NIMBLE AERO SARLAU ("we," "us," or "our") operates the Nimble Preflight mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Who We Are
We are NIMBLE AERO SARLAU, a company registered under Moroccan law (Société à Responsabilité Limitée à Associé Unique — single-member LLC), headquartered in Casablanca, Morocco.
For questions about this Privacy Policy, contact us at: loading...
2. Information We Collect
We do not create user accounts, and we collect only the minimum data necessary to operate the App.
The App is designed with a data-minimalist philosophy. Here is exactly what we process:
2.1 Information Automatically Processed
When you use the App, your device communicates with our servers to retrieve aviation weather and NOTAM data. In this process:
- IP Address: Your IP address is transmitted as part of standard internet communication. We use it solely for rate limiting (to prevent abuse) and routing your request. We do not log, store, or share your IP address. It exists only transiently in server memory for the duration of your request.
2.2 Live Flight Tracking — Device Identifier and Flight Numbers
The App includes an optional live flight tracking feature powered by Flightradar24. When you use this feature:
- Device or Account Identifier: To manage your monthly flight tracking allowance (10 lookups per month), we associate your usage with an identifier. This may be a randomly generated device identifier (UUID) created by the App, or your platform account identifier provided by Google Play or Apple (such as your Google Play subscription ID or Apple App Store account token). This identifier is used solely for credit management. We do not access your name, email, or other personal details from your Google or Apple account — only the anonymized account token provided by the platform for subscription and usage management.
- Flight Numbers: When you search for a flight, the flight number you searched for is logged alongside your identifier for credit accounting purposes.
This data is used solely to manage flight tracking credits and prevent abuse. It is not used for profiling, advertising, or any other purpose.
2.3 Information Stored on Your Device
The App stores the following data locally on your device (never transmitted to us):
- Your airport watchlist (ICAO codes you select)
- Cached weather data (METAR, TAF, SIGMET) for offline access
- Cached NOTAM data for offline access
- Your app settings and preferences
- Decoded SNOWTAM, MOTNE, and GRF results
- Pilot notes (ATIS, clearances, free text)
This data is stored using standard Android/iOS local storage and is deleted if you uninstall the App.
2.4 Analytics & Crash Reporting
The App uses Google Firebase Analytics and Google Firebase Crashlytics to help us understand how the App is used and to identify and fix crashes.
- Firebase Analytics collects anonymized usage data such as screen views, feature usage frequency, and session duration. This data is aggregated and cannot be used to identify individual users. No personally identifiable information is collected through Analytics.
- Firebase Crashlytics collects crash reports including device model, operating system version, stack traces, and app state at the time of a crash. This helps us fix bugs and improve stability. Crashlytics does not collect personal data such as names, emails, or location.
Both services are provided by Google LLC and process data according to Google's Firebase privacy documentation. You may opt out of Analytics data collection by disabling usage data sharing in your device settings.
2.5 Information We Do NOT Collect
We do not collect: names, email addresses, phone numbers, GPS location data, hardware device identifiers (IMEI, serial number), or advertising IDs.
3. How We Use Information
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| IP address (transient) | Rate limiting and request routing | Legitimate interest — service delivery and abuse prevention (Art. 6(1)(f)) |
| Device or account identifier | Flight tracking credit management | Legitimate interest — preventing service abuse (Art. 6(1)(f)) |
| Flight number searched | Credit transaction logging | Legitimate interest — service accounting (Art. 6(1)(f)) |
| Analytics data (anonymized) | App improvement and feature usage analysis | Legitimate interest — product improvement (Art. 6(1)(f)) |
| Crash reports | Bug identification and stability improvement | Legitimate interest — service reliability (Art. 6(1)(f)) |
We do not use your data for advertising, profiling, marketing, or any purpose other than delivering and improving the App's core functionality.
4. Data Sharing
We do not sell, rent, trade, or share any personal data with third parties.
