Skip to main content

Privacy Policy

How we collect, use, and protect your data.

Last updated: Feb-2026

Data Sky Center ("DSC," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, applications, and services (collectively, the "Platform").

1. Data Controller

The data controller responsible for your personal data is:

Data Sky Center (DSC)
Rua Alagoas, 724, Centro
Catanduva, SP, Brazil
Email: contato@webflag.com.br

2. Information We Collect

2.1 Personal Information You Provide

  • Account registration: name, email address, phone number, country, password (stored as a cryptographic hash), and user role (pilot, aviation personnel, or aviation enthusiast).
  • Provider registration: company name, ICAO code, service type, phone numbers, website, and business description.
  • Payment information: credit card details are collected and processed directly by our payment processor, Stripe. DSC does not store your full card number. We retain only your Stripe customer ID and subscription ID.
  • Communications: any information you provide when contacting us or submitting feedback.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, session duration, and interaction patterns.
  • Device and browser data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Cookies and similar technologies: see Section 9 below.

2.3 Information from Third Parties

  • Google Sign-In: if you sign up using Google, we request only the openid, email, and profile scopes. We receive your name and email address from Google. We do not access your contacts, calendar, or any other Google data.
  • Google reCAPTCHA: anti-abuse verification data.

3. Legal Bases for Processing

We process your personal data based on the following legal grounds:

  • Consent: when you explicitly agree (e.g., accepting the Terms and Conditions at registration, opting in to marketing communications).
  • Contract performance: to fulfill our obligations under the subscription agreement (e.g., account creation, payment processing, service delivery).
  • Legitimate interest: for Platform security, fraud prevention, analytics, and service improvement, where these interests do not override your fundamental rights.
  • Legal obligation: to comply with applicable laws and regulations.

4. LGPD Compliance (Brazil)

DSC complies with the Lei Geral de Proteção de Dados (LGPD — Lei 13.709/2018), the Brazilian General Data Protection Law. Under the LGPD, you have the following rights regarding your personal data:

  • Confirmation of the existence of processing.
  • Access to your data.
  • Correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion of unnecessary or excessive data.
  • Portability of data to another service or product provider.
  • Deletion of personal data processed with your consent.
  • Information about public and private entities with which we share your data.
  • Information about the possibility of not providing consent and the consequences thereof.
  • Revocation of consent.

To exercise any of these rights, contact us at contato@webflag.com.br or use our data request form. We will respond within 15 business days.

5. GDPR Compliance (European Union)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) applies to the processing of your personal data. Under the GDPR, you have the following rights:

  • Right of access: obtain confirmation of whether your data is being processed and request a copy.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your data under certain conditions.
  • Right to restrict processing: request limitation of processing in certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format.
  • Right to object: object to processing based on legitimate interest or direct marketing.
  • Right to withdraw consent: withdraw previously given consent at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: file a complaint with your local data protection supervisory authority.

To exercise these rights, contact us at contato@webflag.com.br or use our data request form. We will respond within 30 days.

6. Purpose of Processing

We use your personal data for the following purposes:

  • Creating and managing your Account.
  • Processing payments and managing subscriptions.
  • Providing and personalizing the Platform's features.
  • Sending transactional emails (account confirmation, password reset, subscription notifications).
  • Verifying identity and preventing fraud.
  • Tracking the gamification system (points and access tiers).
  • Analyzing usage patterns to improve the Platform.
  • Complying with legal obligations.
  • Communicating updates, changes, or security notifications.

7. Data Retention

  • Active accounts: data is retained for the duration of your Account's existence.
  • Cancelled accounts: personal data is retained for up to 6 months after cancellation to allow for account reactivation and to comply with legal obligations, after which it is anonymized or deleted.
  • Payment records: retained for 5 years in compliance with tax and financial regulations.
  • Server logs: retained for up to 12 months for security and debugging purposes.
  • Consent records: the timestamp of your acceptance of Terms and Conditions and Privacy Policy is retained for as long as necessary to demonstrate compliance.

8. Third-Party Services

We share data with the following third-party service providers, each operating under their own privacy policies:

  • Stripe (payments) — processes your credit card information and manages subscriptions. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy.
  • Google reCAPTCHA v2 & v3 (anti-abuse) — reCAPTCHA v2 is used on forms that require explicit user interaction (e.g., report submissions). reCAPTCHA v3 runs in the background on certain pages to score user behavior and prevent automated abuse; it may collect hardware and software information, usage data, and cookies. By using the Platform, you agree to Google's Privacy Policy and Terms of Service as they apply to reCAPTCHA.
  • Google Analytics (usage analytics) — collects anonymized usage data to help us understand how the Platform is used. Google Privacy Policy.

We do not sell your personal data to any third party.

9. Cookies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: required for the Platform to function (session management, authentication). These cannot be disabled.
  • Analytics cookies: Google Analytics cookies to understand usage patterns and improve the Platform.
  • Security cookies: Google reCAPTCHA cookies to prevent abuse.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Platform.

10. International Data Transfers

DSC is based in Brazil. If you access the Platform from outside Brazil, your data may be transferred to and processed in Brazil. We also use third-party services (Stripe, Google) that may process data in the United States and other countries.

For transfers of personal data outside Brazil or the EEA, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where applicable.
  • The service provider's compliance certifications (e.g., Stripe's PCI DSS compliance).

11. User Rights Summary

Regardless of your location, you have the right to:

  • Access your personal data that we hold.
  • Rectify inaccurate or incomplete data.
  • Erase your data (subject to legal retention requirements).
  • Port your data to another provider in a machine-readable format.
  • Object to processing based on legitimate interest.
  • Restrict processing in certain circumstances.
  • Withdraw consent at any time.

To exercise any of these rights, email us at contato@webflag.com.br. We may require identity verification before processing your request.

12. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at contato@webflag.com.br.

13. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL).
  • Passwords stored as cryptographic hashes using the bcrypt algorithm with per-user salts. We never store plaintext passwords.
  • Payment data handled exclusively by PCI DSS-certified processor (Stripe).
  • Rate limiting and reCAPTCHA to prevent automated attacks.
  • Regular security reviews and access controls.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant data protection authority within 72 hours of becoming aware of the breach (as required by the GDPR and LGPD).
  • Notify affected Users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Document the breach, its effects, and the remedial actions taken.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you at least 30 days in advance via email and/or by posting a notice on the Platform. Continued use of the Platform after the effective date of the updated policy constitutes acceptance. We encourage you to review this page periodically.

16. Contact / Data Protection

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

Data Sky Center (DSC)
Rua Alagoas, 724, Centro
Catanduva, SP, Brazil
Email: contato@webflag.com.br

If you are in the EU and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Map About Glossary Road Map Terms v2.0.0