Privacy Policy
Updated on Aug 29th, 2025
1) Who we are & how to contact us
Controller: Gander Technologies Inc. (“Gander”, “we”, “us”).
Address: 39 Wooster St, 10014 New York, United States
Email: privacy@usegander.com
DPO/Privacy Lead: Yannick Muller
If your employer/aircraft operator configured your account, we may also process some data as a processor on their behalf. See Section 2.
2) Role of Gander (Controller vs. Processor)
Controller: We act as a controller for account data, app configuration, product analytics, support communications, and platform security.
Processor: For data entered by an operator (e.g., crew, passenger, trip, flight, and billing records), we act as a processor and process that data only according to the operator’s instructions and applicable contracts. Operators remain responsible for providing any required notice to their crew/passengers.
3) What data we collect
We collect data that you provide, data generated by your use of the Services, and limited data from third parties (e.g., aviation data providers). The examples below are representative and may evolve with product features.
A. Contact Info (App Privacy category)
Name (first/last), email address, phone number, physical address, emergency contacts (crew & passengers).
B. Location (App Privacy category)
Precise location (foreground and, if enabled, background) to support features like flight tracking, duty logging, navigation, and map views (Mapbox/ForeFlight integrations). iOS permissions requested: When In Use and optionally Always.
C. Financial Info (App Privacy category)
Payment info references (e.g., account identifiers) if you pay us; payment card data may be handled by our payment processor (we don’t store full card data).
Other financial info relevant to operations, such as salary/hourly rate for crew, quotes, charges, payments and receipts.
D. Identifiers (App Privacy category)
User ID (e.g., Supabase Auth ID), operator/crew IDs, and device identifiers (push tokens). IP address may be collected as part of standard web/app requests.
E. User Content (App Privacy category)
Photos/Videos (e.g., receipts), documents (crew certifications, passenger IDs), notes, FRAT assessments, trip/flight logs, message posts/chirps.
Optional voice/phone features (web): if you use them, limited audio and telephony metadata is processed by our vendor(s) to deliver the feature.
F. Usage Data (App Privacy category)
Product interaction (screen views, clicks, feature usage), search queries, session events, and login activity.
G. Diagnostics (App Privacy category)
Crash data, performance metrics, and debug/telemetry (e.g., from Sentry) to improve reliability.
H. Sensitive Info (App Privacy category)
Health-related indicators in FRAT/fatigue risk assessments.
Weight for weight-and-balance and safety calculations.
We collect these only where necessary for aviation safety/compliance and at your or your operator’s direction.
I. Derived & aviation operations data
Aircraft, trip/leg schedules, routes, airports/FBOs, fuel pricing, weather, regulatory checks, and other operational metrics.
J. Sources of data
You or your operator (manual entry, imports, APIs), automations/integrations, and service providers (e.g., mapping, weather, fuel pricing, flight planning).
4) How we use data (purposes)
We use data for:
App functionality & operations: authentication, role-based access, flight scheduling/tracking, crew & passenger management, expense tracking/receipt scanning, FRAT/safety tools, document management, customer support, and service continuity (security, uptime, abuse/fraud prevention).
Analytics: understanding feature effectiveness, reliability and performance, and aggregated usage patterns to improve the Services (e.g., Sentry, PostHog). Where feasible, we apply minimization techniques (e.g., event/property redaction and IP anonymization options).
Product personalization: role-based layouts (crew vs. dispatcher vs. passenger) and operator-specific views.
Communications: service messages (e.g., changes, outages), operational notifications (e.g., trip updates, push notifications), surveys and training.
Legal/compliance: audit logging, export control, tax/financial recordkeeping, regulatory and safety obligations.
No Third‑Party Ads / No Cross‑App Tracking. We do not sell personal information, do not share it for cross‑context behavioral advertising, and do not use third‑party advertising SDKs in the mobile app. We also do not request Apple’s App Tracking Transparency (IDFA) permission.
5) iOS permissions & how we use them
Location (When In Use and optional Always): flight tracking, duty logging, map features. You can change this in iOS Settings. Background use is clearly explained in‑app and can be disabled.
Camera & Photos: capture and upload receipts or operational photos.
Notifications: operational alerts and updates via Expo push.
