cookies:

  • skybrief_session: Authentication session (httpOnly, 7 days)
  • skybrief_user: User display info (7 days)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. International Data Transfers

AI services (Anthropic, OpenAI) may process data in the United States. These transfers are covered by Standard Contractual Clauses (SCCs) as required by GDPR.

9. Children

SkyBrief is not intended for users under 16 years of age. We do not knowingly collect data from minors.

10. Changes

We may update this policy from time to time. We will notify you of significant changes via the app or email.

11. Contact

For privacy-related inquiries: privacy@skybrief.app

Supervisory Authority: Federal Data Protection and Information Commissioner (FDPIC), Switzerland