Waypoint ("the App") is a mobile application developed and operated by
Pilotiq ("the Company," "we," "us," or "our"). The Company is
registered in the Republic of Turkey. The App is available for
download on the Apple App Store (iOS) and Google Play Store (Android)
and provides travel and aviation information services — including city
guides, airport details, weather and METAR data, currency exchange
rates, community place reviews, and recommendations — through the
mobile applications and our associated backend systems (collectively,
the "Service").
This Privacy Policy explains how we collect, use, disclose, and
safeguard your information when you use the Service. It applies to all
users worldwide, including those in the European Economic Area, the
United Kingdom, Switzerland, the United States (including California),
and all other jurisdictions. Please read this policy carefully. By
creating an account, downloading the App, or otherwise accessing or
using the Service, you acknowledge that you have read, understood, and
agree to the practices described herein. If you do not agree with this
Privacy Policy, please do not access or use the Service.
1. Information We Collect
1.1 Information You Provide Directly
Account Information: When you register you
provide your email address and create a password. During profile setup
you may also provide your first name, surname, and gender.
Professional Information: You may optionally select your
employer (airline or other company), your job position or title, and your
base airport. This information helps us tailor city and travel information
to your profession.
User-Generated Content: Reviews, ratings, and comments
you write about airports and places; place recommendations you submit
(including map links, place names, coordinates, place type, and
explanatory text); and places you save or bookmark.
Reports of Other Users' Content: If you report a
review submitted by another user, we collect the report reason,
the explanatory message you provide, and a reference to the
review and reporting account. Reports are visible only to our
moderation team — the reported user is not told who filed the
report.
User Blocks: When you block another user from
within the App, we record the identifier of the user you blocked
and the timestamp. We use this list to hide that user's
reviews from you (and your reviews from them) across the
Service. Blocks are not shared with the blocked user and are
visible only to you.
Communications: If you contact us for support or
feedback, we may collect the content of your message, your email
address, and any attachments.
1.2 Information Collected Automatically
Device Information: When you register or log in, we
collect a unique device identifier, your device platform (iOS or
Android), and a push notification token so we can deliver push
notifications to your device.
Log and Session Data: We record your IP address, app
or browser user-agent string, login timestamps, and session activity
(last-active time) for security, abuse prevention, and to support
session management.
Login Attempts: For security and rate-limiting purposes,
we log the email address, IP address, and timestamp of each login
attempt.
Installed Applications: With your knowledge, we may
collect a list of certain installed applications on your device (such as
ride-hailing or travel apps) at registration or at launch when this
feature is enabled. This data is used to improve city-specific
recommendations and is never sold or shared with third parties for
advertising.
1.3 Information We Do Not Collect
We do not collect financial or payment information — the
Service is free to use.
We do not use advertising SDKs or sell your data to
advertisers.
2. How We Use Your Information
We use the information we collect for the following purposes:
Provide and Operate the Service: Create and manage your
account; authenticate you; deliver city, weather, airport, currency, and
place information; display your reviews and recommendations; and manage
the invitation and referral system.
Personalization: Tailor content such as airport weather
(METAR), transportation options, and local place recommendations based
on your professional profile and base airport.
Gamification: Track and display experience points (XP)
earned through your contributions (reviews and approved
recommendations).
Notifications: Send push notifications and in-app
notifications about account status changes, recommendation outcomes,
invitation activity, and administrative announcements.
Security and Fraud Prevention: Monitor login attempts
and session data to detect unauthorized access; enforce rate limits;
manage device sessions; and support account recovery flows.
Moderation: Review user-submitted content
(recommendations, reviews) and user-filed reports of other users'
reviews to ensure quality and compliance with our community
guidelines, and to take action against content or conduct that
violates these policies.
Service Improvement: Analyze aggregate usage patterns to
improve features, fix bugs, and develop new functionality.
Legal Compliance: Comply with applicable laws, enforce
our Terms of Use, and respond to legal requests.
3. Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA), the United Kingdom, or
Switzerland, we process your personal data under the following legal
bases:
Contract: Processing necessary to provide the Service
you signed up for (account management, content delivery,
notifications).
Legitimate Interests: Security monitoring, fraud
prevention, service improvement, and moderation — where our interests do
not override your fundamental rights.
