Your privacy is important to Alon Dawe, trading as SkyTribe ("SkyTribe," "we," "us," "our"), and the SkyTribe services and products. We developed this Privacy Policy to provide you with information on how we process your personal data when you use the SkyTribe mobile application and related services. SkyTribe is operated by Alon Dawe, an individual based in the Republic of Namibia. References to "SkyTribe" in this Policy include any successor entity to which the business may be transferred.
"Personal data" is information relating to an identified or identifiable natural person.
Important — content anonymisation on account deletion: By creating an account, you acknowledge that if you later delete your account, any published content (strip reports, report images, comments, and rogers) will be anonymised rather than permanently deleted. Your name will be replaced with "Former Member," your profile photo will be removed, and the anonymised content will be retained as part of SkyTribe's community aviation database. You may delete individual content items at any time before deleting your account. See our Account Deletion Policy for full details.
Personal data that is processed when you create an account:
When you create a SkyTribe account, we ask you to provide your email address, first and last name, password, date of birth, and country. Date of birth is required to verify that you meet the minimum age of 16 years, reflecting the minimum solo flight age under most aviation authorities (FAA, EASA, NCAA of Namibia). Country is stored as an ISO code to help us understand the geographic distribution of our user base.
You may also optionally provide a gender (male / female / prefer not to say) and a profile photo (JPEG, max 5 MB, stored as full resolution and thumbnail).
Purposes and legal grounds:
(a) SkyTribe processes your email address and password because you use your email address and password to sign in to your account. The legal ground for processing your email address and password for this purpose is based on our legitimate interest in protecting the security of your account.
(b) SkyTribe also processes your email address for the purpose of sending you important information about your SkyTribe account, such as security alerts, policy updates, or material changes to this Privacy Policy. The name you provide is associated with your account profile and is displayed when you submit strip reports, comments, or other content on the App. The legal ground for processing your email address and name for these purposes is SkyTribe's legitimate interest in providing you important information about your account and in providing you an opportunity to engage with other users.
(c) SkyTribe processes your date of birth to verify you meet the minimum age requirement of 16 years. In jurisdictions where the age of majority is 18 (including Namibia, South Africa, and India), users aged 16–17 require parental or guardian consent. The legal ground for this processing is legal obligation under the Namibia Data Protection Bill (Section 6), GDPR (Article 8), and equivalent laws.
(d) SkyTribe processes your country to understand the geographic distribution of our user base and to tailor regional compliance. The legal ground for this processing is our legitimate interest in operating an international service.
(e) SkyTribe also processes your email address to associate it with your account when you interact with our support team. The legal ground for this processing is our legitimate interest in providing quality customer support.
(f) SkyTribe may also process your email address to notify you when you have violated our terms. The legal ground for this processing is our legitimate interest in ensuring a quality experience for all users and ensuring adherence to our terms.
Additional personal data that is processed if you choose to provide it:
If you wish, you can add a gender and profile photo to your profile.
Purpose and legal ground:
If you choose to provide it, your gender and profile photo are displayed on your profile and visible to other users when viewing your profile or your content. The legal ground for this processing is your consent, which you may withdraw at any time by removing the information from your profile.
Personal data that is processed when you submit strip reports and other content:
When you submit strip reports (runway condition ratings on a 0–5 scale, text remarks up to 1,000 characters, and up to 5 photos per report), comments, or rogers (acknowledgements) within the App, your name and profile photo will be used to identify you as the author. A link to your profile is provided. When you follow airports or other users, your follow list is stored to deliver relevant notifications. Your contributions (strip reports, airport information edits, comments, rogers, airports created, and closures reported) are counted and may appear on public leaderboards ranked by contribution type for monthly and all-time periods. A snapshot of your country is stored with each leaderboard entry.
Purpose and legal ground:
We use this information to operate the core service — hosting and displaying community-generated runway condition observations. The legal ground for processing this information for this purpose is performance of a contract. You may delete your content at any time by removing individual reports, comments, or rogers. Upon account deletion, published content (strip reports, report images, comments, and rogers) is anonymised rather than deleted: your name is replaced with "Former Member," your profile photo is removed, and the content is retained as part of SkyTribe's community aviation database. Your internal user ID is kept server-side solely to distinguish contributions from different former members. After anonymisation, this content no longer constitutes personal data. See our Account Deletion Policy for full details.
