Introduction
Thank you for choosing to be part of our community at MyFlightPath Club (“we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regard to your personal information, please contact us.
We do not sell your personal information. We never sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. This applies to all users, including residents of California (CCPA) and the European Economic Area (GDPR).
When you visit our website (“Site”) and use our services, you trust us with your personal information. We take your privacy very seriously. In this privacy notice, we describe our privacy policy. We seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our site and our services.
This privacy policy applies to all information collected through our website (“Site”).
Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.
This privacy policy was created using Termly’s Privacy Policy Generator.
Table of contents
- What information do we collect?
- How do we use your information?
- Will your information be shared with anyone?
- Do we use cookies and other tracking technologies?
- Is your information transferred internationally?
- What are your privacy rights?
- Do we make updates to this policy?
- How can you contact us about this policy?
What information do we collect?
Personal information you disclose to us
In Short: We collect personal information that you provide to us such as name, nickname, email contact information, passwords and security data.
We collect personal information that you voluntarily provide to us when using our site or otherwise contacting us.
The personal information that we collect depends on the context of your interactions with us and the Site, the choices you make and the products and features you use. The personal information we collect can include the following:
Flight data. The core purpose of this Site is to record your flights. You voluntarily provide flight records including routes (departure and arrival airports), dates, airlines, aircraft types and registrations, seat details, and any personal notes or tags you attach to individual flights. This data is stored in your account and is subject to your privacy settings.
Name and Contact Data. We collect your nickname and email address when you register your account. We collect your name and email when you contact us through a contact us web form.
Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
Email-based flight import (beta)
Beta feature: This feature is not yet available to all users. It is currently accessible to a small number of selected beta testers only.
We offer an optional feature that allows you to forward booking confirmation emails to a dedicated address, from which our system automatically extracts flight details and adds them to your account. If you use this feature, please be aware of the following:
- Emails are received via Zoho Mail, a third-party email provider. By forwarding an email to us you acknowledge that the email will pass through Zoho Mail's servers. See Zoho's privacy policy for details of how they handle email data.
- Email is an inherently open format. Messages may pass through multiple servers between the sender and Zoho Mail, and could in principle be read in transit by any intermediary server, though this risk is significantly reduced when emails are sent over encrypted (TLS) connections.
- Flight details are extracted using a self-hosted AI agent. The AI agent does not retain any email content after processing, and does not send your data to any external AI service.
- Emails are permanently deleted from our systems once processing is complete.
- The email may contain personal information such as your name, travel dates, booking reference, and passenger details. We use this information solely to populate your flight records and do not use it for any other purpose.
API access and calendar export
We provide an API that allows you to programmatically manage your flight data and account. To use the API, you must generate an API key from your account settings. We also provide a personal calendar export link (iCal/ICS format) that allows third-party calendar applications such as Google Calendar to subscribe to and display your flights.
You are solely responsible for keeping your API key and calendar export link secure, and for deciding which applications or third parties you share them with. Both the API key and the calendar link provide access to your personal flight data, including future flights. We have no visibility into, or control over, how third parties use data accessed via these means, and we accept no responsibility for any consequences resulting from sharing them. You may revoke your API key or regenerate your calendar link at any time from your account settings.
Contributions
Registered users may submit suggestions to add or update airlines and airports in our database. Before submitting any contribution, users are required to provide explicit consent confirming that:
- The information submitted is publicly available and not subject to any third-party rights.
- They have no intellectual property or other rights over the submitted data, and grant us full rights to use, edit, publish, or remove it at our discretion.
Accepted contributions may become part of the Site's public dataset and visible to all users. We may edit or reject any submission without notice. Contributions are linked to your account for moderation purposes, but we do not publicly attribute individual submissions to specific users.
Information automatically collected
In Short: Some information – such as IP address and/or browser and device characteristics – is collected automatically when you visit our websites.
We automatically collect certain information when you visit, use or navigate the Site. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site and other technical information. This information is primarily needed to maintain the security and operation of our Site, and for our internal analytics and reporting purposes.
We use Umami, a privacy-focused, open-source analytics tool that we self-host. Umami does not use cookies, does not collect personally identifiable information, does not track users across websites, and does not share data with any third parties. It records anonymised page views and general device information (browser, OS, screen size) solely to help us understand how the Site is used.
We do not collect any information through cookies or similar technologies.
How do we use your information?
In Short: We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.
We use personal information collected via our Site for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests (“Business Purposes”), in order to enter into or perform a contract with you (“Contractual”), with your consent (“Consent”), and/or for compliance with our legal obligations (“Legal Reasons”). We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive:
To facilitate account creation and logon process.