Consent: Where required, such as for push notifications
and collection of installed-app data. You may withdraw consent at any
time.
Legal Obligation: Where we are required to process data
to comply with applicable law.
4. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information. We
share data only in these limited circumstances:
With Other Users: Your first name, surname, company
name, position, and the content of your reviews and recommendations may
be visible to other authenticated users of the Service.
Service Providers: We use third-party services to
operate the Service (see Section 5). These providers process data on our
behalf under contractual obligations to protect your information.
Legal Requirements: We may disclose information if
required to do so by law, regulation, legal process, or governmental
request.
Safety and Enforcement: We may disclose information
when we believe it is necessary to protect the rights, property, or
safety of the App, our users, or others, or to enforce our Terms of
Use.
Business Transfers: If we are involved in a merger,
acquisition, or sale of assets, your information may be transferred as
part of that transaction. We will notify you of any such change.
5. Third-Party Services
The Service integrates with the following third-party providers:
Provider
Purpose
Data Sent
Push notification provider
Delivering push notifications to your device
Device token, notification content
Map tile provider
Map display in the mobile app
Map tile requests (no personal data)
Weather data provider (Open-Meteo)
City weather information
City coordinates (latitude/longitude)
Aviation weather provider
Airport METAR reports
ICAO airport codes
Maps providers
Resolving place recommendation links
Map URLs submitted by users
Email delivery provider
Transactional email delivery
Email address, email content
Cloud infrastructure provider
Application hosting and data storage
All data processed by the Service
Each provider is subject to its own privacy policy. We encourage you to
review them.
6. Data Retention
Account Data: Retained for as long as your account is
active. If you request deletion, we soft-delete your account and
anonymize or remove personally identifiable data within 30 days.
Session and Login Data: Sessions are retained for the
duration of the refresh token lifetime (up to 30 days). Login attempt
logs are retained for up to 90 days.
User-Generated Content: Reviews, recommendations, and
saved places are retained for the lifetime of your account. Deleted
content is soft-deleted and excluded from public queries.
Reports of Other Users' Content: Reports you file
are retained for the lifetime of your account so our moderation
team can identify patterns of abuse. Reports are not visible to
other users at any time.
User Blocks: Active blocks are retained until you
unblock the user or delete your account. Unblocked entries are
soft-deleted and no longer applied to content visibility.
Cached Third-Party Data: Weather and METAR data is
cached for up to one hour and overwritten on refresh. Currency exchange
rates are similarly cached and refreshed.
Device Data: Device registrations and push tokens are
retained while active. Stale tokens are automatically cleared when push
delivery fails.
7. Data Security
We implement industry-standard security measures to protect your data:
Passwords are hashed using a one-way cryptographic algorithm and are
never stored in plaintext.
Session and authentication tokens are short-lived; long-lived tokens
are hashed before storage.
All communication between the app and our servers is encrypted in
transit using industry-standard protocols (TLS/HTTPS).
Email verification, password reset, and email change tokens are
single-use and time-limited.
Access to user data is restricted to authorized personnel and
service accounts on a least-privilege basis.
While we strive to protect your information, no method of electronic
transmission or storage is 100% secure. We cannot guarantee absolute
security.
8. Your Rights and Choices
8.1 All Users
Access and Correction: You can view and update your
company, position, base airport, and email address directly within the
app. Your first name, surname, and gender are set during profile
setup and cannot be changed from within the app — contact us if you
need them updated.
Account Deletion: You may request deletion of your
account by contacting us at
info@pilotiq.net.
Upon receiving your request, we will delete your account, remove
your personally identifiable data, and anonymize any remaining
records within 30 days. This includes your profile information,
session data, device registrations, saved places, and notification
history. Reviews and recommendations you submitted may be
anonymized rather than deleted to preserve community data
integrity.
Push Notifications: You can disable push notifications
at any time through your device's system settings.
Content Removal: You can delete your own reviews and
unsave places within the app.
8.2 European Economic Area, UK, and Swiss Residents (GDPR)
Under the General Data Protection Regulation you have the right to:
Request access to your personal data.
Request rectification of inaccurate data.
Request erasure ("right to be forgotten").
