Privacy Policy

Last updated: 1 May 2026

Effective date: 1 May 2026

1. About this policy

This Privacy Policy explains how Flare Simulations ("FLARE", "we", "our", "us") collects, uses, and protects personal data when you use the FLARE Windows desktop application and the website and customer portal at flaresim.io (together, the "Service").

For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss FADP, FLARE is the data controller in respect of personal data we collect through the Service. For purposes of the California Consumer Privacy Act / California Privacy Rights Act (collectively, the "CCPA"), FLARE is the business.

2. Where your flight data lives

The FLARE desktop application captures every touchdown into a local SQLite database under %LOCALAPPDATA%\FLARE on your computer. The local copy is the source of truth and it works offline.

While you are signed in, the desktop app then syncs each landing record (touchdown metrics, aircraft title, airport ICAO, approach time series, scoring, and the weather context observed at touchdown) to your customer portal so the web surfaces — landing history, statistics, achievements, leaderboards, public profile, debrief — can read and display them. The sync is one-way (desktop → server). You can disable landing sync at any time from Portal → Settings → Account; the local database is unaffected.

If you delete a landing on the server, it is also removed from the customer portal and any public surfaces (profile, leaderboards). Your local copy on your computer is independent.

3. What we collect

3.1 Information you give us directly

• Account information: the email address and password you provide when signing up. Passwords are hashed using a one-way algorithm; we cannot recover your plaintext password. Each account is also assigned a permanent 6-character Pilot ID (e.g. K7M2A9) used as a stable system identifier across staff URLs, audit logs, and (optionally) the public profile fallback.
• Profile information: first name and last name (optional), public handle (optional), and your public-profile / leaderboard / show-name toggles, set on the Profile page of the customer portal.
• Support content: the subject, body, and attachments of any support ticket you open, plus any reply you post to one of your tickets.
• Notification preferences: your toggles on the Notifications page of the customer portal.
• Email-address records: additional email addresses you add to your account and their verification status (managed via django-allauth).
• Debrief participation: if you invite another pilot to a debrief or accept an invitation, we store the session pairing, the thread of messages exchanged, and any per-landing notes left during the debrief.

3.2 Information collected automatically

• Synced landing records: while you are signed in to the desktop app, each landing it captures is uploaded to your customer portal. A landing record contains touchdown metrics (vertical speed, G-force, pitch, bank, sideslip, speed, heading, latitude/longitude), aircraft title, airport ICAO, runway number, wind, an approach time series of up to a few thousand sample points, the resulting scores and grade, and the weather context observed at touchdown. We use this data only to render your own landing history, statistics, and achievements; to power the (opt-in) public profile and leaderboards if you turn them on; and to share with a debrief reviewer if you invite one.
• License-activation telemetry: when you activate FLARE on a device, our license server records a non-reversible hardware fingerprint (the "Device ID") plus the device label you choose, the IP address from which the activation request originated, the application version, and the timestamp. This is necessary to enforce the per-license seat limit and to allow you to deactivate a device from your portal.
• Sign-in activity: the customer portal records the IP address, user-agent string, timestamp, and outcome of each successful and failed sign-in to your account, so you can inspect your sign-in history on the Security and Sessions pages.
• Session data: a server-side session record is created on sign-in (Django's default session framework) and deleted when you log out or when it expires. The session cookie itself contains only an opaque session identifier.
• Download log: when you click a download link in the customer portal, we log a row recording the version, IP, user-agent, and whether the download was permitted (i.e. whether you held an active license).
• License-event + system audit log: we maintain an append-only log of license-lifecycle events affecting your account (issuance, activation, validation, deactivation, regeneration, transfer, revocation, refund) and of staff actions taken against your account (impersonation, password reset, email verification override, etc.). Each entry records the event type, timestamp, IP, user-agent, and any actor information. This is necessary for security, dispute resolution, and customer support.
• Email-delivery log: for every email we send to your address, we record a delivery row with the template, subject, send timestamp, and delivery status returned by our email provider. This lets us answer "did this email actually go out?" during support and prevents silent delivery failures.
• First-party visitor analytics: on the public marketing site (flaresim.io) we use a self-hosted, first-party visitor cookie (flare_vid) and a server-side rollup to count unique visitors, page views, and acquisition channels. We do not load any third-party analytics product and we do not fingerprint browsers. See Section 11 and the dedicated Cookies & tracking page for details.
• Server logs: our hosting provider keeps short-lived web-server access logs (request path, status, IP, user-agent) for security and operational purposes. These are retained for the period stated in Section 8.
• Cookies: see Section 11.