Personal data that is processed when you flag content (squawks):
When you flag content (a "squawk"), we collect the type of content flagged (strip report, comment, or airport edit), the reason category you select (offensive content, spam or fraud, intellectual property, inappropriate content, or other), any optional details you provide (up to 500 characters), and your user ID as the reporter. Each user may submit one squawk per content item.
Purpose and legal ground:
We use this information to review and moderate content, enforce our Community Guidelines, and maintain the safety and quality of the platform. The legal ground for this processing is our legitimate interest in providing a safe and trustworthy service.
Personal data that is processed when you communicate with SkyTribe:
When you interact with our support team via email, we collect personal data such as your name, email address, and information about the issue you are experiencing. We may capture information relating to the support issue, such as notes or screenshots.
Purpose and legal ground:
We use this information to provide you with customer support and to monitor the quality of support we provide. The legal ground for processing this information for these purposes is SkyTribe's legitimate interest in providing quality support.
Personal data that is processed when you use the App:
When you use the App, we automatically collect certain technical data: Firebase Authentication UID and session tokens (JWT), push notification device tokens (FCM, up to 10 per user, auto-cleaned when stale after 60 days of inactivity), a last active timestamp updated each time you open the App, a last seen timestamp updated on each device registration, and device metadata (platform — iOS, Android, or web — OS version, app version, device model, and a randomly generated device identifier used solely for session management — this is not an advertising identifier).
Purposes and legal grounds:
(a) Authentication data and session tokens are processed to secure your account and verify your identity on each request. The legal ground for this processing is performance of a contract.
(b) Push notification tokens are processed to deliver notifications you have opted into. Notifications are sent for rogers on your reports, comments on your reports, replies in comment threads you participated in, new reports at airports you follow, report requests at airports near you, and airport information updates. Persisted notifications are automatically deleted after 90 days. Notifications contain only titles, body text, and reference IDs (airport ID, report ID, notification type) — no sensitive personal data is included. The legal ground for this processing is your consent via the OS permission prompt. You may withdraw consent at any time via device settings or in-app toggles.
(c) The last active timestamp and device metadata are processed to maintain the service and manage your sessions. The legal ground for this processing is our legitimate interest in providing a reliable service.
Personal data that is processed when you choose to share your location:
Location sharing is optional, must be opt-in via the device OS permission prompt, and can be disabled at any time in device settings. When enabled, your device location is used to surface nearby airports and tailor content to your region. Your location is stored as a user preference and is not shared with other users.
SkyTribe does not maintain or operate any public map that displays user locations. Location data is used solely within the App to personalise your experience.
Purpose and legal ground:
This information is processed to facilitate showing relevant airports near you. The legal ground for processing this information for this purpose is your consent, which you may withdraw at any time by disabling location permissions in your device settings. The App functions fully without location access.
Other users:
Your profile information, such as name, profile photo, and country, will be visible to other users when viewing your profile or your content. Strip reports, comments, and rogers you create are visible to all authenticated users. Your gender is only visible if you choose to provide it. Your location is never shared with other users.
Service providers:
SkyTribe uses cloud services from the following third-party service providers to operate the App:
Google LLC / Firebase — Authentication, database (Cloud Firestore), file storage (Cloud Storage), backend functions (Cloud Functions), push notifications (Firebase Cloud Messaging), and analytics (Firebase Analytics). Core application data (profiles, reports, photos) is stored in africa-south1 (Johannesburg, South Africa). Firebase Authentication, Cloud Messaging, and Analytics operate on Google's global infrastructure. Google acts as a data processor under their Data Processing Terms. Privacy Policy.
Functional Software Inc. / Sentry — Error monitoring, crash reporting, and performance monitoring. Sentry receives error traces, API breadcrumbs (HTTP method, path, status code), navigation events, device information, and app version. Your user ID and email are sent to Sentry only via explicit configuration to help diagnose issues tied to specific accounts. Default PII collection is disabled. Sentry data is ingested in the EU (Frankfurt, Germany). The production trace sample rate is 20%. Sentry acts as a data processor under their DPA. Privacy Policy.
650 Industries Inc. / Expo (EAS) — Build infrastructure and over-the-air update delivery. Receives app binaries at build time and device type for update targeting. No user content, personal data, or runtime data is transmitted. Privacy Policy.
Apple Inc. and Google LLC (App Distribution) — The App is distributed through the Apple App Store and Google Play Store. Push notifications are relayed through Apple Push Notification service (APNs) for iOS and Firebase Cloud Messaging (FCM) for Android. Apple Privacy. Google Privacy.
