Preflair Privacy Approach
Core principle: zero-data architecture
Preflair collects and stores as little personal data as legally and practically possible. The app is designed so that almost all user data lives on the user's own device, not on Preflair servers.
What we do NOT collect
- Email addresses (except via the optional contact form on preflair.com — see "Landing page" below)
- Real names — the name field in the app is used locally to address the user, and never leaves their device
- Account information (no accounts exist on Preflair servers)
- Behavioral analytics that identify individual users
- Payment information (handled entirely by Apple App Store / Google Play)
- Location data
- Device identifiers beyond what the platform stores
- Contact lists, photos, calendar, or any device permissions beyond what's strictly needed
What is stored, and where
- On user's device only (localStorage / IndexedDB):
- User's chosen name and gender (for in-app addressing)
- Profile conditions (
has_children,has_pets, etc.) collected through progressive profiling - Created events and their checklists
- Task completion state
- Visual style preference (Phase 2)
- All other usage data
- By Apple / Google (payment platforms):
- Purchase history, refund status, country, payment status
- Preflair receives anonymized aggregates from App Store Connect / Google Play Console
- Preflair is a data controller under GDPR for what we receive
- By Cloudflare (hosting for preflair.com):
- Anonymized request logs and analytics (no personal identification)
- Standard CDN operation data
Landing page (preflair.com)
The landing page is separate from the app and has its own minimal data handling:
- Contact form (via FormSpree): collects email and message when users voluntarily submit. Used only to respond to the user. Not added to mailing lists. Not shared.
- No tracking cookies are set by Preflair. No Google Analytics. No advertising pixels.
- Cloudflare anonymized analytics only (does not require cookie banner under GDPR).
- Privacy contact: preflair@preflair.com
GDPR position
- The app processes effectively zero personal data server-side.
- Data stored locally on user's device is not "processed by Preflair" in GDPR terms.
- Apple/Google handle payment data; Preflair receives only aggregated/anonymized information.
- The landing page contact form processes email addresses temporarily, with clear consent (user submits voluntarily).
- Users have the right to:
- Request what data Preflair holds about them (typically: nothing beyond a contact form submission, if any)
- Request deletion (we delete contact form submissions on request)
- Contact our privacy address: preflair@preflair.com
Accessibility statement
Preflair is built to WCAG 2.1 Level AA, satisfying:
- US: ADA, Section 508
- EU: European Accessibility Act (enforced June 28, 2025)
Accessibility features include keyboard navigation, screen reader support, sufficient color contrast, scalable text, large touch targets, and respect for prefers-reduced-motion. Issues can be reported to preflair@preflair.com.
Future changes
Any expansion of data handling (cloud sync, multi-device support, analytics) will be added here BEFORE implementation, with clear user opt-in.
Authentication and your account (Phase 2)
How you sign in
Preflair uses Sign in with Apple (on iOS and Mac) and Sign in with Google (on Android). These services authenticate you without Preflair ever seeing your password, email, or name.
When you sign in, Apple or Google sends Preflair an opaque identifier — a meaningless string of letters and numbers that uniquely identifies you for Preflair, and nothing else. The same identifier comes back every time you sign in with the same Apple ID or Google account, so your purchase and your data follow you across your devices.
What Preflair knows about you
After you sign in and purchase the app, Preflair's server stores only:
- Your opaque identifier (a string like
user_001234abcxyz5678) - Whether you have paid (yes / no)
- The date you paid
- Your encrypted data blobs (Preflair cannot read these — only your devices can decrypt them)
Preflair never receives, stores, or has access to:
- Your name
- Your email address (Apple's "Hide my email" feature is supported)
- Your phone number
- Your credit card or payment information
- Your billing address
- Your IP address (not persisted)
- Your behavior in the app
Consequences you should understand before purchasing
These limitations follow honestly from the zero-data design. Read them before purchase.
If you lose access to your Apple ID or Google account, you lose your Preflair purchase. Preflair has no other identifier for you. There is no email-based account recovery, no "forgot password" flow, no support process that can recover access. This is a deliberate trade-off for privacy. If recovering access to a paid digital product is important to you, you may prefer apps that store your email.
Your purchase does not transfer between Apple and Google. If you buy Preflair on iOS and later switch to Android, you cannot move the purchase. You would need to buy again on the new platform at whatever the current price is. This is how all Apple and Google app store purchases work — it is not a Preflair limitation.
Support requests require you to identify yourself. If you email preflair@preflair.com for help, Preflair has no records to look you up by. You will need to tell us your Apple ID email, the date of your purchase, or other information that helps us understand what happened. We cannot proactively find your account.
Refunds are handled by Apple or Google, not Preflair. If you want a refund, you request it through the App Store or Google Play. They handle the money. They notify Preflair, and your access is revoked on your next sync. Preflair has no ability to process refunds directly.
Why we accept these trade-offs
A more conventional app would collect your email at signup, which would solve all four of the above problems. We do not, because:
- Once we collect your email, we can be hacked and lose it
- Once we collect your email, we are legally required to handle it per GDPR even if we never use it
- Once we collect your email, you have to trust us not to email you, not to share it, not to sell it
- We would prefer you not have to trust us about these things — it is easier to keep a promise we cannot break
The cost is that you, the user, bear the inconvenience when something goes wrong. We think this is the right trade-off, and we are honest about it.