Flight Metrics

Privacy Policy — Flight Metrics

Last updated: 1 June 2026

This Privacy Policy explains how Flight Metrics (the “App”) handles your data, what limited technical information our third-party service providers process on our behalf, and your rights under the EU GDPR, the Swiss revised Federal Act on Data Protection (revFADP/nFADP), and other applicable laws.

Data controller: Joanna Bednarczyk (independent developer based in Switzerland), operating under the trade name “Studio Volt”. Contact: privacy@studiovolt.dev.

1. Data That Stays on Your Device

Flight Metrics records flight data (GPS location, speed, heading, altitude, barometric pressure, G-force) using your device's built-in sensors. All recorded data is stored locally in an on-device SQLite database. We do not operate any servers that receive your flight data. There are no user accounts, no logins, and no cloud sync.

2. Data Processed by Third-Party Service Providers

The App relies on three third-party processors to function. Each receives only the minimum technical data described below, under a Data Processing Agreement (DPA) compliant with GDPR Art. 28. None of these providers receives your GPS coordinates, flight routes, name, or email address.

2.1 Crash & Error Reports — Sentry GmbH (Germany, EU)

When the App crashes or encounters an error, the following is sent to Sentry's EU-hosted infrastructure:

• Stack trace and error message
• Device model, iOS/Android version, App version
• Anonymous Sentry install identifier (UUID per install)
• Your IP address (logged by Sentry's servers — retained up to 30 days)
• Anonymous diagnostic breadcrumbs (e.g. which screen was open)

Purpose: detect and fix bugs.
Legal basis: legitimate interest (GDPR Art. 6(1)(f)).
Data location: EU (Sentry GmbH, Germany — de.sentry.io).
Provider: Sentry GmbH — DPA · Privacy Policy

2.2 Subscription Management — RevenueCat, Inc. (USA)

When you purchase, restore, or query a subscription, the following is sent to RevenueCat:

• Anonymous App User ID (UUID per install — we never link it to your real identity)
• Apple App Store receipt for the purchase
• Device model, iOS/Android version, App version
• Your IP address
• Subscription/entitlement state, purchase and restore events

Purpose: validate subscriptions, prevent fraud, enable “Restore Purchases” across reinstalls.
Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
Data location: USA. International transfer relies on the European Commission's Standard Contractual Clauses (SCCs) — Module 2 (Controller-to-Processor) for EU/EEA transfers, the UK International Data Transfer Addendum for UK transfers, and the Swiss-amended SCCs for Swiss transfers, in each case as set out in RevenueCat's Data Processing Agreement. Additional safeguards include encryption in transit (TLS), encryption at rest, and role-based access controls per RevenueCat's DPA security annex.
Provider: RevenueCat, Inc. — DPA · Privacy Policy

2.3 Map Tiles — Mapbox, Inc. (USA)

When you view the map screen, your device requests map tiles from Mapbox. Each request transmits:

• Your IP address (used by Mapbox to deliver tiles and prevent abuse)
• Device model, OS version, App version
• Anonymous Mapbox SDK telemetry (e.g. tile load performance) — you can disable this in Settings → About → Mapbox Telemetry

Purpose: display maps for visualising flight routes.
Legal basis: legitimate interest (GDPR Art. 6(1)(f)).
Data location: USA. Transfer under the EU-US Data Privacy Framework — Mapbox is self-certified (participant/5640) — with Standard Contractual Clauses as a contractual fallback.
Provider: Mapbox, Inc. — DPA · Privacy Policy · Telemetry

2.4 Payment Processing — Apple Inc.

All subscription purchases are processed by Apple via the App Store. We never receive your credit card number, billing address, or full Apple ID. Apple's handling of payment data is governed by Apple's privacy policy.

3. What We Do Not Do

• We do not use advertising SDKs.
• We do not use behavioural analytics or marketing trackers (no Google Analytics, no Facebook Pixel, no AppsFlyer, no Adjust, no Amplitude, no Mixpanel).
• We do not sell, rent, or share your data with data brokers.
• We do not track you across other apps or websites (no IDFA/ATT tracking).
• We do not link the anonymous identifiers used by Sentry, RevenueCat, or Mapbox to your real-world identity.

4. Data Retention

• Flight recordings & App settings: stored on your device until you delete them in the App or uninstall it.
• Sentry crash data: up to 30 days (Sentry Developer plan retention).
• RevenueCat subscription data: for the lifetime of the subscription plus the period required by tax and accounting law.
• Mapbox tile request logs: controlled by Mapbox under their privacy policy.

5. Your Rights (GDPR / revFADP)

You have the right to:

• Access the personal data we (or our processors) hold about you
• Rectification of inaccurate data
• Erasure (“right to be forgotten”)
• Restriction of processing
• Object to processing based on legitimate interest
• Data portability
• Withdraw consent at any time (where based on consent)
• Lodge a complaint with your supervisory authority: Switzerland — FDPIC; Poland — UODO; Germany — BfDI; France — CNIL; other EU/EEA — your national DPA.

To exercise any right, email privacy@studiovolt.dev. We will respond within 30 days. Because flight recordings live only on your device, the most effective way to delete them is to remove them in the App or uninstall the App.

6. International Data Transfers

When using RevenueCat or Mapbox, your data is transferred to the United States. These transfers are protected as follows:

• Mapbox, Inc. — self-certified under the EU-US Data Privacy Framework (and its UK Extension and Swiss-US Data Privacy Framework). Participant record: dataprivacyframework.gov/participant/5640. The European Commission's Standard Contractual Clauses (SCCs) apply as a contractual fallback under the Mapbox Customer DPA.
• RevenueCat, Inc. — relies on the European Commission's Standard Contractual Clauses (SCCs): Module 2 (Controller-to-Processor) for EU/EEA transfers, the UK International Data Transfer Addendum for UK transfers, and the Swiss-amended SCCs for Swiss transfers, as set out in RevenueCat's DPA. RevenueCat is not self-certified under the EU-US Data Privacy Framework.

Sentry data is processed in the EU (Germany — de.sentry.io) under the EU GDPR and does not leave the EU/EEA in the ordinary course of processing. Sentry's US affiliate (Functional Software, Inc.) is self-certified under the EU-US Data Privacy Framework as an additional safeguard for any incidental US-side access (participant record: dataprivacyframework.gov/participant/5869).

7. Children

Flight Metrics is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has used the App, contact privacy@studiovolt.dev.

8. Security

Flight data is stored locally on your device, protected by your operating system's security (encrypted at rest on iOS). Communications with Sentry, RevenueCat, Mapbox, and Apple are encrypted in transit using TLS.

9. Sub-processors

Each of our three processors engages sub-processors (cloud hosting, CDN, customer support). Current lists: Sentry · RevenueCat · Mapbox.

10. Changes

We may update this Privacy Policy to reflect changes in our processors, applicable law, or App functionality. The “Last updated” date at the top will reflect the most recent revision. Material changes will be announced in the App's release notes.

11. Contact

Email: privacy@studiovolt.dev · contact@studiovolt.dev
Website: studiovolt.dev

These terms may be assigned to Studio Volt GmbH or Studio Volt SA once incorporated, with full continuity of obligations toward you.