CrewHub

Privacy Policy for CrewHub

Effective Date: February 8, 2026
Last Updated: March 10, 2026

Introduction

Welcome to CrewHub. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this privacy policy carefully. By using CrewHub, you agree to the collection and use of information in accordance with this policy.

Information We Collect

1. Personal Information You Provide

When you register and use CrewHub, we collect the following personal information:

  • First Name and Last Name
  • Employee Number (unique identifier)
  • Job Position (Captain, First Officer, or Flight Attendant)
  • Display Name (used when contributing to the Overnights community)
  • Registration Date (automatically recorded when you create your profile)

How We Collect It: You provide this information during the onboarding process when you first set up your CrewHub account.

Where We Store It:

  • Locally on your device: Encrypted in your device’s Keychain (iOS secure storage)
  • Cloud Storage: Synced to your personal iCloud account using Apple CloudKit Public Database

2. Optional Contact Information

  • Email Address: We only collect your email address if you choose to provide it when submitting feedback through the app.

Purpose: To follow up on your feedback or support requests if necessary.

3. Schedule and Flight Data

CrewHub connects to your airline’s AIMS eCrew system to retrieve your work schedule.

What We Collect:

  • Your complete crew schedule including flight numbers, airports, times, and duty information
  • Trip details including block time, credits, TAFB, per diem, and required rest
  • Hotel assignments including names, addresses, phone numbers, and reference codes
  • Deadhead booking information including PNR locators and carrier details
  • Crew manifest data for your flights (other crew members’ names, positions, and employee numbers)

How We Collect It: When you log in to AIMS eCrew through the app, schedule data is extracted from the airline’s web portal via an embedded browser (WKWebView). The app also retrieves live flight information (status, gates) from an aviation data API through a secure proxy.

Where We Store It:

  • Locally on your device: Cached in a JSON file in the app’s private storage (not accessible to other apps)
  • Retention: Schedule data older than 6 months is automatically pruned

Important Privacy Protections:

  • Schedule data is stored only on your device — it is not uploaded to any cloud service
  • AIMS eCrew login credentials are handled by your airline’s Okta SSO system and are never stored by CrewHub
  • AIMS session cookies are kept temporarily to maintain your login and are cleared when you log out
  • The app periodically refreshes your AIMS session in the background to keep it active

4. Calendar Sync (Optional)

CrewHub can optionally sync your flight schedule to your device’s calendar.

What We Access:

  • Read/write access to your calendars (requires your explicit permission)
  • The app creates or uses a dedicated “CrewHub” calendar

What We Write:

  • Trip events with flight details, times, airports, hotel info, and duty summaries
  • Off-day events (if you enable this option)

Where It’s Stored: In your device’s calendar system (EventKit), which may sync to iCloud or other calendar accounts you’ve configured.

Important Privacy Protections:

  • Calendar sync is entirely optional and off by default
  • You choose which calendar to sync to
  • You can disable sync at any time, which removes all CrewHub-created events
  • CrewHub does not read your existing personal calendar events

5. Location Data

CrewHub uses your device’s location services to provide airport-related features.

What We Collect:

  • Approximate location (coarse location accuracy at the kilometer level)
  • Nearest airport to your current location

How We Use It:

  • To calculate and display the nearest airport to your location
  • To provide distance calculations for crew convenience
  • To display the nearest airport in the home screen widget (if enabled)

Important Privacy Protections:

  • Location data is never stored permanently on your device or in cloud storage
  • Location data is never transmitted to our servers or any third parties
  • A temporary location cache (maximum 30 minutes old) is shared with the home screen widget via App Group storage for convenience; this cache is automatically invalidated
  • Location is only used temporarily while the app is active and you’re viewing airport information
  • You can deny location permission entirely and still use other features of the app

Permission Required: “When In Use” location permission (the app only accesses location while you’re actively using it)

6. Community-Contributed Content (Overnights)

When you contribute to the Overnights feature, the following data is collected and stored:

  • City items you add (hotel, food, coffee, and entertainment recommendations) including name, address, phone number, and website
  • Notes you post on city items (public or private)
  • Star ratings you provide on items
  • Your display name (shown alongside your contributions)
  • Your user ID (linked to contributions for edit/delete permissions)
  • Timestamps (creation and modification dates)

Where We Store It: Firebase Firestore (Google Cloud Platform)

Privacy Controls:

  • You can mark notes as private (visible only to you)
  • You can only edit or delete your own contributions
  • Your display name is visible to other CrewHub users alongside your contributions

7. Personal Airport Notes

You can write personal notes on individual airports for your own reference.

