Privacy Policy

Last updated: 22 December 2025

1. Introduction

Skytext ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our flight tracking SMS notification service.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our service, you consent to the data practices described in this policy.

2. Information We Collect

We collect the following types of information:

  • Contact Information: Mobile phone numbers for sending SMS notifications
  • Flight Information: Flight numbers, departure and arrival airports, travel dates, and traveller names you provide
  • Payment Information: Payment details are processed securely by Stripe and are not stored on our servers
  • Technical Data: IP address, browser type, and device information for service improvement
  • Usage Data: Information about how you interact with our service

3. How We Use Your Information

We use the information we collect to:

  • Provide real-time flight tracking SMS notifications to you and your designated recipients
  • Process payments for our services
  • Communicate with you about your tracked flights and service updates
  • Improve and optimise our service
  • Comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract: Processing is necessary to fulfil our contract with you to provide flight tracking notifications
  • Consent: Where you have provided consent for us to send SMS notifications to recipients you designate
  • Legitimate Interests: To improve our services and ensure security
  • Legal Obligation: To comply with applicable laws and regulations

5. Third-Party Services

We use the following third-party services to operate Skytext:

  • Stripe: For secure payment processing. Stripe's privacy policy is available at stripe.com/privacy
  • Twilio: For sending SMS notifications. Twilio's privacy policy is available at twilio.com/legal/privacy
  • Flightradar24: For obtaining real-time flight position data
  • Supabase: For secure data storage
  • Vercel: For website hosting

These providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK data protection law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Flight tracking data is retained for 90 days after the flight date to allow you to review your tracking history. Payment records are retained for 7 years as required by UK tax law. You may request deletion of your data at any time, subject to our legal obligations.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure authentication protocols, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Cookies

We use essential cookies necessary for the operation of our website. These cookies do not collect personal information for marketing purposes. We do not use advertising or tracking cookies.

10. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, or wish to exercise your data protection rights, please contact us at:

Email: privacy@skytext.co

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at ico.org.uk.