Privacy Policy

1. Data Controller

[Malte Gerhardt]
[Auf den Scheffeln 32]
[44894, Bochum, Deutschland]
Email: [milehighers.app@gmail.com]

2. What Data We Collect

• Email address — used for authentication (Magic Link sign-in). Stored by Supabase Auth.
• Flight booking data — routes, airlines, cabins, dates, and notes you enter. Stored locally on your device and, if you sign in, synced to Supabase.
• No tracking cookies or analytics — we do not use Google Analytics, Facebook Pixel, or similar third-party tracking services.

3. Purpose & Legal Basis

We process your data to provide the MileHighers app (Art. 6(1)(b) GDPR — performance of a contract). Your email is used solely for authentication. Your flight data is stored to provide the core service functionality.

4. Data Processor

Cloud data is stored in Supabase (Supabase Inc., San Francisco, CA). Supabase acts as a data processor under a signed Data Processing Agreement (DPA). Data is hosted in the EU region where configured.

5. Data Retention

Your data is stored for as long as your account exists. You can delete your account and all associated cloud data at any time via Settings → "Delete my account". Local data on your device is managed by your browser.

6. Your Rights

Under GDPR, you have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data (Art. 17) — use the "Delete my account" button or contact us
• Export your data (Art. 20) — use the Export function in the app
• Object to processing (Art. 21)
• Lodge a complaint with a supervisory authority

7. Cookies

MileHighers uses only essential browser storage (localStorage) and a session cookie for authentication. No third-party cookies or tracking technologies are used.