Where We Store It: Locally on your device in UserDefaults. Personal airport notes are never uploaded to any cloud service and remain entirely on your device.

8. Weather Data Requests

When you view weather information, the app makes requests to public government APIs:

  • Aviation Weather Center (aviationweather.gov) for METAR and TAF data
  • National Weather Service (api.weather.gov) for daily and hourly forecasts (US airports only)

What We Send: Only the airport ICAO code or coordinates. No personal data is transmitted to these services.

Caching: Weather data is cached temporarily in memory (15 minutes for METAR/TAF, 1 hour for NWS forecasts) and is not persisted to disk.

9. Device and Technical Information

We automatically collect certain device and usage information to improve app performance and troubleshoot issues.

Basic Information (collected for all users):

  • App version number
  • Last active timestamp (for session management and security)

Detailed Debug Information (only collected when you submit a bug report):

  • Device model (e.g., “iPhone 15”)
  • iOS version
  • Device name
  • Screen dimensions and scale
  • Memory usage statistics
  • Storage capacity (total and available space)
  • Battery level and charging state
  • Network type (WiFi, Cellular, or No Connection)
  • Locale, language, and time zone
  • App state (active, inactive, or background)
  • Low Power Mode status
  • Accessibility features you’ve enabled (VoiceOver, Bold Text, Reduce Motion, etc.)
  • Device identifier for vendor (an anonymized identifier unique to this app)
  • Background refresh status
  • CloudKit availability
  • Date and time of the report

10. In-App Purchases

CrewHub offers optional premium subscriptions through the Apple App Store.

What We Collect:

  • Subscription status (active, expired, or cancelled)
  • Product identifiers for your purchased subscriptions

Where It’s Stored: Managed entirely by Apple’s StoreKit framework — CrewHub does not store payment information, credit card details, or billing addresses.

11. Usage Information

  • Last Active Date: We track when you last used the app for security purposes (session timeout after 1 hour of inactivity)
  • Logbook Download History: If you download logbook data, we record the date ranges and download timestamps

12. Feedback and Support Data

When you submit feedback or report a bug through the app:

What We Collect:

  • Your feedback text/description
  • Feedback category (General Feedback, Bug Report, Feature Request, Airport Data Issue, Performance Issue, or Other)
  • Submission timestamp
  • Your profile information (employee number and position)
  • Device information (detailed debug info for bug reports, basic info for other feedback)
  • Optional: your email address (only if you provide it)

Where We Store It: Firebase Firestore (Google Cloud Platform)

How We Use Your Information

  1. Account Management
    • Creating and maintaining your CrewHub profile
    • Syncing your profile across your devices via iCloud
    • Authenticating your identity via Sign in with Apple (optional)
  2. App Functionality
    • Providing position-specific features and information
    • Calculating nearest airports
    • Displaying weather data for airports
    • Enabling community-contributed overnight recommendations
    • Managing your session security
  3. Security
    • Implementing automatic session timeout after 1 hour of inactivity
    • Protecting your data with device biometric authentication (Face ID/Touch ID)
    • Detecting and preventing unauthorized access
  4. Customer Support
    • Responding to your feedback and support requests
    • Following up on bug reports and issues
  5. App Improvement
    • Analyzing feedback to identify areas for improvement
    • Understanding app performance across different devices and iOS versions
    • Planning new features based on user requests
    • Debugging and fixing technical issues

Data Storage and Security

Local Storage (Your Device)

  • Keychain: Your profile information is encrypted and stored in the iOS Keychain, Apple’s most secure storage system
  • UserDefaults: Session management data (last active time, onboarding completion status), personal airport notes, and airport favorites are stored locally
  • App Group UserDefaults: Temporary cached data shared with the home screen widget (nearest airport, cached location)
  • App Storage: Schedule data, crew manifests, hotel info, and trip summaries are cached in JSON files in the app’s private storage directory (not accessible to other apps). This cache is automatically pruned after 6 months.
  • Calendar: If you enable calendar sync, flight events are written to your device’s EventKit calendar system
  • Memory Only: Location data and weather cache are only held in memory temporarily and never persisted to disk

