Privacy Policy

Privacy Policy – lotnik.app

Last updated: May 24, 2026

1. General information

This Privacy Policy sets out the rules for the collection, processing, and protection of personal data of users of the lotnik.app application and website. The Data Controller is Patryk Szurgot, operating under the business name iPapi, with its principal address at Władysława Jagiełły 2/7, 02-495 Warsaw, Poland, NIP (Tax ID): PL5342359787 (hereinafter: the “Controller”).

2. Data collected

Through the application and website, we collect the following data:

  • Email address — provided during account registration (via Google, Apple, or email/password sign-in through Firebase Authentication) or voluntarily in a contact form;
  • Flight logbook data — flight time entries, aircraft details, simulation entries, cost calculations, and any other data you enter into the logbook;
  • Device and usage data — device type, operating system version, app version, interaction patterns, error logs, and crash reports (collected automatically);
  • Payment data — when you purchase Premium, payment details are collected and processed directly by Stripe (Website) or the respective app store (Google Play, Apple App Store). We do not store your full credit card number or payment card details on our servers.

3. Purpose of processing

The data we collect is used for:

  • Providing the digital service — account management, data storage, synchronization, and delivery of core app functionality;
  • Responding to inquiries from the person who provided the data;
  • Service communications — sending occasional informational messages to the email address associated with your account, including updates about the Service, new features, improvements, maintenance notices, security notifications, and relevant offers related to the Service;
  • Premium status verification and management across platforms;
  • Displaying advertisements to Free Plan users (via third-party ad networks);
  • Improving the Service — analyzing usage patterns, diagnosing technical issues, and fixing bugs;
  • Compliance with applicable legal obligations.

Your email address and personal data are not shared, sold, or disclosed to any third parties for marketing purposes.

4. Legal basis for processing

Data is processed based on:

  • Article 6(1)(a) of the GDPR — consent of the data subject;
  • Article 6(1)(b) of the GDPR — performance of a contract (providing the digital service, managing your account, synchronizing data, processing payments);
  • Article 6(1)(f) of the GDPR — legitimate interest of the Controller, including improving the Service, ensuring security, communicating with the user, and sending service-related communications;
  • Article 6(1)(c) of the GDPR — compliance with legal obligations (e.g., tax and accounting requirements).

5. Service communications

5.1. By creating an account in the application, you agree to receive occasional service-related communications at the email address associated with your account. These may include important updates about the Service, security notifications, information about new features and improvements, and relevant offers related to the Service.

5.2. You may opt out of non-essential communications at any time by using the unsubscribe link included in each email or by contacting us at contact@lotnik.app. Critical account and security notifications cannot be opted out of while your account remains active.

6. Cookies

The lotnik.app website uses basic cookies necessary for its proper functioning. Cookies may be used for technical purposes, statistical purposes, and to ensure the correct display of content. Payment-related cookies are used by Stripe during the checkout process.

Users can disable cookies at any time in their browser settings. The mobile App does not use traditional browser cookies, but third-party SDKs (e.g., Firebase, ad networks) may use similar tracking technologies such as device identifiers.

7. Third-party services

The Service integrates with the following third-party services that may process your data:

  • Google Firebase (Google LLC, USA) — authentication, cloud data storage (Firestore), analytics. Privacy Policy;
  • RevenueCat (RevenueCat Inc., USA) — subscription and purchase management. Privacy Policy;
  • Stripe (Stripe Inc., USA) — payment processing for Website purchases. Privacy Policy;
  • Google AdMob or similar ad networks — displaying advertisements to Free Plan users. These services may collect device identifiers and usage data for ad targeting purposes;
  • Google Play / Apple App Store — app distribution and in-app purchase processing.

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and EU-U.S. Data Privacy Framework certifications where applicable.

8. Data retention period

8.1. We retain your personal data for as long as your account is active and as necessary to provide the Service, or until the user withdraws their consent.

8.2. Free Plan accounts (including accounts where the registration process was started but never completed) that have been inactive for a continuous period of 90 days will be automatically deleted, along with all associated data. We may send a reminder notification to the email address associated with the account before deletion. This provision does not apply to Premium accounts.

8.3. Upon account deletion (whether voluntary or due to inactivity), we will delete your personal data from our servers within a reasonable timeframe (typically within 30 days), except where we are required to retain certain data for legal, tax, or accounting purposes (typically 5 years under Polish law).

8.4. Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

9. User rights

The data subject has the right to:

  • Access their data;
  • Rectify their data;
  • Erase their data (“right to be forgotten”);
  • Restrict processing;
  • Object to processing;
  • Data portability;
  • Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
  • Lodge a complaint with the relevant supervisory authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO): https://uodo.gov.pl.

To exercise these rights, please contact: contact@lotnik.app. We will respond within 30 days.

10. Data security

The Controller applies appropriate technical and organizational measures to protect data against unauthorized access, loss, modification, or destruction, including encryption of data in transit (TLS/HTTPS), Firebase security rules, and secure authentication via Firebase Authentication.

11. Children’s privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will promptly delete it.

12. Advertisements

12.1. Free Plan users who have exceeded 45 hours of logbook entries may see advertisements served by third-party ad networks (e.g., Google AdMob).

12.2. You may opt out of personalized advertising through your device settings:

  • Android: Settings → Google → Ads → Opt out of Ads Personalization;
  • iOS: Settings → Privacy & Security → Tracking → Disable “Allow Apps to Request to Track.”

12.3. Premium users are not shown advertisements.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated Policy on the Website and/or within the App. Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.

14. Contact

For matters related to personal data protection, please contact:

  • Email: contact@lotnik.app
  • Controller: Patryk Szurgot, iPapi, NIP PL5342359787
  • Address: Władysława Jagiełły 2/7, 02-495 Warsaw, Poland