Privacy Policy

1. Introduction and Overview

Welcome to Row1. This Privacy Policy explains how Row1 LLC ("Row1," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the Row1 mobile application ("App") and our website at https://row1.app (collectively, the "Services").

Row1 is a gamified flight tracking application available on iOS and Android that transforms your real-world flights into a competitive gaming experience. You earn XP, collect badges, compete for King of the Route titles, and climb leaderboards based on your actual flying activity.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use our Services.

This Privacy Policy is designed to comply with the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and the privacy requirements of the Apple App Store and Google Play Store.

2. Information We Collect

We collect several categories of information to provide, improve, and personalize our Services. Below is a detailed breakdown of each category.

2.1 Account Information

When you create an account, we collect:

• Email address
• Username
• Display name
• Profile avatar (if you choose to upload one)
• Authentication credentials (securely hashed - we never store plain-text passwords)

2.2 Flight Data

To power the core experience of the App, we collect flight-related information that you provide or that we retrieve on your behalf:

• Flight numbers
• Departure and arrival airports (IATA/ICAO codes)
• Flight dates and times
• Airline and operating carrier
• Aircraft type
• Seat information (class, seat number if provided)
• Flight status information (delays, cancellations, gate changes)
• Imported flight history from CSV files or third-party flight tracking apps

2.3 Usage Data

We automatically collect information about how you interact with the App:

• Features you access and use
• Actions you take within the App (such as adding flights, viewing leaderboards, or sharing cards)
• Time spent on different screens
• Crash reports and error logs
• App version and update history

2.4 Device Information

We collect basic device information for compatibility and troubleshooting purposes:

• Device type and model
• Operating system and version
• Unique device identifiers (for push notification delivery)
• Language and locale settings
• Time zone

2.5 Payment Information

Row1 offers premium subscription plans and in-app purchases. All payment processing is handled entirely by Apple (via the App Store) or Google (via the Google Play Store). We do not collect, process, or store your credit card numbers, bank account details, or other financial payment information. We receive only a transaction confirmation, the plan or item purchased, and the validity period of your subscription.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Flight tracking and logging - To record, organize, and display your flight history within the App.
• Gamification - To calculate XP, assign tiers, track streaks, and determine eligibility for badges and achievements based on your flight activity.
• Leaderboards - To rank users and display competitive standings across global, route-specific, airport-specific, and friend-based leaderboards.
• Badge evaluation - To assess whether your flight history qualifies you for any of the 100+ badges available in the App.
• King of the Route - To determine and update the current King of each route based on flight frequency within rolling time windows.
• Flight verification - To verify that flights logged in the App correspond to actual flights you took, maintaining the integrity of the competitive experience.
• Push notifications - To send you updates about flight status changes, badge unlocks, King of the Route challenges, streak reminders, leaderboard changes, and other relevant alerts (with your permission).
• Account management - To create and maintain your account, authenticate your identity, and provide customer support.
• Service improvement - To understand how users interact with the App, identify bugs, and improve existing features and develop new ones.
• Communication - To respond to your inquiries, send service-related announcements, and provide information about updates or changes to the App.
• Safety and security - To detect and prevent fraud, abuse, and violations of our terms of service, including preventing cheating on leaderboards.

4. How We Share Your Information

4.1 Public Profile Data

Certain information associated with your account is visible to other Row1 users by default as part of the App's social and competitive features:

• Username and display name
• Profile avatar
• Current tier (for example, Passenger, Frequent Flyer, Jet Setter, Globe Trotter, or Aviation Legend)
• Badges earned
• Aggregate flight statistics (such as total flights, airports visited, countries visited, and total distance flown)

Your email address is never publicly visible.

4.2 Leaderboard Data

If you appear on any leaderboard (global, route-specific, airport-specific, or friend-based), your username, tier, and relevant ranking metrics are visible to other users who view that leaderboard.

4.3 King of the Route Status

If you hold King of the Route status on any route, your username and the fact that you hold this title are publicly visible to all users who view that route.