Cloud Storage (iCloud)

  • CloudKit Public Database: Your profile information is synced to your personal iCloud account
  • Encryption: Data is encrypted both in transit (HTTPS/TLS) and at rest using Apple’s encryption standards
  • Access Control: Only you can access your iCloud data (tied to your Apple ID)
  • Ownership: Your iCloud data belongs to you and is subject to Apple’s terms and privacy policy

Remote Storage (Firebase)

  • Firestore Database: Community-contributed overnight recommendations, feedback submissions, and bug reports are stored in Firebase Firestore
  • Firebase Authentication: Anonymous authentication is used by default; Sign in with Apple is available for cross-device data persistence
  • Encryption: All data is transmitted over HTTPS and encrypted at rest
  • Access Control: Only authorized CrewHub administrators can access feedback data; community content is visible to all CrewHub users
  • Security: Firebase provides enterprise-grade security and compliance

Security Measures

  1. Device-Level Security
    • Biometric authentication (Face ID/Touch ID) or device passcode required after timeout
    • Secure Keychain storage for sensitive profile data
    • Automatic session timeout after 1 hour of inactivity
  2. Network Security
    • All network communications use HTTPS encryption (TLS 1.2 or higher)
    • Certificate pinning where applicable
  3. Access Controls
    • Limited employee access to backend systems
    • No direct access to individual user data without proper authorization
  4. Authentication
    • Your biometric data (Face ID/Touch ID) never leaves your device
    • We never store or have access to your biometric information
    • Authentication is handled entirely by iOS Secure Enclave

Third-Party Services

CrewHub integrates with the following third-party services:

AIMS eCrew (Sun Country Airlines)

What We Access: Your airline work schedule, crew data, and trip details through the AIMS eCrew web portal

Purpose: Providing schedule management, flight tracking, and crew coordination features

How It Works: The app loads the AIMS eCrew portal in an embedded browser. Your login credentials are handled by your airline’s Okta SSO — CrewHub never sees or stores your password. Data is extracted from the portal and cached locally on your device.

Privacy Policy: Subject to your airline’s employee data privacy policies

Apple iCloud (CloudKit)

What We Share: First name, last name, employee number, position, registration date, last active date, app version

Purpose: Syncing your profile across your devices

Privacy Policy: Apple Privacy Policy

Note: We use CloudKit Public Database, which means data is associated with your Apple ID but can be accessed by our app. You control your iCloud data through your Apple ID settings.

Google Firebase (Firestore & Authentication)

What We Share: Community-contributed overnight content (city recommendations, notes, ratings), feedback submissions, bug reports, device diagnostics, and optional email addresses

Purpose: Storing and syncing community content, collecting and managing user feedback, and providing authentication for cross-device data persistence

Privacy Policy: Google Firebase Privacy Policy

Data Location: Firebase servers (typically in the United States, but may vary based on Firebase configuration)

Apple Core Location

What We Use: iOS Location Services framework

Purpose: Determining your approximate location to find nearest airport

Privacy Policy: Apple Privacy Policy

Note: Location data is processed entirely on your device and never shared with Apple or any other party.

Apple EventKit (Calendar)

What We Access: Write access to your calendar to sync flight schedules (optional, requires explicit permission)

Purpose: Keeping your flight schedule visible alongside personal calendar events

Privacy Policy: Apple Privacy Policy

Note: CrewHub does not read your existing calendar events. It only writes to a dedicated CrewHub calendar.

Apple StoreKit (In-App Purchases)

What We Access: Subscription transaction status via Apple’s App Store

Purpose: Managing premium feature access

Privacy Policy: Apple Terms and Conditions

Note: All payment processing is handled by Apple. CrewHub never receives or stores payment details.

Aviation Weather Center (FAA)

What We Send: Airport ICAO codes

Purpose: Retrieving METAR and TAF weather observations and forecasts

Privacy Policy: FAA Privacy Policy

Note: No personal data is transmitted. Only airport identifiers are sent to retrieve weather data.

National Weather Service (NOAA)

What We Send: Airport geographic coordinates (latitude/longitude)

Purpose: Retrieving 7-day daily and hourly weather forecasts for US airports

Privacy Policy: NOAA Privacy Policy

Note: No personal data is transmitted. Only geographic coordinates are sent to retrieve forecast data.