To send administrative information to you. We may use your personal information to send you service and new feature information and/or information about changes to our terms, conditions, and policies.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
In Short: We only share information with your consent, to comply with laws, to protect your rights, or to fulfill business obligations.
We only share and disclose your information in the following situations:
Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
API key and calendar export link holders. If you share your API key or personal calendar export link with a third-party application or service, that party will be able to access your flight data, including future flights. This is entirely at your own discretion. We have no control over how third parties use your data once access has been granted, and we accept no responsibility for any resulting data use. You can revoke your API key or regenerate your calendar link at any time from your account settings.
Email Processing (Zoho Mail). If you use the optional email-based flight import feature (currently in beta), emails you forward to us are received via Zoho Mail. Zoho Mail processes these emails on our behalf solely for delivery purposes. Emails are deleted from our systems after processing. We do not share the content of your emails with any other third party.
Other Users. When you share personal information (for example, by posting comments, contributions or other content to the Site) or otherwise interact with public areas of the Site, such personal information may be viewed by all users and may be publicly distributed outside the Site in perpetuity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Sites, and view your profile.
Private content. The following content is strictly private and is never visible to other users or shared with any third party:
- Flight notes and tags — personal notes and tags you add to individual flight records are visible only to you.
- Trip descriptions — descriptions you add to trips are visible only to you.
- Friends list — your list of friends is visible only to you. You can see your own friends, but no user can see another user's friends list.
- Contribution comments — messages exchanged between you and our administrators as part of the contributions review process are visible only to you and the reviewing administrator.
In Short: We use cookies (small text files stored on your device).
We use cookies to remember your choices (e.g. to remember you between sessions) and to record a session identifier when you sign in. We also use Cloudflare as our content delivery and security provider, which may set its own cookie for security purposes.
| Cookie name | Type | Purpose |
|---|---|---|
session-id |
functional | Stores a session identifier when you sign in to your account. |
remember-me |
functional | Stores an encrypted user identifier to authenticate you between sessions. Only set when you sign in with
stay logged in check box checked. |
cf_clearance |
security | Set by Cloudflare when a security challenge is passed. Used to confirm that the visitor is not a bot. See Cloudflare's privacy policy for details. |
We do not use any tracking cookies or third-party analytics services.
Is your information transferred internationally?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in London, United Kingdom. If you are accessing our Site from outside the United Kingdom, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see “Disclosure of Your Information” above), in the United Kingdom and other countries.
If you are a resident in the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law.
What are your privacy rights?
In Short: You may review, change, or terminate your account at any time.
You may at any time review or change the information in your account or terminate your account by logging into your account settings (requires login) and updating your account, or requesting your account to be deleted (requires login).
Upon your request to terminate your account, we will delete your account and information from our active databases immediately. A copy of your data will be emailed to you at the time of deletion. Your data may remain in backup files for up to 30 days until those backups are automatically purged; backups are never used to restore deleted accounts.
After account deletion, we retain your nickname and a one-way hash of your email address. This is used solely to prevent a different person from re-registering your nickname, which could allow impersonation of your previous account. The hash cannot be reversed to recover your original email address.
Dormant account deletion. To comply with the GDPR principle of storage limitation, we automatically delete accounts that have been inactive for an extended period. Accounts with no flights registered will be deleted after 6 months of inactivity; accounts with flights on record will be deleted after 3 years of inactivity. In both cases, we will send warning emails before deletion. For accounts with no flights, one warning is sent 30 days before deletion. For accounts with flights, warnings are sent at 90, 30, and 7 days before the deletion date. Logging in at any time resets the inactivity clock. Automated deletions follow the same process as user-initiated deletions: a copy of your data is emailed to you at the time of deletion.
Backups. We take daily backups of our database. Backups are stored on our production server and replicated to an encrypted off-site location over a private network connection. Backups are retained for 30 days, after which they are automatically purged. Backups are used solely for disaster recovery purposes and are never used to restore deleted accounts.
Development and testing. When production data is used for debugging or development purposes, email addresses and passwords are replaced with pseudonymised values before the data leaves the production environment. Nicknames and flight data are retained as-is, as they are necessary to identify and reproduce the issue being investigated. Development environments are accessible only to authorised personnel and are not shared with any third party.
Data breaches. We collect only minimal personal data (nickname, email address, and a hashed password). In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Given the limited nature of the personal data we hold, we consider the risk to your rights and freedoms from a breach to be low; however, we will assess each incident individually and notify affected users directly if we determine that a meaningful risk exists.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Site.
Do we make updates to this policy?
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
How can you contact us about this policy?
If you have questions or comments about this policy, please contact us.
Last updated on 20 Apr 2026.