Your privacy matters to us. SkyTribe is a community for pilots, and the data you share with us — your account, your strip reports, your photos — is yours. We're committed to being clear with you about what we collect, why we collect it, who else sees it, and what you can do about it.
A few things we want to say up front:
If anything in this policy isn't clear, please write to us at privacy@skytribeapp.com and we'll explain.
SkyTribe is operated by Defyant Software Development CC, a close corporation registered in the Republic of Namibia under registration number [CC REGISTRATION NUMBER]. References to "SkyTribe," "we," "us," and "our" include any successor entity to which the business may in future be transferred.
The data controller for the personal data described in this policy is Defyant Software Development CC. You can reach the Privacy Contact at privacy@skytribeapp.com.
The primary legal framework for our processing is the Namibia Data Protection Bill. Where users are located in the European Union, the European Economic Area, the United Kingdom, South Africa, the United States, or other jurisdictions, we also respect the local data protection law that applies to them — see Section 6 for jurisdiction-specific notices.
We collect personal data in the categories below. For each category we explain the purpose and the legal ground we rely on under the Namibia Data Protection Bill and equivalent laws.
When you create an account, we ask for your name, email address, password, date of birth, and country. We use this information to identify you, secure your account, communicate with you about your account (security alerts, policy updates, support), and verify that you meet our minimum age requirement. Your country helps us understand where our users are and tailor regional compliance.
The legal ground is performance of a contract (we can't give you an account without it), our legitimate interest in keeping your account secure, and our legal obligation to verify your age.
If you choose to, you can add a gender and a profile photo. These appear on your profile and on the content you post. The legal ground is your consent — you can remove them at any time.
When you post strip reports, photos, comments, rogers, or edits to airport information, or when you follow airports or other users, we store that content so we can show it to the community. Your name, profile photo, country, and contribution counts may appear alongside your content and on public leaderboards visible to other authenticated users.
The legal ground is performance of a contract — the community is the service. If you later delete your account, this content is anonymised rather than deleted (see Section 6).
When you flag content, we record what was flagged, the reason you selected, any details you wrote, and the fact that you were the reporter. The legal ground is our legitimate interest in keeping the platform safe and trustworthy.
If you write to us for help, we collect what you send us — your name, email, and information about the issue, including any screenshots. The legal ground is our legitimate interest in providing support.
When you use the app, we automatically collect technical data needed to operate the service: authentication tokens, device push-notification tokens, the type of device and operating system, the app version, and timestamps of activity. We also generate a random identifier for your device for session management — this is not an advertising identifier.
The legal ground is performance of a contract (we need this data to run the app), our legitimate interest in keeping the service reliable and secure, and your consent for push notifications (given through your device's OS permission prompt — you can withdraw it any time in device settings).
If you opt in through the device permission prompt, we use your device location to show you nearby airports and tailor content to your region. You can turn this off in your device settings at any time. We do not share your location with other users or maintain any map that displays user locations. The app works fully without location access. The legal ground is your consent.
If you submit your email on our marketing site to join the private-beta waitlist, we store it, along with the page you signed up from, the timestamp, and a token we use to authenticate the unsubscribe link in each email. We use this to send you the invitation when the beta opens, and the occasional progress update before then. The legal ground is your consent, which you can withdraw at any time using the unsubscribe link in any email we send or by writing to privacy@skytribeapp.com. Waitlist signups are separate from SkyTribe accounts.
We share your data only with the people and organisations described below. We do not sell personal data.
Your profile information — name, profile photo, country, and gender if you've provided it — is visible to other authenticated users when they view your profile or your content. Your strip reports, photos, comments, and rogers are visible to all authenticated users. Your location, email, date of birth, and password are never visible to other users.
We rely on a small number of cloud and platform providers to operate SkyTribe. Each one is bound by a data processing agreement that requires them to handle your data in line with applicable data protection law, including (where relevant) EU Standard Contractual Clauses for cross-border transfers.
We supplement community content with public-domain aviation reference data. These sources don't involve processing of your personal data:
We may also disclose personal data: where you've given us valid consent; to comply with a legal obligation (such as a court order); to enforce these Terms or our other policies; or to pursue available legal remedies or defend legal claims.
If the SkyTribe business is reorganised, transferred to a successor Namibian entity, merged, or sold, we may transfer personal data to the successor as part of that transaction. Any successor will be bound to process your data in line with this policy unless we give you prior notice and (where required by law) obtain your consent.
