Privacy Policy — Airfield Directory

Effective date: 14 August 2025

Airfield Directory is a non‑commercial Open Data platform. This notice explains how we handle personal data under the EU GDPR in a concise, understandable form.

1) Data we process

Login / account via OAuth

  • Sign in with Google: When you sign in, Google provides: first & last name, email address, language, profile avatar URL, and Google user ID. Your first/display name may appear publicly with your PIREPs/comments.
  • Login with Amazon: When you sign in, Amazon provides: full name, email address and Amazon user ID. Your first name may appear publicly with your PIREPs/comments.

Your email is stored but never published.

Public contributions. PIREPs, comments, and other submissions are public and licensed under CC BY‑SA 4.0 (irrevocable). Please do not include personal data of third parties in your submissions; such content may be removed.

Optional tailsign. If you add a Aerops registered tailsign and are logged in, we send your tailsign and the airfields you view to Aerops to fetch personalized prices. Opt‑out by removing the tailsign or logging out.

Usage & device data. Standard logs (IP address, user‑agent, timestamps, requested URLs) for security and diagnostics.

Cookies. Only essential cookies (e.g., session cookies for login). No tracking or advertising cookies.

2) Purposes and legal bases

  • Operate the Service (authentication, sessions, publishing your contributions). Legal bases: performance of contract/Terms; legitimate interests.
  • Publish your contributions publicly under CC BY‑SA 4.0. Legal bases: consent (you choose to post); legitimate interests in running an open data project.
  • Aerops personalized prices when you add a tailsign and view airfields while logged in. Legal basis: your consent (optional feature).
  • Translations and summaries of public content via AWS (Amazon Web Services) and OpenAI. Legal bases: legitimate interests; consent insofar as you choose to submit public content.
  • Security & abuse prevention (rate‑limiting, fraud/spam prevention, diagnostics). Legal bases: legitimate interests; legal obligations.
  • Service improvement using anonymous/aggregated analytics. Legal basis: legitimate interests.

We do not sell personal data and we do not run ads.

3) Storage and recipients

  • Hosting: Amazon Web Services (AWS), region eu‑central‑1 (Frankfurt, Germany).
  • Google: OAuth sign‑in.
  • Amazon: OAuth sign‑in.
  • Aerops: receives tailsign + airfields viewed when you are logged in and have added a tailsign.
  • OpenAI / AWS translation and summary services: may process public user content to generate summaries/translations.
  • Security / moderation tooling as needed to keep the Service safe.

We may disclose data if required by law or to protect rights, safety, and the Service.

4) International transfers

Although AWS hosting is in the EU (eu-central-1), some processors (e.g., Google, Amazon, OpenAI) may process data outside the EEA. If you don't want that, don't use the Service.

5) Retention

  • Account data: retained while your account is active and for a reasonable period afterward for security and recordkeeping.
  • Public contributions (PIREPs/comments): intended to be public and persistent under CC BY‑SA 4.0, including your first name (if correctly designated with your Google, Amazon or Apple account), a SHA256 hash of your email (can be used for gravatar) and potentially a link to your avatar. You can delete them from our interface, but prior copies may remain elsewhere and the license remains in force.
  • Server logs: retained for limited periods necessary for security and diagnostics.
  • Backups: may persist temporarily and are not routinely edited.

6) Your rights (GDPR)

You can access, rectify, erase (subject to the public and irrevocable nature of CC‑licensed content), restrict or object to certain processing, and request data portability.
Where processing relies on consent (e.g., tailsign sharing with Aerops), you may withdraw consent at any time (e.g., remove the tailsign). This does not affect prior lawful processing.
To exercise rights, contact info@airfield.directory. You can also lodge a complaint with your local authority or with the Office of the Commissioner for Personal Data Protection (Cyprus).

7) Security

We use appropriate technical and organizational measures to protect data against unauthorized access, alteration, disclosure, or destruction. No method is 100% secure; please secure your Google/Amazon/Apple account and devices.

8) Children

The Service is not for users under 18. Do not use the Service or submit personal data if you are under 18.

9) Changes

We may update this Policy. The “Effective date” shows the latest version. Continued use after changes means you accept the updated Policy.

Controller & Contact ("we", "us", "our"): Thomas Witt Ltd, Spyrou Kyprianou, 84, 4004 Limassol, Cyprus — info@airfield.directory