Privacy

This Privacy Policy explains what personal data LateGate collects, why we collect it, how we use it, and your rights in relation to it. We aim to collect only what we need to provide the service, and nothing more.

When you register you provide an email address and a password (stored as a salted hash), or authenticate via Sign in with Apple (in which case Apple shares only a one-time email relay address or your real email — your choice). We store your name if you provide one.

When you add a flight to monitor, we store the flight number, route, and scheduled date. This is used solely to check for status changes and deliver alerts to you.

To send you push notifications, we store a device push token associated with your account. This token is issued by Apple's notification infrastructure and identifies your device for delivery purposes only.

We collect basic logs — including API request timestamps, error events, and general feature usage — for debugging and service improvement. These logs do not include the content of your travel searches.

If you contact us we retain that correspondence to resolve your query.

• To create and manage your account
• To monitor flights you have added and send you status alerts
• To send push notifications to your device
• To process password reset and email verification requests
• To maintain the security and integrity of the service
• To respond to support queries
• To comply with legal obligations

We do not use your personal data for advertising profiling, and we do not sell your data to third parties.

LateGate relies on the following categories of external data to power the flight monitoring feature:

• Commercial flight data APIs (such as Airlabs) — provide schedule, delay, and status information for commercial flights worldwide.
• FAA / government aviation data feeds — provide US National Airspace System delay and disruption information.

These providers supply flight data as a commodity service. The queries LateGate sends to them contain only the flight details needed to retrieve a status update — they have no knowledge of which user is monitoring a given flight, or that any particular user exists in our system.

Please be aware that the data returned by these providers may be subject to latency and may not always match real-time conditions at the airport or gate. See our Terms of Service for a full explanation of data accuracy limitations.

Push notifications are delivered via Google Firebase Cloud Messaging (FCM). To send a notification, we transmit your device push token (a technical identifier, not linked to your personal identity outside LateGate's own systems) and the notification content to Firebase. Firebase does not receive your name, email address, or any other personal data beyond the token required for delivery.

Google's use of data processed through Firebase is governed by the Google Privacy Policy.

You can disable push notifications at any time in your device's notification settings.

When you tap an affiliate link in the App, you are redirected to a third-party booking platform. LateGate may receive an anonymised commission signal if you complete a booking. We do not share your personal account data with affiliate partners. Any data you submit on those third-party platforms is governed by their own privacy policies.

If you choose to sign in using Sign in with Apple, Apple handles authentication and provides us with a unique user identifier and, optionally, an email address (which may be a private relay address managed by Apple). We do not receive your Apple ID password or any payment information. Apple's use of data is governed by the Apple Privacy Policy.

Your data is stored on servers hosted on Amazon Web Services (AWS) infrastructure. We implement industry-standard security measures including:

• Passwords stored using one-way cryptographic hashing
• All data in transit encrypted via TLS (HTTPS)
• Access to production systems restricted to authorised personnel only
• Refresh tokens and verification tokens are short-lived and invalidated after use

No security measure is perfect. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

We retain your personal data for as long as your account is active. When you delete your account, we delete your profile, flight monitoring records, push tokens, and authentication tokens. Anonymised usage logs may be retained for up to 90 days for security and debugging purposes.

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your account and associated data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — withdraw consent for any processing based on consent (e.g. push notifications)

To exercise any of these rights, contact us. We will respond within 30 days.

LateGate is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy periodically. When we make material changes, we will update the date at the top of this page and, where required by law, notify you by email or in-app notification.

For privacy questions or to exercise your rights, contact us.

If you are located in the European Economic Area and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.