Starlog Privacy Policy
Starlog is a personal pilot logbook app operated under Danish law. This Privacy Policy explains what personal data Starlog collects, why, how it is protected, and what rights you have under the EU General Data Protection Regulation (EU GDPR).
Please read this policy carefully before using the App. By creating an account or continuing to use the App, you confirm that you have read and understood this policy.
1. Who we are
Starlog is operated as an enkeltmandsvirksomhed (Danish sole proprietorship) registered with the Central Business Register.
Data controller / trader: Jacob Baagø (enkeltmandsvirksomhed) Business registration: CVR 32913806 Contact: [email protected] · [email protected]
All correspondence is handled in English or Danish.
2. What data we collect
2.1 Data you provide directly
- Email address and password hash — when you create an account, your email is stored in our authentication system (Supabase Auth). Your password is salted and hashed by Supabase; Starlog never sees it in plaintext.
- Payment receipts — when you subscribe, Apple or Google provides Starlog with a transaction receipt. Starlog stores the receipt hash, expiry timestamp, and subscription tier (
trial,pro). Starlog does not receive your payment card details. - Account state — your current tier, trial start date, subscription expiry, and sign-in status.
2.2 Data stored only on your device
The following data is stored locally on your device only and is never transmitted to Starlog's servers:
- Flight logs (route, times, aircraft, crew, remarks)
- Simulator sessions
- Ground duty records
- Crew names and phone numbers
- Qualifications and expiry dates
- Airport and aircraft type lookups
- App settings and preferences
- Roster data fetched from Raido (stored locally; never forwarded to Starlog servers)
2.3 Location data (§33A geo-tracking) — opt-in, on-device only
The App includes an optional feature to help you evidence days spent physically outside Denmark for a Danish tax claim under §33A (ligningsloven). This feature is off by default and only runs after you turn it on in the §33A screen and grant location permission.
- What is collected: while the feature is on, the App periodically records a location ping — a timestamp, an approximate latitude/longitude, and a derived "inside/outside Denmark" flag. Accuracy is deliberately coarse (we only need to know which country you are in, not your precise position).
- Where it is stored: pings are written only to your device (and, if you choose, to a folder you yourself pick, such as your own iCloud or Files location). They are never sent to Starlog's servers and are not shared with any third party.
- Why: the pings are independent corroboration that you were physically present outside (or inside) Denmark on a given day, which is the kind of evidence the Danish tax authority (Skattestyrelsen) expects for a §33A claim.
- Legal basis: your explicit consent (Art. 6(1)(a)) — given by turning the feature on. You can withdraw it at any time by turning the feature off, which stops all further collection; you can delete the stored pings from your device at any time.
2.4 Data we do NOT collect
Starlog does not collect:
- Background location, except the opt-in §33A feature described in §2.3 above (which stays on your device and is never sent to Starlog).
- Device identifiers or advertising IDs
- Usage analytics or crash reports (v1)
- Biometric data
- Communications content
2.5 Children
The App is intended for professional pilots aged 18 and over. Starlog does not knowingly collect personal data from anyone under 18. If you become aware that a minor has provided data to Starlog, please contact us and we will delete it.
3. Legal basis for processing
Personal data is processed under EU GDPR Article 6:
| Data | Legal basis |
|---|---|
| Email address | Contract (Art. 6(1)(b)) — necessary to provide your account and communicate about your subscription |
| Payment receipts | Contract (Art. 6(1)(b)) — necessary to verify and maintain your subscription entitlement |
| Account state | Contract (Art. 6(1)(b)) — necessary to gate Pro features |
| §33A location pings | Consent (Art. 6(1)(a)) — collected only if you turn the opt-in §33A tracking on; stored on your device only; withdraw at any time by turning it off |
Starlog does not process special category data (Art. 9).
4. How we use your data
Your data is used only to:
- Authenticate you when you sign in
- Verify your subscription entitlement and unlock Pro features
- Send you transaction-related emails (subscription confirmation, trial expiry reminder)
- Comply with legal obligations
Starlog does not sell your data. Starlog does not use it for advertising, profiling, or any purpose not listed above.