4.4 Service Providers

We work with trusted third-party service providers who help us operate and improve our Services. These providers have access to your information only as necessary to perform their functions and are contractually obligated to protect it:

• Supabase - Database hosting and backend infrastructure.
• Flight data APIs - To retrieve real-time and historical flight information (we share flight numbers and dates, not your personal data).
• Push notification services - Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM) for delivering notifications to your device.
• Analytics providers - To help us understand App usage patterns and improve the user experience.
• Cloud storage providers - For securely storing user-uploaded content such as profile avatars.

4.5 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

• In response to a subpoena, court order, or other lawful government request
• To protect the rights, property, or safety of Row1, our users, or the public
• To enforce our Terms of Service
• To detect, prevent, or address fraud, security, or technical issues

4.6 Business Transfers

If Row1 LLC is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice in the App before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. Specifically:

• Account information - Retained for the duration of your account. If you delete your account, we will delete or anonymize your account information within 30 days, except where we are required by law to retain it.
• Flight data - Retained for the duration of your account. Flight data is a core part of the App experience and is needed to maintain your badges, XP, tier, and leaderboard positions.
• Usage data - Retained in aggregated or anonymized form for analytics purposes for up to 24 months.
• Device information - Retained for the duration of your account for compatibility and support purposes.

After you delete your account, we may retain certain information in anonymized or aggregated form that cannot be used to identify you, for legitimate business purposes such as statistical analysis and service improvement.

6. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Secure authentication mechanisms, including hashed passwords and token-based session management
• Row-Level Security (RLS) policies on our database to ensure users can only access their own data
• Regular security reviews and updates
• Access controls limiting employee access to personal data on a need-to-know basis
• Monitoring for unauthorized access attempts

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections and promptly addressing any security incidents.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information. We respect these rights for all of our users, regardless of location, to the extent practicable:

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you. You can access much of this data directly within the App through your profile and flight history. For a complete data export, contact us at [email protected].

7.2 Right to Delete

You have the right to request deletion of your personal information. You can delete your account directly within the App's settings. Upon deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

7.3 Right to Correct

You have the right to request correction of inaccurate personal information. You can update your profile information (username, display name, email, avatar) directly within the App. For corrections to other data, contact us at [email protected].

7.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Row1 supports CSV export of your flight data, which you can initiate from within the App. For a full data export in a portable format, contact us at [email protected].

7.5 Right to Opt-Out of Data Sharing

You can control certain aspects of data sharing through the App's privacy settings:

• You can adjust the visibility of your profile information
• You can opt out of appearing on public leaderboards
• You can manage your data sharing preferences at any time through the App's settings

7.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, a different quality of service, or a denial of service for exercising your rights. However, certain features that depend on specific data may be limited if you choose not to provide that data.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

8. Children's Privacy

Row1 is not intended for children under the age of 13 (or under the age of 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

If we become aware that we have collected personal information from a child under the applicable minimum age, we will take steps to delete that information as quickly as possible. If you believe that a child under the applicable minimum age has provided us with personal information, please contact us immediately at [email protected].

If you are between the ages of 13 and 18 (or 16 and 18 in the EEA), you may only use Row1 with the consent and supervision of a parent or legal guardian.

9. Push Notifications

With your permission, Row1 may send push notifications to your device. These notifications may include:

• Flight status updates (delays, gate changes, cancellations)
• Badge unlock notifications
• King of the Route challenges and status changes
• Streak reminders to help you maintain your flying streak
• Leaderboard position changes
• New feature announcements and App updates
• Monthly challenge notifications

You can manage your notification preferences within the App's settings, where you can enable or disable specific notification categories. You can also disable all push notifications through your device's operating system settings at any time.

We use Apple Push Notification Service (APNs) for iOS devices and Firebase Cloud Messaging (FCM) for Android devices to deliver notifications. These services require a device token, which is a unique identifier for your device that does not contain personal information.

10. Third-Party Links and Services

Our App and website may contain links to third-party websites, services, or applications that are not operated by us. These may include:

• Airline websites
• Airport information pages
• Social media platforms (when you share content from the App)
• Flight tracking data providers

We are not responsible for the privacy practices of these third-party services. We encourage you to review the privacy policies of any third-party service before providing them with your information. This Privacy Policy applies only to information collected by Row1 through our Services.

When you use the share card feature to post to social media or messaging platforms, only the content of the share card (which contains your username, the relevant flight or badge information, and a link back to Row1) is transmitted to that platform. We do not share your account data with social media platforms.

