DEVELOPMENT

Privacy Policy

Last updated: November 12, 2025

1. Introduction

The stdRteWeb tool ("the Service", "we", "us", or "our") is a standard route management system for use within the context of the VATSIM network. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 VATSIM OAuth Information

VATSIM OAuth integration is only utilised for the management functionality of the system. Users utilising the Standard Route Search functionality only have information collected in accordance with Section 2.2.

When you authenticate via VATSIM OAuth to log into the management system, we collect:

  • VATSIM CID (Customer ID)
  • Full name

2.2 Usage Data

We automatically collect certain information when you use stdRteWeb:

  • Browser type and version
  • Pages visited and time spent
  • Referring website
  • Device information

2.3 Cookies and Local Storage

We use cookies and browser local storage for authentication session management and user preferences (such as theme selection). See our Cookie Policy for more details.

3. How We Use Your Information

We use the collected information to:

  • Authenticate and authorize users
  • Provide role-based access control
  • Maintain audit trails for route creation, modification, and deletion
  • Improve the service and user experience
  • Comply with legal obligations

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in these circumstances:

  • VATSIM Network: Authentication is handled by VATSIM's OAuth service.
  • Service Providers: We use Supabase for database hosting and Vercel for application hosting

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encrypted connections (HTTPS/TLS)
  • Secure authentication via VATSIM OAuth
  • Role-based access control
  • Regular security audits
  • Database backups and redundancy

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

Under the New Zealand Privacy Act 2020 and GDPR (for EU residents), you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a structured format
  • Objection: Object to processing of your personal information
  • Withdrawal: Withdraw consent at any time (does not affect prior processing)

To exercise these rights, please contact us at tom@avstack.dev.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the stdRteWeb service
  • Maintain audit trails
  • Comply with legal and regulatory requirements

If you request account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate audit purposes.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of stdRteWeb after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: