Privacy Policy

Effective Date: March 1, 2025 · Last Updated: March 2025

Relay is a private system operated for internal aviation operations. This policy describes what data is collected, how it is stored, who can access it, and your rights with respect to that data.

1. Who We Are

Relay is operated by the aircraft operator whose system administrator provisioned your account ("Operator"). This policy applies to all users of the Service. References to "we," "us," or "our" refer to the Operator.

2. Data We Collect

We collect and store the following categories of data:

Category	Data Collected	Purpose
Account Data	Username, display name, role, hashed password, TOTP secret	Authentication and access control
Session Data	Session token, login timestamp, IP address, last activity time	Session management and security
Message Data	ACARS message content, direction, status, timestamps, sending user	Operational communications record
Position Data	Aircraft tail number, lat/lon, altitude, speed, heading, timestamp	Flight following and situation awareness
Audit Log	User actions (login, logout, sends, admin changes) with IP address	Security auditing and compliance
Configuration Data	Aircraft tail numbers, ICAO24 codes, ARINC/ADS-B provider settings	System configuration

We do not collect:

Personal financial information
Biometric data
Information from users who are not account holders
Any data from minors

3. How Data Is Stored

All data is stored in a SQLite database on the server hosting this Service. The database file is located on the Operator's infrastructure and is not replicated to third-party cloud services unless the Operator has specifically configured backup solutions.

Passwords are hashed using bcrypt with a cost factor of 12. Plaintext passwords are never stored.
Session tokens are cryptographically random 256-bit values. They are stored in the database and delivered to your browser as HttpOnly, Secure cookies.
TOTP secrets are stored in encrypted form within the database.
The database uses Write-Ahead Logging (WAL) mode for durability.

4. Who Can Access Your Data

Role	Data Access
You (account holder)	Your own messages, your own session, your own display name and role. You may change your password at any time.
Dispatch / Monitor users	Message threads for aircraft they are authorized to view. They cannot see other users' account details.
Admin users	All user accounts, audit logs, system configuration, and all message threads. Admins can reset passwords and MFA.
System Administrator	Full access to the database file and server. Responsible for data security and backup.

5. Data We Share With Third Parties

We do not sell your personal data to any third party. We do not use advertising networks, marketing trackers, or analytics platforms.

We may transmit data to the following external services in the course of normal operation:

OpenSky Network / adsb.fi / ADS-B Exchange — aircraft position queries (bounding box, no account data)
aviationweather.gov — weather data fetches (no user data transmitted)
RainViewer — radar tile fetches (no user data transmitted)
ARINC / CMU network — if configured for live ACARS: message content and aircraft identifiers are transmitted per ACARS protocol

6. Data Retention

Data is retained as follows:

Messages: Retained indefinitely unless manually deleted by an administrator.
Audit logs: Retained for at least 12 months. Older entries may be pruned by the administrator.
Sessions: Automatically expired after 7 days of inactivity. Expired sessions are purged during routine cleanup.
Account data: Retained until the account is deleted by an administrator.
Position data: Retained indefinitely for flight record purposes.

7. Security

We implement the following security measures:

All connections encrypted via TLS (HTTPS)
Passwords hashed with bcrypt (cost 12)
Multi-factor authentication (TOTP) required for all users
Account lockout after 5 failed login attempts
Session cookies are HttpOnly, Secure, and SameSite=Strict
Rate limiting on authentication endpoints
Full audit logging of security-relevant events

No system is perfectly secure. You are responsible for maintaining the confidentiality of your credentials and MFA device.

8. Your Rights

As a user of this private system, you have the right to:

Access: Request a copy of the data associated with your account
Correction: Request correction of inaccurate personal data
Deletion: Request deletion of your account and associated personal data (subject to operational record requirements)
Password reset: Self-service via the Change Password feature in the portal, or by requesting an admin reset

To exercise these rights, contact your system administrator.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last Updated" date at the top of this page. Continued use of the Service following any changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions, data requests, or to report a security concern, contact your system administrator directly.