Privacy Policy — Notiflye

Notiflye ("we," "us," or "our") operates the flight tracking and notification service at www.notiflye.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service. By using the Service, you consent to the practices described in this Privacy Policy.

We are committed to protecting your privacy and the privacy of the recipients you designate to receive flight notifications. This policy covers two categories of individuals whose data we process: Users (those who create accounts and track flights) and Recipients (those designated by Users to receive flight status notifications).

1. Information We Collect

1.1 Information You Provide Directly

Account Information: When you register for the Service, we collect your name, email address, phone number, and account credentials.
Flight Tracking Data: Flight numbers, routes, dates, and preferences you provide when creating flight alerts.
Recipient Information: When you add recipients to a flight alert, we collect the name, email address, and/or phone number you provide for each recipient. This data is provided by you on behalf of the recipient for the sole purpose of delivering flight status notifications.
Saved Contacts (Favorites): If you save contacts for future use, we store their name and contact details in your account until you delete them.

1.2 Information Collected Automatically

Usage Data: We collect information about how you interact with the Service, including pages visited, features used, timestamps, and frequency of use.
Device and Browser Information: IP address, browser type and version, operating system, device type, and unique device identifiers.
Cookies and Similar Technologies: We use session cookies to manage authentication and maintain your preferences. We do not use third-party advertising cookies.

1.3 Information from Third Parties

We receive flight status data from FlightAware and other aviation data providers. This data pertains to flights, not to individuals, and is used solely to generate notifications.

2. How We Use Your Information

We use the information we collect for the following purposes:

To provide, operate, and maintain the Service, including sending flight status notifications to you and your designated recipients.
To process your flight tracking requests and deliver timely alerts via email, SMS, and/or WhatsApp.
To create and manage your account, authenticate your identity, and maintain security.
To communicate with you about the Service, including service announcements, security alerts, and support messages.
To monitor and analyze usage trends to improve the Service.
To detect, prevent, and address fraud, abuse, and technical issues, including bot protection and rate limiting.
To comply with legal obligations and enforce our Terms and Conditions.

We do not use your information or recipient information for marketing purposes unrelated to the Service. We do not sell your data.

3. SMS Communications and Mobile Numbers

When you provide your mobile phone number and check the SMS consent box on our tracking form, you consent to receive SMS flight status notifications related to the specific flights you choose to monitor on Notiflye.

Message frequency varies depending on flight activity. Message and data rates may apply.

We do not sell, rent, or share mobile phone numbers or SMS consent data with third parties or affiliates for marketing purposes.

We may share your mobile number only with service providers strictly necessary to deliver SMS messages (e.g., Twilio). These providers are contractually bound to use the data solely for message delivery.

You may opt out at any time by replying STOP to any SMS from Notiflye. For assistance, reply HELP. Consent to receive SMS notifications is not required to use the core Service.

4. Recipient Data — How We Handle Third-Party Contact Information

Notiflye's group notification feature means we process personal data of recipients who may not have directly interacted with us. We take this responsibility seriously.

4.1 Lawful Basis for Processing

Recipient data is processed on the basis of the User's representation that they have obtained the recipient's consent, and on the legitimate interest of delivering the specific flight notifications the User has requested. We process recipient data solely for the purpose of sending flight status notifications.

4.2 Data Minimization

We collect only the minimum information necessary to deliver notifications: the recipient's name and one or more contact methods (email address and/or phone number). We do not build profiles on recipients, track their behavior, or use their data for any purpose beyond delivering the notifications requested by the User.

4.3 Recipient Rights and Opt-Out

Every notification sent to a recipient includes a clear mechanism to opt out. Recipients may opt out of notifications for a specific flight, a specific notification channel, or from Notiflye entirely. Once a recipient opts out, we will cease sending notifications to that individual promptly.

Recipients who have questions about their data may contact us at [email protected]. We will respond to all such inquiries within 30 days.

4.4 Encryption

Recipient contact information is encrypted at rest in our database. Access to recipient data is restricted to authorized personnel and automated systems necessary for notification delivery.

5. How We Share Information

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service Providers: We share data with third-party providers who perform services on our behalf, including FlightAware (flight data), Twilio (SMS delivery), Resend (email delivery), and Render (hosting). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
Legal Compliance: We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of Notiflye, our users, or the public.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We do not share recipient mobile numbers or SMS consent data with third parties for marketing purposes under any circumstances.

6. Data Retention

We retain your data as follows:

Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except as required for legal or compliance purposes.
Flight Alert Data: Alert history and notification logs are retained for up to 12 months after the flight for operational, audit, and dispute-resolution purposes, then purged.
Recipient Data: Recipient contact information associated with completed alerts is retained for up to 90 days for dispute resolution, then securely deleted. Saved contacts (Favorites) are retained until you delete them.
Automatically Collected Data: Usage logs and analytics data are retained for up to 12 months.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your data, including:

Encryption of data in transit (TLS/SSL) and at rest for sensitive fields (recipient contact information).
Secure authentication with session management and password hashing.
Rate limiting and bot protection to prevent automated abuse.
Regular access reviews and principle of least privilege for system access.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal retention requirements.
Opt-Out: Opt out of SMS notifications by replying STOP. Opt out of email notifications via the unsubscribe link in any notification.
Data Portability: Request your data in a structured, commonly used format.
Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or such shorter period as may be required by applicable law).

9. India-Specific Provisions (DPDP Act, 2023)

If you are located in India, the following provisions apply in addition to the rest of this Privacy Policy:

We process your personal data in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules.
You have the right to access, correct, and erase your personal data as provided under the DPDP Act. You may also nominate a representative to exercise these rights on your behalf.
We will obtain consent before processing your personal data, except where processing is necessary for a legitimate use as defined under the DPDP Act.
We do not process personal data of children (individuals under 18 years of age in India) without verifiable parental consent.
In the event of a data breach that is likely to cause significant harm, we will notify the Data Protection Board of India and affected individuals as required by applicable law.
For any grievances regarding data processing, please contact our Grievance Officer at [email protected]. We will acknowledge your complaint within 48 hours and resolve it within 30 days.

10. International Data Transfers

Notiflye's servers and third-party service providers may be located outside your country of residence, including in the United States. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction. We ensure that appropriate safeguards are in place for such transfers, including contractual obligations with our service providers.

11. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data promptly. If you believe we have inadvertently collected data from a child, please contact us at [email protected].

12. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party service you access through the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last Updated" date and, where practicable, by email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: