1. What we collect
Account data: your email address and Cognito account identifiers. Passwords are handled by AWS Cognito; we never see or store them.
Briefing inputs: routes, airports, waypoints, altitudes, airspeeds, departure times, and the model you select.
Generated content: your briefings and briefing history, including route metadata and advisory verdicts.
Personal minimums profiles: the planning thresholds you save.
Subscription metadata: plan, credit balances, usage ledger, and Stripe customer/subscription identifiers. Payment card details are collected and processed by Stripe — they never touch our servers.
Consent records: when you accept our Terms, we record the document versions, a timestamp, and (for evidence of consent) your IP address and browser user-agent string.
Logs and diagnostics: standard service logs (request metadata, error traces) in AWS CloudWatch and Vercel.
Cookies / local storage: we use browser local storage for authentication session tokens (via the Cognito SDK) and small UI preferences. We do not use advertising cookies or trackers.
2. How we use it
To operate the service: generate briefings, maintain your history, enforce plan limits, process subscriptions, secure accounts, keep evidence of consent, and diagnose problems. We do not sell your personal data or use it for third-party advertising.
3. Who processes it
We rely on these processors/subprocessors: AWS (hosting, database, auth via Cognito, logs), Vercel (web frontend hosting), Stripe (payments and billing portal), and Anthropic (AI analysis of weather data for your briefings — route and weather context is sent to generate the briefing). Weather and aeronautical data come from public government sources (NOAA/NWS, FAA, Aviation Weather Center); your requests to our backend cause server-side requests to those services.
4. Data retention
Account, subscription, usage-ledger, minimums, and consent records are kept while your account exists. Briefing history and generated briefing files are kept to provide your history. Webhook-deduplication records expire automatically after ~60 days. Service logs follow our log retention settings. If you ask us to delete your account, we will delete or de-identify personal data not needed for legal/accounting obligations.
5. Security
Data is stored in AWS with encryption at rest and TLS in transit. Authentication uses AWS Cognito. Access to production systems is limited. No system is perfectly secure — please use a strong, unique password.
6. Your choices
You can view and edit your minimums profiles, manage your subscription through the billing portal, and request account deletion or a copy of your data via the contact below. You can decline the Terms — but the service can't be used without accepting them.
7. Changes
If this policy materially changes, its version date will change and the app will ask you to review and accept the new version.
8. Contact
For support, account, billing, or privacy questions, contact: support@flightweatherwatch.com
For legal notices, contact: legal@flightweatherwatch.com
This document is a draft prepared for the private preview and has not been reviewed by an attorney. It must be reviewed by qualified counsel before public launch.