Microphone/Telephony (web features only, if enabled): voice calls or voice notes through our provider(s). Not requested on iOS unless we add native voice features; if added, the app will request permission in context.
We strive to degrade gracefully if you deny a permission (some features may not work).
6) Cookies, local storage & SDK telemetry
Web cookies/local storage: session management, security (CSRF), and preferences. Analytics cookies are limited and configurable.
Mobile storage: we use AsyncStorage for local state. Operational caches (e.g., map tiles) may be stored on device.
SDK telemetry: vendors like Mapbox and Sentry may generate telemetry strictly to provide their services (see Section 7).
7) Service providers & integrations (sub‑processors)
We engage vetted providers to deliver the Services. Typical categories include:
Hosting & database: Supabase (auth, database, real‑time, storage)
Crash & performance: Sentry
Mapping & location: Mapbox; ForeFlight (planning); FAA/public registries; airport/FBO sources
Receipts/OCR: Veryfi
Weather & fuel: aviation weather APIs; Fuel pricing APIs
Messaging: Twilio (SMS/voice), Resend (email)
Analytics: PostHog (product analytics)
AI services (web features): OpenAI (NLP), VAPI (voice)
Push notifications: Expo Push
We require providers to process personal data only to deliver the contracted service and to apply appropriate security. A current list of sub‑processors is available upon request and may be updated as services evolve.
8) Disclosures of personal data
We may share personal data with:
Your operator/employer (if your account is managed by them) and other users per your role/permissions.
Service providers (Section 7) under contract.
Regulators/authorities where legally required (e.g., safety, tax, law enforcement) or to protect rights and safety.
Business transfers (e.g., merger, acquisition) with safeguards and notice where required.
We do not sell personal information.
9) Data retention
We keep data only as long as needed for the purposes described, or as required by law/contract. Typical periods (subject to operator contracts and legal requirements):
Category | Typical retention |
|---|---|
Account profile, credentials, role/permissions | For the life of the account + up to 24 months |
Operational records (trips, legs, logs, FRAT) | Per operator policy and aviation/regulatory requirements (often 24–72 months) |
Receipts/expenses & financial records | 7 years (tax/bookkeeping norms) |
Product analytics events | 12–24 months (aggregated thereafter) |
Crash/performance telemetry | 12–18 months |
Audit logs (security, access) | 24–36 months |
Support tickets/messages | 24 months |
When an operator deletes data or your account is closed, we will delete or irreversibly de‑identify data within reasonable timeframes unless retention is required by law or legitimate interests (e.g., dispute resolution, security).
10) Security
We use administrative, technical, and physical safeguards appropriate to the risk, including: encryption in transit (TLS); encryption at rest for hosted data; role‑based access controls (RBAC); row‑level security (RLS) for tenant isolation; least‑privilege service roles; audit logging; automated back‑ups; and vendor security reviews. No method of transmission or storage is 100% secure; we continuously improve controls and monitor for vulnerabilities.
11) International data transfers
We may transfer data to countries with different privacy laws (e.g., to the United States). Where required, we rely on approved transfer mechanisms (e.g., EU Standard Contractual Clauses) and implement additional safeguards.
12) Your privacy rights
Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to certain processing, and to withdraw consent at any time (without affecting prior lawful processing). You may also have the right to appeal a decision and to lodge a complaint with a supervisory authority.
How to exercise: Use the in‑app Privacy Choices link (see Section 13) or contact us at privacy@usegander.com. If your account is administered by an operator, we may direct your request to them as controller.
California (CPRA) disclosures
No “sale” or “sharing” (as defined by CPRA).
We use service providers for analytics and operations.
You have the right to know, delete, correct, and limit use of sensitive personal information; and the right to opt out of sale/share (not applicable here).
13) Privacy choices (access, deletion & export)
You can:
Access & export your data (machine‑readable formats)
Request deletion of your account and personal data
Manage permissions (location, camera, photos, notifications)
Opt out of non‑essential analytics where available
A dedicated page is available at: https://usegander.com/privacy or via Settings → Privacy Choices in the app. We will verify your identity and respond within applicable legal timeframes. Some requests may be handled by your operator (controller) or limited by safety/recordkeeping obligations.
14) Children
The Services are not directed to children and are intended for professional aviation operations. We do not knowingly collect personal data from children under 16 (or the relevant age of consent). If you believe a child has provided data, contact us and we will take appropriate steps.