Google LLC / Google Maps Platform — The App uses the Google Maps SDK to display airport and airstrip locations on an interactive map. Google Maps receives your device's viewport coordinates to render map tiles. Your precise location is shared with Google Maps only if you have granted location permission. Google's standard Terms of Service and Privacy Policy apply.
External aviation data sources:
SkyTribe supplements community-generated content with publicly available aviation data to provide comprehensive airport and runway information:
OurAirports (ourairports.com) — We periodically import publicly available airport, runway, frequency, and regional data from OurAirports CSV exports. This data does not contain personal information. OurAirports Data.
OpenStreetMap / Overpass API — We query OpenStreetMap's Overpass API for supplementary aerodrome and runway geographic data. No personal data is transmitted in these queries. OpenStreetMap Privacy Policy.
These external data sources provide reference information only and do not involve the processing of your personal data.
We do not share your data with any other third parties. We do not sell personal data or use it for advertising.
Other disclosures:
We may disclose personal data about you to others: (a) if we have your valid consent to do so; (b) to comply with legal obligations, such as a valid court order or other legal process; (c) to enforce any of our terms and conditions or policies; or (d) as necessary to pursue available legal remedies or defend legal claims.
We may also transfer your personal data to an affiliate, a subsidiary, or a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of SkyTribe's business, assets, or stock, including, without limitation, in connection with any bankruptcy or similar proceeding, provided that any such entity that we transfer personal data to will not be permitted to process your personal data other than as described in this Privacy Policy without providing you notice and, if required by applicable laws, obtaining your consent.
Alon Dawe (trading as SkyTribe) is registered in Namibia. Your personal data is primarily stored on servers in Johannesburg, South Africa (Google Cloud africa-south1), with error monitoring data in Frankfurt, Germany (Sentry EU). Some data is processed on Google's global infrastructure (authentication and analytics).
Cross-border transfers are protected by EU Standard Contractual Clauses (SCCs) in place with Google and Sentry. These safeguards satisfy the transfer requirements of the Namibia Data Protection Bill (Section 24), GDPR (Chapter V), POPIA (Section 72), and other applicable frameworks.
We use Sentry to analyse and monitor performance of the App and detect and diagnose errors and issues with response times. To provide these services, Sentry receives error traces, API breadcrumbs, navigation events, device information, and app version. The legal ground for processing this information is our legitimate interest in ensuring the App is functioning as intended and in a secure manner.
We collect data from users about their usage of the App via Firebase Analytics. The types of analytical information that are collected include login events, sign-up events, report creation, profile photo uploads, roger and unroger actions, notification interactions (received, tapped from foreground, background, or killed state), and screen views. SkyTribe uses this data to improve the quality and functionality of the App and to help identify and fix stability issues and other usability problems as quickly as possible.
The legal ground for processing this analytical information is our legitimate interest in understanding how our users interact with the App so we can enhance user experience and functionality.
SkyTribe does not access, collect, or use the Apple Advertising Identifier (IDFA), Google Advertising ID (GAID), or any other device advertising identifier. We do not serve advertisements and do not share data with advertising networks or data brokers. The App's App Store and Google Play privacy declarations reflect this.
We maintain accurate privacy nutrition labels (App Store) and Data Safety declarations (Google Play) that reflect the data practices described in this Privacy Policy. The categories disclosed include: contact information (email, name), identifiers (user ID), usage data (analytics events), diagnostics (crash logs via Sentry), and photos (strip report images). No data is collected for tracking purposes.
In the event of a data breach involving your personal data, we will notify the relevant supervisory authorities within 72 hours of becoming aware of the breach where required by applicable law (including the Namibia Data Protection Bill s. 22–23, GDPR Article 33, and POPIA s. 22). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay via email and/or in-app notification, describing the nature of the breach, the data affected, the measures taken, and steps you can take to protect yourself.
We may update this Privacy Policy from time to time as we improve the App and as technologies and laws change. Any changes will become effective upon our posting of the revised Privacy Policy.
We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. This notice will be provided by in-app notification, email, or both. Material changes receive at least 30 days' notice.
We will retain your personal data as long as your account is considered to be active. Account and profile data are kept until you delete your account. Strip reports, comments, rogers, and photos are kept until you delete them individually or delete your account. Push notification tokens are auto-removed when stale and cleared immediately on logout. Sentry error data is retained for 90 days. Firebase Analytics data is retained per Google's standard retention settings.
