Privacy Policy

Last updated: May 10, 2026

Waypoint ("the App") is a mobile application developed and operated by Pilotiq ("the Company," "we," "us," or "our"). The Company is registered in the Republic of Turkey. The App is available for download on the Apple App Store (iOS) and Google Play Store (Android) and provides travel and aviation information services — including city guides, airport details, weather and METAR data, currency exchange rates, community place reviews, and recommendations — through the mobile applications and our associated backend systems (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. It applies to all users worldwide, including those in the European Economic Area, the United Kingdom, Switzerland, the United States (including California), and all other jurisdictions. Please read this policy carefully. By creating an account, downloading the App, or otherwise accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with this Privacy Policy, please do not access or use the Service.

Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Legal Bases for Processing (GDPR)
  4. Information Sharing and Disclosure
  5. Third-Party Services
  6. Data Retention
  7. Data Security
  8. Your Rights and Choices
  9. Push Notifications
  10. Cookies and Tracking Technologies
  11. Advertising Identifiers and Do Not Track
  12. Automated Decision-Making and Profiling
  13. Children's Privacy
  14. International Data Transfers
  15. Data Breach Notification
  16. Links to Other Websites and Services
  17. Changes to This Privacy Policy
  18. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you register you provide your email address and create a password. During profile setup you may also provide your first name, surname, and gender.
  • Professional Information: You may optionally select your employer (airline or other company), your job position or title, and your base airport. This information helps us tailor city and travel information to your profession.
  • User-Generated Content: Reviews, ratings, and comments you write about airports and places; place recommendations you submit (including map links, place names, coordinates, place type, and explanatory text); and places you save or bookmark.
  • Reports of Other Users' Content: If you report a review submitted by another user, we collect the report reason, the explanatory message you provide, and a reference to the review and reporting account. Reports are visible only to our moderation team — the reported user is not told who filed the report.
  • User Blocks: When you block another user from within the App, we record the identifier of the user you blocked and the timestamp. We use this list to hide that user's reviews from you (and your reviews from them) across the Service. Blocks are not shared with the blocked user and are visible only to you.
  • Communications: If you contact us for support or feedback, we may collect the content of your message, your email address, and any attachments.

1.2 Information Collected Automatically

  • Device Information: When you register or log in, we collect a unique device identifier, your device platform (iOS or Android), and a push notification token so we can deliver push notifications to your device.
  • Log and Session Data: We record your IP address, app or browser user-agent string, login timestamps, and session activity (last-active time) for security, abuse prevention, and to support session management.
  • Login Attempts: For security and rate-limiting purposes, we log the email address, IP address, and timestamp of each login attempt.
  • Installed Applications: With your knowledge, we may collect a list of certain installed applications on your device (such as ride-hailing or travel apps) at registration or at launch when this feature is enabled. This data is used to improve city-specific recommendations and is never sold or shared with third parties for advertising.

1.3 Information We Do Not Collect

  • We do not collect financial or payment information — the Service is free to use.
  • We do not use advertising SDKs or sell your data to advertisers.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Operate the Service: Create and manage your account; authenticate you; deliver city, weather, airport, currency, and place information; display your reviews and recommendations; and manage the invitation and referral system.
  • Personalization: Tailor content such as airport weather (METAR), transportation options, and local place recommendations based on your professional profile and base airport.
  • Gamification: Track and display experience points (XP) earned through your contributions (reviews and approved recommendations).
  • Notifications: Send push notifications and in-app notifications about account status changes, recommendation outcomes, invitation activity, and administrative announcements.
  • Security and Fraud Prevention: Monitor login attempts and session data to detect unauthorized access; enforce rate limits; manage device sessions; and support account recovery flows.
  • Moderation: Review user-submitted content (recommendations, reviews) and user-filed reports of other users' reviews to ensure quality and compliance with our community guidelines, and to take action against content or conduct that violates these policies.
  • Service Improvement: Analyze aggregate usage patterns to improve features, fix bugs, and develop new functionality.
  • Legal Compliance: Comply with applicable laws, enforce our Terms of Use, and respond to legal requests.

3. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for (account management, content delivery, notifications).
  • Legitimate Interests: Security monitoring, fraud prevention, service improvement, and moderation — where our interests do not override your fundamental rights.
  • Consent: Where required, such as for push notifications and collection of installed-app data. You may withdraw consent at any time.
  • Legal Obligation: Where we are required to process data to comply with applicable law.

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:

  • With Other Users: Your first name, surname, company name, position, and the content of your reviews and recommendations may be visible to other authenticated users of the Service.
  • Service Providers: We use third-party services to operate the Service (see Section 5). These providers process data on our behalf under contractual obligations to protect your information.
  • Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request.
  • Safety and Enforcement: We may disclose information when we believe it is necessary to protect the rights, property, or safety of the App, our users, or others, or to enforce our Terms of Use.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Third-Party Services

The Service integrates with the following third-party providers:

ProviderPurposeData Sent
Push notification provider Delivering push notifications to your device Device token, notification content
Map tile provider Map display in the mobile app Map tile requests (no personal data)
Weather data provider (Open-Meteo) City weather information City coordinates (latitude/longitude)
Aviation weather provider Airport METAR reports ICAO airport codes
Maps providers Resolving place recommendation links Map URLs submitted by users
Email delivery provider Transactional email delivery Email address, email content
Cloud infrastructure provider Application hosting and data storage All data processed by the Service

Each provider is subject to its own privacy policy. We encourage you to review them.