OFI Aviation Data (via Secure Proxy)

What We Send: Flight numbers and dates to retrieve live flight status information

Purpose: Displaying real-time flight data (gates, status, delays)

How It Works: Requests are routed through a secure Firebase Cloud Function proxy that requires authentication. No personal data is included in flight data requests.

Sign in with Apple

What We Receive: An anonymized Apple ID token

Purpose: Optional cross-device authentication to preserve your Overnights contributions and data when switching devices or reinstalling

Privacy Policy: Apple Privacy Policy

Note: We do not receive your actual Apple ID email address or personal details unless you choose to share them.

Data Sharing and Disclosure

We Do NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers or marketing companies
  • Use analytics or tracking SDKs beyond Firebase for feedback and community features
  • Share your data with other airlines or aviation companies
  • Transmit your location data to any server or cloud service
  • Access your photos, camera, contacts, or microphone
  • Read your existing personal calendar events (calendar sync only writes CrewHub events to a dedicated calendar)

We MAY Share Data:

  • With Service Providers: We use Apple, Google, and US government weather services as described above to provide app functionality
  • Community Content: Overnight city recommendations, public notes, and ratings you contribute are visible to other CrewHub users
  • For Legal Compliance: We may disclose your information if required by law, court order, or governmental regulation
  • For Safety: We may disclose information if we believe it’s necessary to prevent harm to safety or security
  • Business Transfers: If CrewHub is acquired or merged with another company, your data may be transferred to the new entity (you would be notified of any such change)

Your Privacy Rights and Choices

1. Access Your Data

You can view your profile information at any time in the app’s Settings screen.

2. Update Your Data

You can update your position information through Settings > Edit Position.

3. Export Your Data

You can export a complete copy of all data associated with your account:

  1. Open Settings in CrewHub
  2. Tap “Export My Data” under Privacy & Data
  3. Review your data in JSON format
  4. Share or save the export file

4. Delete Your Data

You can permanently delete your CrewHub account and all associated data:

  1. Open Settings in CrewHub
  2. Tap “Delete My Account” under Privacy & Data
  3. Confirm deletion

What Gets Deleted:

  • All profile data from iCloud (CloudKit records)
  • All profile data from your device (Keychain)
  • Firebase authentication account
  • Logbook download history from iCloud
  • Local session data, schedule cache, and calendar sync mappings
  • All locally stored preferences and settings

What Does NOT Get Deleted:

  • Community-contributed overnight content (city recommendations, public notes, and ratings) — these remain available to the community but your identity is disassociated
  • Feedback and bug reports previously submitted to Firebase (these are anonymized after account deletion)
  • Personal airport notes (stored locally; removed when the app is uninstalled)
  • You may need to manually delete app data from your iCloud settings if desired

Note: This action is permanent and cannot be undone. You’ll need to re-onboard if you wish to use CrewHub again.

5. Opt Out of Location Services

You can control location access at any time:

  • System Settings: Settings > Privacy & Security > Location Services > CrewHub
  • Options: Never, Ask Next Time, While Using the App
  • Impact: Airport location features and the nearest airport widget won’t work without location permission, but all other features remain available

6. Opt Out of Providing Email

When submitting feedback, simply leave the email field blank if you don’t want to be contacted.

7. Manage iCloud Sync

You can control iCloud syncing for CrewHub:

  • Settings > [Your Name] > iCloud > Apps Using iCloud > CrewHub
  • Turn off iCloud sync if you prefer device-only storage (note: your profile won’t sync across devices)

8. Control Community Contributions

  • You can mark notes as private so only you can see them
  • You can delete any content you’ve contributed (items, notes)
  • You can disconnect your Apple ID in Settings to unlink your identity from future contributions

Children’s Privacy

CrewHub is designed for airline crew members (employees) and is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

International Data Transfers

iCloud Data: When you use iCloud, your data may be transferred to and stored in Apple data centers worldwide, in accordance with Apple’s privacy policy and data protection standards.

Firebase Data: Community content and feedback data is stored on Google Firebase servers, which may be located in the United States or other countries. Firebase complies with applicable data protection regulations including GDPR for European users.

Weather Data: Weather requests are sent to US government servers (aviationweather.gov and api.weather.gov). No personal data is included in these requests.