When you delete your account, we remove your personal data (profile information, email, authentication credentials, and similar identifying data) within a reasonable timeframe, except where retention is required by law. Published content — strip reports, report images, comments, and rogers — is anonymised rather than deleted. Your name is replaced with "Former Member," your profile photo is removed from all published content, and the anonymised content is retained as part of SkyTribe's community aviation database. Your internal user ID is retained server-side solely to distinguish contributions from different former members and is not publicly visible. Once anonymised, this content is no longer personal data and falls outside the scope of data protection regulations. See our Account Deletion Policy for full details, and see below under "Your rights" for a description of your right of erasure.
We protect your data with encryption in transit (HTTPS/TLS), Firebase Security Rules (all direct client database access is denied — data is accessed only through authenticated backend APIs), server-verified JWT authentication with token revocation checks, rate limiting (5 requests per second and 60 requests per minute per IP), strict input validation with whitelist enforcement (unknown fields are rejected), security headers via Helmet middleware, and CORS restrictions (browser origins disabled; native mobile clients only). Firebase Authentication handles credential management with industry-standard hashing — we do not store passwords in plaintext.
SkyTribe does not make any decisions based on algorithms or other automated processing that significantly affect you.
SkyTribe requires users to be at least 16 years old, reflecting the minimum solo flight age under most aviation authorities (FAA, EASA, NCAA of Namibia). We do not knowingly collect personal data from anyone under 16. If we become aware that a user is under 16, we will promptly delete their account and all associated data.
In jurisdictions where the age of majority is 18 (including Namibia under the Data Protection Bill Section 6, South Africa, and India), users aged 16–17 require parental or guardian consent. By creating an account, you represent that you have obtained any required consent. Parents or guardians may contact [PRIVACY EMAIL] to request access to, correction of, or deletion of their child's personal data, or to withdraw consent (resulting in account deletion).
If you believe anyone under 16 has created a SkyTribe account, please contact us immediately at [PRIVACY EMAIL].
Alon Dawe (trading as SkyTribe), based in the Republic of Namibia, is the data controller for your personal data. When the SkyTribe business is transferred to a formally registered entity, that entity will assume the role of data controller, and this Privacy Policy will be updated accordingly. You will be notified of any such change. The Privacy Contact can be reached at [PRIVACY EMAIL].
You have the right, subject to the conditions set out in the Namibia Data Protection Bill, the General Data Protection Regulation ("GDPR"), or other applicable law, to request from SkyTribe access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, the right to object to processing of your personal data, and the right to lodge a complaint with a supervisory authority.
To request access to or rectification, portability, or erasure of your personal data, please contact [PRIVACY EMAIL]. To delete your account, you may use the "Delete Account" option in the App's account settings or contact [PRIVACY EMAIL]. We respond within 30 days (or sooner if your local law requires it). Please note that upon account deletion, published content (strip reports, report images, comments, and rogers) is anonymised rather than deleted. Because anonymised data is no longer personal data, it falls outside the scope of the right to erasure. You may delete individual content items at any time before deleting your account.
Notice for Namibia residents: SkyTribe's primary data protection framework is the Namibia Data Protection Bill. The Bill grants additional rights including the right to seek assistance from the Data Protection Supervisory Authority of Namibia (once established), the right to mandate a non-profit body to lodge complaints on your behalf, and the right to compensation for material or non-material damage from an infringement (Bill s. 12–14). We will notify the Supervisory Authority within 72 hours of a qualifying data breach (Bill s. 22–23) and affected users without undue delay where high risk exists.
Notice for EU/EEA/UK residents: You also have the right to data portability and to lodge a complaint with your local supervisory authority. Given our current small scale, we have not appointed a DPO or EU/UK representative — our processing is occasional and does not involve large-scale monitoring (Art. 27(2) exemption applies).
Notice for South Africa residents: You may lodge complaints with the Information Regulator. Our core data is stored in Johannesburg (africa-south1).
Notice for United States residents: We do not sell personal information or share it for cross-context behavioural advertising. We honour Global Privacy Control (GPC) signals. California (CCPA/CPRA), Virginia, Colorado, Connecticut, and other state privacy laws are respected.
Other jurisdictions: We comply with applicable data protection laws wherever our users are located, including Brazil (LGPD), Canada (PIPEDA), Japan (APPI), South Korea (PIPA), and others. Contact [PRIVACY EMAIL] for jurisdiction-specific information.
Alon Dawe (trading as SkyTribe) [REGISTERED ADDRESS, NAMIBIA] [PRIVACY EMAIL]