3.3 Information from third parties

• From Paddle (our merchant of record): for each purchase we receive the order ID, customer ID, the email used at checkout, the total charged (in cents), the order test-mode flag, and a reference to the product variant purchased. Paddle delivers this via a signed webhook. We do not receive your full payment-card number, CVV, or expiry — those are handled exclusively by Paddle and its payment processors.

4. What we deliberately do not collect

• Your payment-card details — these are handled exclusively by Paddle and never reach us.
• Third-party analytics or advertising cookies, browser fingerprints (canvas, WebGL, font lists, screen dimensions beyond a coarse device class), or cross-site tracking identifiers. We do not load a third-party analytics product on the marketing site or portal.
• Behavioural-advertising attribution. We do not sell or share data for cross-context advertising.
• Microphone, camera, location, or other operating-system permissions. The desktop app communicates only with Microsoft Flight Simulator's SimConnect API and our own license / sync endpoints.
• Form contents, POST bodies, or anything you type beyond what you submit. Server-log retention captures only request metadata (path, status, IP, user-agent).

5. How we use your information

6. Who we share your information with (sub-processors and recipients)

We share personal data only with the third parties listed below, only for the purposes stated, and only under written agreements that bind them to confidentiality and data-protection obligations equivalent to ours.

• Paddle.com Market Ltd. — payment processing and merchant-of-record services. Paddle is the controller for the payment transaction itself. Their privacy policy.
• Resend (Resend.com Inc.) — transactional and notification email delivery. They process your email address and the body of any email we send you.
• Hetzner Online GmbH — application hosting and database services (data centre in Helsinki, Finland).
• Cloudflare, Inc. — DNS, CDN, DDoS protection, and R2 object storage for support-ticket attachments and installer downloads.
• Sentry (Functional Software, Inc.) — error reporting on backend exceptions, used to keep the service running. Sentry events strip PII and bodies before transmission; we send only stack traces, request paths, and a hashed user identifier.
• Professional advisers (lawyers, accountants, auditors), where strictly necessary for legal or compliance purposes.
• Public authorities, where required by law (e.g. valid court order, subpoena, or regulatory request).
• An acquirer or successor in the event of a merger, acquisition, reorganisation, or sale of all or substantially all of our assets — in which case we will provide notice and any affected user will retain the rights described in this policy.

We do not sell your personal data, and we do not "share" it for cross-context behavioural advertising as those terms are defined under the CCPA.

7. International data transfers

Our hosting and our sub-processors may store and process personal data in countries outside your country of residence, including the United States. Where personal data of EU/UK/Swiss residents is transferred outside the EU/UK/Switzerland, the transfer is protected by an appropriate safeguard — typically the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) — concluded with each sub-processor.

You may request a copy of the safeguards in place for any specific transfer by emailing privacy@flaresim.io.

8. How long we retain your data

• Account records: for as long as your account is active. If you delete your account, we erase your account record and detach licenses you owned (so the licenses themselves remain valid for record-keeping purposes); see Section 10.
• License records, license events, and order records: retained for 7 years from issuance (or such longer period as required by tax / accounting law) for legal-compliance and dispute-resolution purposes.
• Sign-in activity, session records, download log: 12 months.
• Server access logs: 30 days.
• Support tickets: retained for 3 years from last activity, then deleted on request or auto-purged.
• Email-delivery logs (at provider): per the email-provider's own retention schedule, typically 30–90 days.
• Backups: production database backups are encrypted and retained for up to 30 days; deletion requests are honoured on the live system immediately and propagate to backups within that window.