We protect your data using industry-standard measures: encryption in transit, restricted database access, server-verified authentication on every request, rate limiting and input validation, and secure password storage handled by Firebase Authentication (we never see your password in plain text). We design the platform so that direct database access from client devices is denied — data is reached only through our authenticated APIs.
We keep your account and profile data for as long as your account is active. The content you publish — strip reports, photos, comments, rogers — stays on the platform until you delete it individually or delete your account. When you delete your account, your published content is anonymised rather than deleted; see Section 6 for what that means. Technical data such as device tokens and short-lived analytics is kept only as long as needed to run the service. We retain some data for longer where the law requires.
If something goes wrong and a breach occurs that's likely to affect you, we'll notify the relevant supervisory authority within the timeframe the law requires (under the Namibia Data Protection Bill ss. 22–23, GDPR Article 33, and POPIA s. 22, that's currently 72 hours of becoming aware of the breach). Where the breach is likely to put your rights or interests at significant risk, we'll also notify you directly — by email or in-app — and tell you what happened, what data was involved, and what you can do.
We use Sentry to monitor performance and catch errors, and Firebase Analytics to understand how the app is used in aggregate (which screens are opened, which actions are taken, which features need attention). The legal ground is our legitimate interest in keeping the app reliable and making it better.
We don't make decisions about you using algorithms or other automated processing that significantly affect you.
You have the right, under the Namibia Data Protection Bill and other applicable data protection laws, to ask us to:
You can also lodge a complaint with the supervisory authority in your country (see jurisdiction notices below).
To exercise any of these rights, write to privacy@skytribeapp.com. To delete your account, you can use the "Delete Account" option in the app's settings, or email us. We respond without undue delay and within the period your local law requires.
When you delete your account, we permanently remove your account profile (email, date of birth, gender, country, location preference), your profile photo, your follows, your push notification tokens, your authentication credentials, your device registrations, your session data, and the notifications you've received.
The content you published to the community — strip reports, photos, comments, and rogers — is anonymised rather than deleted. Your name is replaced with "Former Member," your profile photo is removed from that content, and the content remains as part of SkyTribe's community aviation database. After anonymisation it can no longer reasonably be linked back to you, so it is no longer personal data and falls outside the scope of the right to erasure. You can delete individual posts at any time before you delete your account. See our Account Deletion Policy for more.
In limited cases — where the law requires us to keep certain records, where there's an active legal proceeding, or where we need to keep records of serious safety violations such as posting false runway information — we may retain identifiable data beyond anonymisation. We keep only the minimum we need, for the minimum period needed.
The Namibia Data Protection Bill is our primary framework. The Bill gives you the right to assistance from the Data Protection Supervisory Authority of Namibia (once established), the right to mandate a non-profit body to lodge complaints on your behalf, and the right to seek compensation for material or non-material damage from an infringement.
You have the rights described above under the GDPR / UK GDPR, including data portability and the right to lodge a complaint with your local supervisory authority. Given our small scale and the nature of our processing (which is occasional and does not involve large-scale monitoring), we have not appointed a Data Protection Officer or an EU/UK representative; the Art. 27(2) exemption applies.
You have the rights described above under POPIA. You may lodge complaints with the Information Regulator. Our core data is stored in the African region.
We do not currently sell personal information or share it for cross-context behavioural advertising. We honour Global Privacy Control signals. We respect state privacy laws including California (CCPA/CPRA), Virginia, Colorado, and Connecticut.
We comply with applicable data protection laws wherever our users are located, including Brazil (LGPD), Canada (PIPEDA), Japan (APPI), and South Korea (PIPA). Contact privacy@skytribeapp.com for jurisdiction-specific information.
SkyTribe is for users aged 16 and older — the minimum solo flight age under most aviation authorities, including the NCAA of Namibia. We do not knowingly collect personal data from anyone under 16. If we find out a user is under 16, we will act without undue delay to remove their account and data, in line with applicable law.
In jurisdictions where the age of majority is 18 (Namibia, South Africa, India), users aged 16–17 need parental or guardian consent to use SkyTribe. Parents and guardians can contact privacy@skytribeapp.com to access, correct, or delete their child's personal data, or to withdraw consent.
We may update this Privacy Policy from time to time, as the app evolves and as the law changes. If we make significant changes, we'll let you know — by in-app notice, by email, or both — and where the law requires, we'll obtain your consent before the change takes effect.
Defyant Software Development CC Registration number: [CC REGISTRATION NUMBER] [REGISTERED ADDRESS, NAMIBIA] privacy@skytribeapp.com