Data Retention

Data Type Retention Period
Profile InformationUntil you delete your account or uninstall the app
iCloud RecordsUntil you delete your account or manually delete from iCloud
Schedule DataCached locally for up to 6 months; automatically pruned
Crew Manifest DataCached alongside schedule data (up to 6 months)
Calendar EventsUntil you disable calendar sync or delete them
Community Content (Overnights)Stored indefinitely for community benefit; you can delete your own contributions at any time
Feedback SubmissionsStored indefinitely for app improvement (anonymized after account deletion)
Bug ReportsStored indefinitely for technical support and debugging
Personal Airport NotesUntil you clear them or uninstall the app (device-only)
Location DataNever stored permanently; temporary cache expires after 30 minutes
Weather CacheIn-memory only; expires after 15 minutes (METAR/TAF) or 1 hour (forecasts)
Session DataAutomatically expires after 1 hour of inactivity
AIMS Session CookiesMaintained while app is active; cleared on logout
Subscription StatusManaged by Apple; persists with your Apple ID
Logbook Download HistoryUntil you delete your account

Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • In-app notifications for material changes
  • Updated “Last Modified” date at the top of this policy
  • Email notification if you’ve provided an email address (for significant changes)

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  1. Right to Know: You can request what personal information we collect, use, and share
  2. Right to Delete: You can request deletion of your personal information (available in app via “Delete My Account”)
  3. Right to Opt-Out: You have the right to opt out of the “sale” of personal information (Note: We do NOT sell your personal information)
  4. Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, use the in-app features or contact us at the address below.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR:

  1. Right of Access: Request access to your personal data
  2. Right to Rectification: Request correction of inaccurate data
  3. Right to Erasure: Request deletion of your data (“right to be forgotten”)
  4. Right to Restrict Processing: Request limitation of how we use your data
  5. Right to Data Portability: Receive your data in a structured, machine-readable format (available via “Export My Data”)
  6. Right to Object: Object to processing of your data
  7. Right to Withdraw Consent: Withdraw consent at any time
  8. Right to Lodge a Complaint: File a complaint with your local data protection authority

Data Controller: CrewHub (Contact: CrewHubSCX@gmail.com)

Do Not Track Signals

CrewHub does not use tracking technologies for advertising purposes. We do not respond to Do Not Track (DNT) signals because we do not track users for advertising or across third-party websites.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: CrewHubSCX@gmail.com
Support: https://www.CrewHubApp.com

Response Time: We aim to respond to privacy inquiries within 30 days (or as required by applicable law).

Your Consent

By using CrewHub, you consent to this Privacy Policy and agree to its terms.

App Store Privacy Nutrition Label

For transparency, here’s a summary of what we report to Apple for the App Store Privacy Nutrition Label:

Data Linked to You:

  • Name (First and Last Name)
  • Email Address (Optional, only if provided for feedback)
  • User Content (Feedback text, community contributions, schedule data)
  • Identifiers (Employee Number, Firebase UID)
  • Usage Data (Device information, app version, last active date)
  • Diagnostics (Bug report information)
  • Purchases (Subscription status managed by Apple)

Data Not Linked to You:

  • Coarse Location (Used temporarily, not stored)

Data Used to Track You:

  • None — We do not track you across apps or websites

Data Not Collected:

  • Precise Location
  • Physical Address
  • Phone Number
  • Health & Fitness Data
  • Financial Information (payments handled entirely by Apple)
  • Contacts
  • Browsing History
  • Search History
  • Photos or Videos
  • Audio Data
  • Sensitive Info

Glossary

  • Keychain: Apple’s encrypted storage system for sensitive data on iOS devices
  • CloudKit: Apple’s cloud storage service integrated with iCloud
  • Firestore: Google’s cloud database service, part of Firebase
  • Face ID/Touch ID: Apple’s biometric authentication technologies
  • Secure Enclave: A dedicated security chip in Apple devices that stores biometric data
  • TLS/HTTPS: Secure encryption protocols for data transmission over the internet
  • JSON: A standard file format for data export (JavaScript Object Notation)
  • METAR: Meteorological Aerodrome Report, a standard format for reporting weather at airports
  • TAF: Terminal Aerodrome Forecast, a standard format for weather forecasts at airports
  • ICAO: International Civil Aviation Organization airport identifier codes
  • NWS: National Weather Service, a US government agency providing weather forecasts

Thank you for trusting CrewHub with your information. Your privacy is important to us.
This privacy policy was last updated on March 10, 2026. Version 1.2