9. How we protect your data

• All connections to the Service are encrypted in transit (TLS 1.2 or higher).
• Passwords are hashed using PBKDF2-SHA256 (Django's default hasher) with a per-user salt. Plaintext passwords are never stored.
• License keys are random per-license identifiers stored in our database. The activation token your desktop application uses to validate its license is signed with our server's Ed25519 private key and verified by the desktop app against the embedded public key.
• Two-factor authentication (TOTP, with one-time recovery codes) is available for every account on the Security page of the customer portal. We strongly recommend enabling it.
• Production databases are hosted by our cloud provider and encrypted at rest; backups are encrypted.
• Access to production systems is restricted to a small number of authorised personnel using individual credentials and 2FA.
• We log security-relevant events and review the audit trails periodically.

No system is perfectly secure. If we become aware of a personal-data breach affecting you, we will notify you and the relevant supervisory authority where required by law.

10. Your rights

Subject to applicable law, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure ("right to be forgotten") — delete your account and associated personal data, subject to retention obligations in Section 8.
• Restriction of processing — ask us to limit how we use your data.
• Objection — object to processing based on our legitimate interests, including direct marketing.
• Portability — receive your data in a structured, machine-readable format and transmit it to another controller.
• Withdraw consent — where processing is based on consent, withdraw it at any time (without affecting prior processing).
• Lodge a complaint with a supervisory authority — for EU/EEA residents, the data-protection authority of your habitual residence; for UK residents, the Information Commissioner's Office (ico.org.uk); for Swiss residents, the FDPIC.

California residents (CCPA / CPRA): in addition to the rights above, you have the right to know what personal information we have collected, the right to delete personal information, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information (we do not sell or share). You may also designate an authorised agent. We will not discriminate against you for exercising any of these rights.

Most rights can be exercised directly from the customer portal: profile edits on the Profile page, password changes on Security, email management on Email, account deletion on Account. For requests we cannot self-serve, email privacy@flaresim.io. We will respond within one calendar month (extendable by two further months for complex requests, with notice). We may need to verify your identity before acting on your request.

11. Cookies and similar technologies

We use first-party cookies only — no third-party trackers are loaded anywhere on the Service. The full list and detailed descriptions live on our dedicated Cookies & tracking page. In summary:

• Strictly necessary (always on): sessionid (sign-in session), csrftoken (CSRF protection), flare_consent (your cookie-consent choices).
• Analytics (opt-in via the consent panel; honours your browser's "Do Not Track" header): flare_vid — anonymous first-party visitor ID for visitor counts on the marketing site. Self-hosted; no third-party analytics product is loaded.

You can review or change your choices at any time from the cookie-settings panel linked at the bottom of every page.

12. Marketing communications

We will only send marketing or product-update emails to you if you have opted in. You can opt in or out at any time on the Notifications page of the customer portal, or by clicking "unsubscribe" in any marketing email. Transactional and security emails (receipts, license-event notifications, password-reset emails, security alerts) are sent regardless of marketing preferences because they are necessary to operate the Service.

13. Children's privacy

The Service is not directed at children under 16 (or the equivalent age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact privacy@flaresim.io and we will delete the information.

14. Automated decision-making and profiling

We do not engage in automated decision-making producing legal or similarly significant effects on you, and we do not profile users for behavioural advertising.

15. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the date of the most recent revision. If we make material changes (such as adding a new sub-processor, materially expanding the categories collected, or changing our retention periods) we will notify you by email at least 30 days before the change takes effect. Your continued use of the Service after a change becomes effective constitutes acceptance of the updated policy.

16. How to contact us

For privacy-related questions or to exercise any of the rights described above:

• Email: privacy@flaresim.io
• General support: support@flaresim.io