6. Data Retention

  • Account Data: Retained for as long as your account is active. If you request deletion, we soft-delete your account and anonymize or remove personally identifiable data within 30 days.
  • Session and Login Data: Sessions are retained for the duration of the refresh token lifetime (up to 30 days). Login attempt logs are retained for up to 90 days.
  • User-Generated Content: Reviews, recommendations, and saved places are retained for the lifetime of your account. Deleted content is soft-deleted and excluded from public queries.
  • Reports of Other Users' Content: Reports you file are retained for the lifetime of your account so our moderation team can identify patterns of abuse. Reports are not visible to other users at any time.
  • User Blocks: Active blocks are retained until you unblock the user or delete your account. Unblocked entries are soft-deleted and no longer applied to content visibility.
  • Cached Third-Party Data: Weather and METAR data is cached for up to one hour and overwritten on refresh. Currency exchange rates are similarly cached and refreshed.
  • Device Data: Device registrations and push tokens are retained while active. Stale tokens are automatically cleared when push delivery fails.

7. Data Security

We implement industry-standard security measures to protect your data:

  • Passwords are hashed using a one-way cryptographic algorithm and are never stored in plaintext.
  • Session and authentication tokens are short-lived; long-lived tokens are hashed before storage.
  • All communication between the app and our servers is encrypted in transit using industry-standard protocols (TLS/HTTPS).
  • Email verification, password reset, and email change tokens are single-use and time-limited.
  • Access to user data is restricted to authorized personnel and service accounts on a least-privilege basis.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 All Users

  • Access and Correction: You can view and update your company, position, base airport, and email address directly within the app. Your first name, surname, and gender are set during profile setup and cannot be changed from within the app — contact us if you need them updated.
  • Account Deletion: You may request deletion of your account by contacting us at info@pilotiq.net. Upon receiving your request, we will delete your account, remove your personally identifiable data, and anonymize any remaining records within 30 days. This includes your profile information, session data, device registrations, saved places, and notification history. Reviews and recommendations you submitted may be anonymized rather than deleted to preserve community data integrity.
  • Push Notifications: You can disable push notifications at any time through your device's system settings.
  • Content Removal: You can delete your own reviews and unsave places within the app.

8.2 European Economic Area, UK, and Swiss Residents (GDPR)

Under the General Data Protection Regulation you have the right to:

  • Request access to your personal data.
  • Request rectification of inaccurate data.
  • Request erasure ("right to be forgotten").
  • Request restriction of processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Lodge a complaint with your local data protection authority.

8.3 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination for exercising your privacy rights.

8.4 Exercising Your Rights

To exercise any of the rights above, contact us at info@pilotiq.net. We may need to verify your identity before fulfilling your request. We will respond within the timeframes required by applicable law.

9. Push Notifications

We send push notifications for account-related events (approval, rejection), recommendation outcomes, invitation activity, and administrative broadcasts. Push notifications require a device-specific push token, which is collected when you register or log in with a device. You can opt out of push notifications at any time by adjusting your device settings. Even when push notifications are disabled, in-app notifications remain accessible in your notification inbox.

10. Cookies and Tracking Technologies

The App does not use cookies, web beacons, or third-party tracking pixels. Our web pages (such as email verification, password reset, and this Privacy Policy) are static HTML pages that do not set cookies or use analytics scripts. We do not engage in cross-app or cross-site tracking.

11. Advertising Identifiers and Do Not Track

  • We do not collect or access the Apple Identifier for Advertisers (IDFA), Android Advertising ID (AAID), or any other advertising identifier.
  • We do not use Apple's App Tracking Transparency (ATT) framework because we do not track users across apps or websites owned by other companies.
  • We do not serve advertisements of any kind within the Service.
  • We honor "Do Not Track" (DNT) browser signals. Because we do not perform any tracking, no change in behavior is necessary when a DNT signal is detected.
  • We do not participate in any cross-context behavioral advertising or interest-based advertising programs.

12. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you. Account approval decisions are made by human reviewers, not automated systems. Content moderation of recommendations and review reports is performed by human moderators.

13. Children's Privacy

The Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 16. We do not knowingly collect personal information from children under 13 as defined by the U.S. Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@pilotiq.net.

14. International Data Transfers

Our infrastructure providers may host and process data in regions outside your country of residence. If you access the Service from the EEA, UK, or Switzerland, your data may be transferred to and processed in countries that may not provide the same level of data protection. In such cases, we rely on appropriate safeguards, including standard contractual clauses approved by the European Commission or equivalent mechanisms recognized by applicable data protection authorities. By using the Service, you consent to the transfer of your information to these countries.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (as required by GDPR Article 33). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly via the email address associated with your account.

16. Links to Other Websites and Services

The Service may contain links to third-party websites and services, including app store listings, transportation app links, and map services. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any third-party services you access through the Service.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via in-app notification or email. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy. If you do not agree with the revised policy, you must stop using the Service and request account deletion.

18. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to submit a complaint, please contact us:

  • Email: info@pilotiq.net
  • App: Waypoint

We aim to respond to all data rights requests within 30 days. If we need more time, we will inform you of the extension and the reasons for the delay.