מדיניות פרטיות

1. מי אנחנו

The data controller is the independent operator of aycf.app, under United Kingdom jurisdiction. We are not a registered company. For all data-protection matters, including subject-access requests, erasure requests, and complaints, contact [email protected]. We respond within 30 days as required by Article 12(3).

2. אילו נתונים אנחנו אוספים

We process the minimum personal data required to run the service. Specifically:

• Account data: your email address (required to sign up). If you sign in with Google, we also receive the name and avatar URL you have set on your Google account.
• Authentication state: an Argon2id hash of your password if you signed up with email and password; encrypted Google OAuth tokens if you signed in with Google; opaque session tokens (random, hashed at rest, never reusable across sessions).
• Technical data: IP address, user-agent string, and timestamps of requests, used for rate limiting, abuse prevention, and audit logs.
• Approval workflow data: while aycf.app is in private build we record whether your account is pending, approved, or rejected, and which admin took that action.
• Search logs (anonymous and signed-in): when you submit a search we record the search terms (origin city, destination city), the result count, your IP address, your user-agent, and the timestamp. You do not need an account to search. If you are signed in, the entry is also tagged with your account ID so it appears in your data export at /account. Anonymous searches are tied to IP only. The IP is masked to its first three octets (a /24 range) after 30 days. We use these logs strictly for abuse detection and basic usage counters; we do not share them with anyone and we do not run them through third-party analytics.

We do not collect or process special-category data (health, race, religion, political views, sexual orientation, biometrics, or genetic data). We do not collect government identifiers. We do not collect payment card data. aycf.app is currently free to use. We never collect or store your Wizz Air or AYCF login credentials.

3. מדוע אנחנו אוספים, ועל איזה בסיס משפטי

Each processing activity has a documented legal basis under GDPR Article 6.

• Creating and operating your account, signing you in: performance of a contract with you, Article 6(1)(b).
• Email verification and the admin approval workflow: our legitimate interest in preventing abuse and protecting the service during private build, Article 6(1)(f).
• IP address and request logging for rate limiting and security: our legitimate interest in keeping the service available and secure, Article 6(1)(f).
• Audit logs of administrative actions: a mix of legal obligation under accountability rules in Article 5(2) and our legitimate interest in detecting incidents, Article 6(1)(c) and 6(1)(f).
• Transactional emails (verification, password reset, approval, password-changed confirmation): performance of a contract, Article 6(1)(b).

4. עם מי אנחנו משתפים נתונים

We use a small number of processors. Each is contractually bound to process your data only on our instructions.

• Hetzner Online GmbH (Germany, EU): server hosting and database storage.
• Cloudflare, Inc. (United States, with EU presence): DNS, CDN, DDoS protection, email routing for inbound role addresses.
• Resend (Resend.com) and underlying delivery infrastructure: transactional email delivery. They see your email address and the content of the messages we send you.
• Google LLC: if you sign in with Google, Google acts as the identity provider and shares your email, name, and avatar with us according to the scopes you consent to.

We do not sell, rent, or trade your personal data. We do not share data with advertising networks. We do not run third-party analytics in Phase 1 of the product.

4b. Public PDF source data

The route availability data shown on aycf.app comes from a single public PDF that Wizz Air publishes at multipass.wizzair.com/aycf-availability.pdf. Anyone can download that PDF; we just save you the work. We check the URL on a polite schedule (about thirty-three times per day, almost all of them HEAD-only requests that don't move any data) and download a full copy when the file actually changes.

The PDF itself contains zero personal data. It is a list of city pairs and a daily timestamp. We keep the raw PDF file on our server for up to 90 days, then archive it to cold storage for historical reference. The parsed route rows live in our database until a newer snapshot supersedes them; the previous snapshot stays queryable so we can show what changed.

We do not contact Wizz Air's booking system on your behalf in Phase 1. We do not need your Wizz credentials. When you click the "Book on Wizz" link on a result, your browser opens wizzair.com directly with your search prefilled, and you sign in with your own All You Can Fly subscription there.

5. העברות בין-לאומיות

Hetzner stores data in the EU. Cloudflare, Resend, and Google may process data in the United States. For these transfers we rely on the EU-US Data Privacy Framework where the recipient is certified, and on Standard Contractual Clauses (Commission Decision 2021/914/EU) where it is not. If you believe these safeguards are inadequate for your particular situation, you may contact your local data protection authority.

6. תקופת השמירה

• Account records: kept until you delete your account, then purged within 30 days from primary storage. Backup copies are overwritten within a further 30 days.
• Audit logs: 12 months from the date of the event, after which records are deleted or anonymised.
• IP-only logs: 30 days, after which the last octet of any IPv4 address is truncated and the IP is no longer traceable to an individual.
• Email verification and password-reset tokens: hashed at rest, single-use, expire after 24 hours (verification) or 15 minutes (password reset).
• Session tokens: absolute lifetime of 12 hours from creation, idle expiry of 30 minutes.

7. הזכויות שלכם

Under the UK GDPR and the EU GDPR you have the following rights. You can exercise them in-app where indicated, or by emailing [email protected].

• Right of access (Article 15): use the Export my data button in your account settings to download a JSON file containing everything we hold about you.
• Right to rectification (Article 16): edit your profile in the account settings, or write to us if a field is not editable in the UI.
• Right to erasure (Article 17): use the Delete my account button in your account settings. We purge your account within 30 days and overwrite backup copies within a further 30.
• Right to restriction of processing (Article 18): contact us and we will lock processing of your data while we investigate any dispute.
• Right to data portability (Article 20): the same JSON export endpoint as Article 15 provides a machine-readable, structured copy of your data.
• Right to object (Article 21): where we rely on legitimate interests, you can object at any time by writing to us.
• Rights related to automated decision-making (Article 22): we do not make decisions that produce legal or similarly significant effects on you using solely automated means. This right therefore does not apply.
• Right to lodge a complaint (Article 77): you can complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint, or to your local supervisory authority in the EU.

8. עוגיות (Cookies)

We set strictly necessary cookies only. There is no analytics, no advertising, and no third-party tracking on aycf.app in Phase 1.

• __Host-aycf-session: holds your sign-in session. HttpOnly, Secure, SameSite=Lax, Path=/. Absolute lifetime 12 hours.
• __Host-aycf-csrf: a CSRF token used to protect state-changing requests. Same attributes as the session cookie.

Because these cookies are strictly necessary to deliver the service you requested, we do not show a cookie banner asking for consent. If we add analytics or other non-essential cookies later, we will ask first.

9. ילדים

aycf.app is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has registered, please email [email protected] and we will delete the account.

10. הודעה על אירוע אבטחה

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office within 72 hours of becoming aware, in line with Article 33 of the UK GDPR. Where the breach is likely to result in a high risk, we will notify affected users directly and without undue delay, in line with Article 34.

11. ממונה הגנת מידע

At our current scale we are not required to appoint a Data Protection Officer under Article 37 of the UK GDPR. Privacy questions and requests go to [email protected]. If our processing changes such that a DPO becomes mandatory, we will appoint one and update this page.

12. שינויים במדיניות

We update this Privacy Policy whenever we change how we handle data. For material changes (new categories of data, new processors, new purposes) we will give you at least 14 days advance notice by email (if you have an account) and via a banner on the site. The Last updated date at the top of this page is bumped on every change.

13. יצירת קשר

שאלות לגבי המסמכים האלו: [email protected] לפרטיות ונתונים, [email protected] לדיווחי אבטחה, [email protected] לכל השאר.