Privacy Policy

Last updated: 5 March 2026

Your data isn't shared. Your flight logs, equipment details, and personal information stay with you. This isn't about selling your paramotor adventures to advertisers (though some of them would probably love to hear about that time you landed in the sea).

This policy explains what data PPG Social collects, why, and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who's Responsible

PPG Social is operated as a personal project. For the purposes of data protection law, the data controller is PPG Social. If you need to get in touch about your data, use the support page.

2. What Data Is Collected

Here's exactly what's stored:

  • Account data: Email address, hashed password (or OAuth provider ID if you sign in via a third party), display name, and profile information you choose to provide.
  • Flight data: Flight logs, GPS tracks, equipment details (motors, wings, parts), field/site locations, weather data, photos, videos, comments, and reactions—basically everything you enter to track your flying.
  • Technical data: Login timestamps, IP addresses (for security and rate limiting), session tokens, and email verification/password reset tokens.
  • Optional integration data: If you connect SmugMug or Google Photos, OAuth tokens are stored to access your albums. These are revocable at any time from your settings.

3. Why It's Collected (Legal Basis)

Under UK GDPR, every bit of data processing needs a lawful basis. Here's ours:

  • Contract (Article 6(1)(b)): Processing your account and flight data is necessary to provide the service you signed up for—logging your flights, tracking equipment, and all the features you use.
  • Legitimate interests (Article 6(1)(f)): Security measures (rate limiting, login tracking, fraud prevention) are necessary to keep the platform safe for everyone.
  • Consent (Article 6(1)(a)): Optional integrations like SmugMug and Google Photos are only activated when you explicitly choose to connect them. You can disconnect at any time.

4. Who Has Access

Your data isn't sold, rented, or shared with marketers. The following third-party services process data on our behalf to keep things running:

  • Microsoft Azure (UK region): Hosting, database (SQL Server), file storage (Blob Storage for photos), and email delivery (Azure Communication Services). All data is stored in Azure's UK data centres.
  • SmugMug: Only if you connect it. Used to import photos from your SmugMug account into your flight logs. PPG Social accesses your SmugMug data via OAuth with your explicit permission.
  • Google Photos: Only if you connect it. Same deal—used to import photos with your explicit OAuth consent.
  • Open-Meteo: Flight coordinates and timestamps are sent to retrieve weather data. No personal information is included in these requests.
  • OpenStreetMap / CARTO: Map tiles are loaded in your browser to display flight maps. Your browser connects to these services directly; PPG Social doesn't send them any personal data.

5. International Transfers

Your data is stored in Microsoft Azure's UK data centres. Some third-party services (SmugMug, Google Photos, Open-Meteo, OpenStreetMap) may process data outside the UK. Where this happens, it is covered by appropriate safeguards such as standard contractual clauses or adequacy decisions, or the data sent does not contain personal information.

6. How Long Data Is Kept

A background scheduler runs daily to enforce these retention periods automatically:

  • Account and flight data: Kept for as long as your account is active. If you delete your account, your data is permanently removed.
  • Login history: Retained for 90 days, then automatically deleted.
  • Failed login attempts: Retained for 90 days, then automatically deleted.
  • Password reset tokens: Automatically deleted 7 days after expiry or use.
  • Email verification tokens: Automatically deleted 7 days after expiry.
  • OAuth states: Automatically deleted 1 hour after creation.
  • Notifications: Dismissed notifications are deleted after 30 days. Expired notifications are deleted automatically.
  • Data exports: Export files and records are deleted after 7 days.

7. Cookies

PPG Social uses only essential cookies required for authentication and session management. No tracking cookies, no analytics cookies, no third-party advertising cookies. That's it—no cookie banner needed because there's nothing optional to consent to.

8. Your Rights

It's your data. Under UK GDPR, you have the right to:

  • Access: Request a copy of all the personal data held about you. You can also export your flight data directly from the app at any time.
  • Rectification: Correct any inaccurate data—most of this you can do yourself through the app.
  • Erasure ("right to be forgotten"): Delete your account and all associated data. This can be done from your account settings or by contacting support.
  • Restriction: Request that processing of your data be restricted in certain circumstances.
  • Portability: Receive your data in a structured, commonly used format. The data export feature provides this.
  • Object: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent (e.g. third-party integrations), you can withdraw it at any time by disconnecting the integration in your settings.

To exercise any of these rights, use the support page. Requests will be responded to within one month, as required by law.

9. Age Requirement

PPG Social is intended for users aged 16 and over. If you are under 16, please do not create an account. If we become aware that data has been collected from a user under 16 without appropriate consent, it will be deleted promptly.

10. Data Security

Reasonable technical and organisational measures are in place to protect your data, including encrypted connections (HTTPS), hashed passwords, rate limiting, and secure token handling. That said, no system is 100% bulletproof—if you discover a security issue, please report it responsibly via the support page.

11. Complaints

If you're not happy with how your data is being handled, please reach out via the support page first—most things can be sorted out quickly. If you're still not satisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12. Changes to This Policy

This policy may be updated from time to time. Significant changes will be communicated through the app. The "last updated" date at the top will always reflect the most recent version.

Questions?

If you have concerns about privacy or want to know more, reach out via the support page. I'm a pilot too—I get it.

Report a Bug

Screenshot Optional, max 2MB

Auto-captured with report:

  • Current page URL
  • Browser information
  • Screen size
  • Your email (if logged in)