The App retrieves aviation data from the following sources on your behalf:
- NOAA Aviation Weather Center (US federal government) — for METAR, TAF, and SIGMET data
- FAA Notice to Air Missions System (US federal government) — for NOTAM data
- Deutscher Wetterdienst (DWD) (Germany) — Germany's national meteorological service — for METAR, TAF, SIGMET, AIRMET, AIREP (pilot reports), and aviation weather chart data
- Flightradar24 AB (Sweden) — for live flight tracking data (situational awareness only)
Our servers retrieve aviation data from these sources on your behalf. Your device communicates only with our servers — it does not connect directly to NOAA, FAA, DWD, or Flightradar24 servers. No personal data is transmitted to these data providers.
When you use the live flight tracking feature, a request containing the flight number is sent from our servers to Flightradar24. Flightradar24 may process this request according to their own privacy policy.
Analytics & Crash Reporting: Anonymized analytics data and crash reports are processed by Google Firebase (Google LLC, USA). Google processes this data according to their Firebase privacy documentation. No personally identifiable information is shared with Google through these services.
Platform Services: If you subscribe to the App, Google Play or Apple App Store processes your payment. We receive only a confirmation of your subscription status and an anonymized account token — we never receive your payment details, name, or email address from these platforms. Google and Apple process your data according to their respective privacy policies.
5. International Data Transfer
Our servers are hosted in the United States (Oregon) via Render, Inc. When you use the App, your request (including your IP address) is routed to these servers. This constitutes a transfer of data to the United States. We rely on the necessity of the transfer for the performance of the service (Art. 49(1)(b) GDPR) as the legal basis for this transfer.
Aviation meteorological data served by the App may originate from the Deutscher Wetterdienst (DWD) in Germany, the NOAA Aviation Weather Center in the United States, and the FAA in the United States. This data is retrieved server-to-server by our backend — your device does not connect to these sources directly, and no personal data is transmitted to them.
Anonymized analytics and crash report data is processed by Google Firebase, which may transfer data to Google's servers in the United States. This transfer is governed by Google's data processing terms and standard contractual clauses.
6. Data Retention
- IP addresses: Not retained. Processed transiently during your request only.
- Device or account identifier: Retained on our server for up to 90 days from your last use of the flight tracking feature. After 90 days of inactivity, your record is automatically deleted.
- Flight tracking transaction logs: Retained for up to 180 days, then automatically deleted.
- Analytics data: Retained by Google Firebase for up to 14 months, then automatically deleted. This data is anonymized and aggregated.
- Crash reports: Retained by Google Firebase Crashlytics for up to 90 days.
- Local device data: Retained on your device until you clear the App's data or uninstall the App.
- Server-side aviation data: METAR, TAF, NOTAM, and SIGMET data is retained on our servers for the purpose of serving it to all users. This is not personal data.
7. Your Rights
Under GDPR (for EU/EEA users), Morocco's Law 09-08, and other applicable data protection laws, you have the right to:
- Access any personal data we hold about you
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Object to processing based on legitimate interest
- Data portability — receive your data in a structured format
To exercise any of these rights, contact us at loading... and we will respond within 30 days. To process your request, we may ask you to provide your device or account identifier (found in the App's settings) so we can locate your records.
For EU/EEA users: You have the right to lodge a complaint with your local data protection supervisory authority.
For Moroccan users: You may exercise your rights through the CNDP (Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel) at www.cndp.ma.
8. Children's Privacy
The App is designed for professional and student pilots. It is not directed at children under the age of 16 (or under 13 in the United States under COPPA). We do not knowingly collect data from children. If you believe a child has provided us with data, contact us at loading... and we will promptly delete it.
9. Security
We protect your data through encrypted connections (HTTPS/TLS), database access restrictions, API authentication, and regular security reviews. While no system is perfectly secure, we take reasonable measures to protect the limited data we process.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this document. Continued use of the App after changes constitutes acceptance of the updated policy.