15) Changes to this Policy
We may update this Policy from time to time. We will post the updated Policy with a new “Last updated” date and, where required, provide additional notice.
16) Contact
Questions or requests? Email privacy@usegander.com or write to: Yannick Muller, 39 Wooster St Floor #3, 10014 New York, United States.
Appendix A — App Store Connect “Privacy Nutrition Label” Worksheet (iOS)
Use this section to complete App Store Connect. Disclose data collected by you and your SDK partners. If a data type is collected only for optional, infrequent features, evaluate Apple’s Optional Disclosure criteria; otherwise disclose it.
Data types collected & how they’re used
Apple data type | Collected | Linked to user | Used for | Tracking? |
|---|---|---|---|---|
Contact Info — Name, Email, Phone, Address, Other Contact Info | Yes | Yes (account/operator link) | App Functionality, Customer Support, Personalization | No |
Location — Precise Location | Yes (foreground; optional background) | Yes | App Functionality (tracking, duty, maps); Safety/Compliance | No |
Financial Info — Payment Info | If you pay us via processor | Yes (through processor) | App Functionality, Billing | No |
Financial Info — Other Financial Info (salary/rate) | Yes (crew data) | Yes (operator link) | App Functionality, Compliance | No |
Identifiers — User ID | Yes | Yes | App Functionality, Security, Analytics | No |
Identifiers — Device ID / Push Token | Yes | Yes | App Functionality (notifications), Security | No |
User Content — Photos/Videos (receipts), Documents, Notes | Yes | Yes | App Functionality, Compliance, Support | No |
User Content — Customer Support (tickets, chirps) | Yes | Yes | Customer Support, App Functionality | No |
Usage Data — Product Interaction & Search History | Yes | Yes | App Functionality, Analytics, Personalization | No |
Diagnostics — Crash, Performance, Other Diagnostic Data | Yes (Sentry) | Generally No (configured to minimize identifiers) | Analytics, App Functionality | No |
Sensitive Info — Health (FRAT), Weight | Yes (ops/safety only) | Yes (operator/flight link) | App Functionality, Safety/Compliance | No |
Purchases — Purchase History | If applicable | Yes | Billing history | No |
Not collected: Contacts (address book), Browsing History (outside of our app), Advertising Data, Environment Scanning, Body (hands/head).
Tracking: We do not link data with third‑party data for targeted advertising or share with data brokers. We do not request ATT/IDFA.
Third‑party SDKs disclosed in App Store Connect
Supabase (auth, DB, storage, realtime) — app functionality
Sentry (crash/performance) — diagnostics
Mapbox (maps/location) — app functionality
Veryfi (OCR for receipts) — app functionality
ForeFlight (planning), weather & fuel APIs, FAA/airport data — app functionality
Expo Notifications — app functionality
PostHog (product analytics) — analytics
(Web only, if applicable): OpenAI (NLP), VAPI (voice), Twilio/Resend (communications)
Ensure SDK privacy manifests are up to date and that you have appropriate DPA/terms with each provider. Limit data sent to SDKs (PII scrubbing in Sentry; IP anonymization/sampling in PostHog; disable any ad/marketing features).
Notes for accurate App Store answers
If you collect precise location but immediately coarsen/de‑identify before storage, you may disclose Coarse Location instead. If any precise location is stored or linked, disclose Precise Location.
Data processed only on device (never sent off device) is not “collected.” If derived data is sent to servers, treat the derived data accordingly.
Optional forms (feedback, surveys) may be “optional disclosure” only if all Apple criteria are met.
Appendix B — Operator (Customer) Responsibilities
If you are an operator using Gander to process passenger/crew data, you are responsible for:
Providing appropriate privacy notices to crew and passengers.
Configuring retention schedules consistent with your legal obligations.
Honoring data subject requests that pertain to your controlled data, and promptly passing applicable requests to Gander where we act as processor.
Ensuring lawful basis (e.g., contract, legal obligation, safety vital interests) for sensitive and travel‑related data.
Appendix C — Data Protection Addendum (summary)
Gander offers a Data Protection Addendum (DPA) incorporating SCCs for international transfers and sub‑processor commitments. Contact privacy@[your-domain].com to request the DPA.