11. International Data Transfers

Row1 LLC is based in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For users in the European Economic Area (EEA), the United Kingdom, or Switzerland, we ensure that transfers of personal data outside of these regions are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with our service providers that include appropriate data protection obligations
• Where applicable, reliance on adequacy decisions by the European Commission

By using our Services, you acknowledge that your information may be transferred internationally as described in this section.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Effective Date" at the top of this page.
• For material changes, we will notify you through the App (via a prominent in-app notice or push notification) and/or by email before the changes take effect.
• We will provide you with a reasonable opportunity to review the changes before they become effective.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

13.1 Right to Know

You have the right to request that we disclose to you:

• The categories of personal information we have collected about you
• The categories of sources from which the personal information is collected
• The business or commercial purpose for collecting the personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we have collected about you

13.2 Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions under the CCPA.

13.3 Right to Correct

You have the right to request correction of inaccurate personal information that we maintain about you.

13.4 Right to Opt-Out of Sale or Sharing

Row1 does not sell your personal information as defined under the CCPA. We do not share your personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out. However, if our practices change in the future, we will update this policy and provide a clear opt-out mechanism.

13.5 Right to Limit Use of Sensitive Personal Information

To the extent that we collect sensitive personal information (such as precise geolocation), we only use it for purposes permitted under the CCPA, including providing the Services you have requested. You can limit the collection of precise geolocation data by adjusting your device's location permissions.

13.6 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

13.7 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers - Email address, username, display name, device identifiers
• Internet or other electronic network activity information - App usage data, feature interactions, device information
• Commercial information - Subscription plan and purchase history (transaction details processed by Apple/Google)
• Inferences - Verification tier assignments, badge eligibility determinations

13.8 How to Submit a Request

To submit a CCPA request, contact us at [email protected] with the subject line "CCPA Request." You may also submit a request through the App's settings under the Privacy section. We will verify your identity before processing your request and respond within 45 days. You may designate an authorized agent to submit a request on your behalf.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

14.1 Legal Bases for Processing

We process your personal data based on the following legal grounds:

• Contract performance - Processing necessary to provide you with the Services you have requested (for example, maintaining your account, logging flights, calculating XP and badges).
• Consent - Processing based on your explicit consent (for example, sending push notifications). You may withdraw your consent at any time.
• Legitimate interests - Processing necessary for our legitimate business interests, provided these do not override your rights (for example, improving our Services, preventing fraud, and ensuring the security of the App).
• Legal obligations - Processing necessary to comply with applicable laws and regulations.

14.2 Your GDPR Rights

In addition to the rights described in Section 7, you have the following rights under the GDPR:

• Right to restrict processing - You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
• Right to object - You can object to the processing of your personal data when we process it based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
• Right to withdraw consent - Where processing is based on consent, you can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.
• Right to lodge a complaint - You have the right to file a complaint with your local data protection authority if you believe we have violated your data protection rights.

14.3 Data Protection Authorities

If you are in the EEA, you may contact your local supervisory authority. A list of supervisory authorities is available on the European Data Protection Board website. If you are in the United Kingdom, you may contact the Information Commissioner's Office (ICO).

14.4 How to Submit a Request

To exercise your GDPR rights, contact us at [email protected] with the subject line "GDPR Request." We will respond within 30 days of receiving your request. If we need additional time (up to 60 additional days for complex requests), we will inform you of the extension and the reasons for the delay.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: Row1 LLC
• Email: [email protected]
• Website: https://row1.app

We aim to respond to all inquiries within 30 days of receipt.

16. Data Protection Officer

Row1 LLC has designated a Data Protection Officer (DPO) to oversee our compliance with applicable data protection laws and to serve as a point of contact for data protection inquiries.

You may contact our Data Protection Officer at:

• Email: [email protected] (subject line: "Data Protection Officer")

Our Data Protection Officer is responsible for:

• Monitoring compliance with the GDPR, CCPA, and other applicable data protection laws
• Advising on data protection impact assessments
• Serving as the point of contact for data subjects and supervisory authorities
• Overseeing responses to data subject access requests and other privacy-related inquiries