5. Who we share your data with
Data is shared only with the following sub-processors, each operating under their standard data-processing terms (which incorporate the EU Standard Contractual Clauses where data is transferred outside the EEA):
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Authentication and subscription database | US (EU-region option available) |
| RevenueCat, Inc. | Subscription receipt validation + entitlement state | US |
| Apple Inc. | App Store payment processing | US |
| Google LLC | Play Store payment processing | US |
| Open-Meteo (Open-Meteo.com) | Destination-weather forecast for the airport you are flying to | EU (Germany) |
The destination-weather feature sends the public coordinates of your upcoming destination/layover airport (looked up from a built-in airport database) to Open-Meteo to fetch a forecast. It does not send your own device location, your identity, your roster, or any other personal data — only an airport's latitude and longitude, over an encrypted connection.
Starlog does not share data with advertising networks, analytics providers, or data brokers.
6. How long we keep your data
- Account data (email, tier, receipts): retained for as long as your account is active, plus up to 30 days after deletion to allow for payment disputes.
- After deletion: Starlog initiates deletion of your account-state rows from its database within 30 days. Database snapshots held by Starlog's cloud provider may retain residual copies for a further period (typically up to 90 days), in line with the provider's standard backup-retention schedule; those snapshots are not accessible for routine reads and are purged on the provider's rolling cycle.
- Local device data (including §33A location pings): retained on your device until you delete it manually, turn the §33A feature off and clear its data, or wipe everything via the "Delete Account" flow. Pings are never uploaded to Starlog, so there is nothing to delete on our side.
7. Security
The following technical measures are in place:
- All data in transit is encrypted via TLS 1.2 or higher.
- Supabase Row Level Security (RLS) ensures users can only access their own rows.
- Your password is salted + hashed by Supabase; Starlog has no access to it.
- Sensitive local data (Raido credentials, cookie jars) is stored in the device's platform secure key store — Apple iOS Keychain on iOS, Android Keystore on Android — using the encryption Apple and Google provide by default. These credentials never leave your device.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Starlog will notify the supervisory authority without undue delay (and where feasible within 72 hours, in line with GDPR Art. 33) and notify affected users without undue delay where required by GDPR Art. 34.
8. Cookies and tracking
The App does not use cookies. If you use the Raido sync feature, a WebView session is established directly between your device and the Raido service operated by Navblue. That session's cookies are stored on your device and are never transmitted to Starlog servers.
9. Your rights under EU GDPR
You have the following rights regarding the data Starlog holds about you:
- Access (Art. 15): request a copy of your personal data — use "Export My Data" in the App.
- Rectification (Art. 16): correct inaccurate data — update your email via account settings.
- Erasure (Art. 17): delete your account and all associated data — use "Delete Account" in the App, or contact us.
- Restriction (Art. 18): ask us to restrict processing while a dispute is resolved.
- Portability (Art. 20): receive your data in a machine-readable format — use "Export My Data" (JSON).
- Objection (Art. 21): object to processing based on legitimate interests (we do not rely on this basis for any processing).
- Withdraw consent (Art. 7(3)): the only consent-based processing is the opt-in §33A location tracking (and the optional signature image). Turn the §33A feature off at any time to stop further collection and withdraw consent; withdrawal does not affect the lawfulness of processing carried out before it.
To exercise any of these rights, contact [email protected]. Starlog will respond within one month, in line with GDPR Art. 12(3).
If you are unsatisfied with our response, you have the right to lodge a complaint with a data protection supervisory authority:
- Denmark (lead authority): Datatilsynet — datatilsynet.dk.
- EU residents elsewhere: the supervisory authority in your country of residence — see edpb.europa.eu for the full list.
10. Changes to this policy
This policy may be updated to reflect changes in the law or our practices. When that happens, the "Last updated" date above is updated and you are notified by email if the changes are material.
11. Contact
Starlog CVR 32913806 [email protected] · [email protected]