Request restriction of processing.
Data portability — receive your data in a structured, machine-readable
format.
Object to processing based on legitimate interests.
Withdraw consent at any time without affecting the lawfulness of
processing based on consent before its withdrawal.
Lodge a complaint with your local data protection authority.
8.3 California Residents (CCPA / CPRA)
If you are a California resident, you have the right to:
Know what personal information we collect and how it is used.
Request deletion of your personal information.
Opt out of the sale or sharing of personal information — we do not sell
or share personal information for cross-context behavioral
advertising.
Non-discrimination for exercising your privacy rights.
8.4 Exercising Your Rights
To exercise any of the rights above, contact us at
info@pilotiq.net.
We may need to verify your identity before fulfilling your request. We
will respond within the timeframes required by applicable law.
9. Push Notifications
We send push notifications for account-related events (approval, rejection),
recommendation outcomes, invitation activity, and administrative broadcasts.
Push notifications require a device-specific push token, which is collected
when you register or log in with a device. You can opt out of push
notifications at any time by adjusting your device settings. Even when push
notifications are disabled, in-app notifications remain accessible in your
notification inbox.
10. Cookies and Tracking Technologies
The App does not use cookies, web beacons, or third-party tracking pixels.
Our web pages (such as email verification, password reset, and this
Privacy Policy) are static HTML pages that do not set cookies or use
analytics scripts. We do not engage in cross-app or cross-site
tracking.
11. Advertising Identifiers and Do Not Track
We do not collect or access the Apple Identifier for
Advertisers (IDFA), Android Advertising ID (AAID), or any other
advertising identifier.
We do not use Apple's App Tracking Transparency (ATT)
framework because we do not track users across apps or websites owned
by other companies.
We do not serve advertisements of any kind within the
Service.
We honor "Do Not Track" (DNT) browser signals. Because we do not
perform any tracking, no change in behavior is necessary when a DNT
signal is detected.
We do not participate in any cross-context behavioral
advertising or interest-based advertising programs.
12. Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making or
profiling that produces legal effects or similarly significant effects
on you. Account approval decisions are made by human reviewers, not
automated systems. Content moderation of recommendations and review
reports is performed by human moderators.
13. Children's Privacy
The Service is not directed to individuals under the age of 16 (or the
applicable age of digital consent in your jurisdiction). We do not
knowingly collect personal information from children under 16. We do
not knowingly collect personal information from children under 13 as
defined by the U.S. Children's Online Privacy Protection Act (COPPA).
If we become aware that we have collected data from a child without
appropriate parental consent, we will take steps to delete that
information promptly. If you are a parent or guardian and believe your
child has provided us with personal data, please contact us at
info@pilotiq.net.
14. International Data Transfers
Our infrastructure providers may host and process data in regions outside
your country of residence. If you access the Service from the EEA, UK,
or Switzerland, your data may be transferred to and processed in
countries that may not provide the same level of data protection. In
such cases, we rely on appropriate safeguards, including standard
contractual clauses approved by the European Commission or equivalent
mechanisms recognized by applicable data protection authorities. By
using the Service, you consent to the transfer of your information to
these countries.
15. Data Breach Notification
In the event of a personal data breach that is likely to result in a
risk to your rights and freedoms, we will notify the relevant
supervisory authority without undue delay and, where feasible, within
72 hours of becoming aware of the breach (as required by GDPR Article
33). Where the breach is likely to result in a high risk to your rights
and freedoms, we will also notify you directly via the email address
associated with your account.
16. Links to Other Websites and Services
The Service may contain links to third-party websites and services,
including app store listings, transportation app links, and map
services. We are not responsible for the privacy practices or content
of those third-party sites. We encourage you to review the privacy
policies of any third-party services you access through the Service.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make
material changes, we will update the "Last updated" date at the top of
this page and, where appropriate, notify you via in-app notification or
email. We encourage you to review this Privacy Policy periodically.
Your continued use of the Service after any changes constitutes
acceptance of the updated policy. If you do not agree with the revised
policy, you must stop using the Service and request account
deletion.
18. Contact Us
If you have questions about this Privacy Policy, wish to exercise your
data rights, or want to submit a complaint, please contact us: