NIMBLE AERO SARL ("we," "us," or "our") operates the Nimble Preflight mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Who We Are
We are NIMBLE AERO SARL, a company registered under Moroccan law (Société à Responsabilité Limitée), headquartered in Casablanca, Morocco.
For questions about this Privacy Policy, contact us at: loading...
2. Information We Collect
We do not create user accounts, and we collect only the minimum data necessary to operate the App.
The App is designed with a data-minimalist philosophy. Here is exactly what we process:
2.1 Information Automatically Processed
When you use the App, your device communicates with our servers to retrieve aviation weather and NOTAM data. In this process:
- IP Address: Your IP address is transmitted as part of standard internet communication. We use it solely for rate limiting (to prevent abuse) and routing your request. We do not log, store, or share your IP address. It exists only transiently in server memory for the duration of your request.
2.2 Live Flight Tracking — Device Identifier and Flight Numbers
The App includes an optional live flight tracking feature powered by Flightradar24. When you use this feature:
- Device or Account Identifier: To manage your monthly flight tracking allowance (10 lookups per month), we associate your usage with an identifier. This may be a randomly generated device identifier (UUID) created by the App, or your platform account identifier provided by Google Play or Apple (such as your Google Play subscription ID or Apple App Store account token). This identifier is used solely for credit management. We do not access your name, email, or other personal details from your Google or Apple account — only the anonymized account token provided by the platform for subscription and usage management.
- Flight Numbers: When you search for a flight, the flight number you searched for is logged alongside your identifier for credit accounting purposes.
This data is used solely to manage flight tracking credits and prevent abuse. It is not used for profiling, advertising, or any other purpose.
2.3 Information Stored on Your Device
The App stores the following data locally on your device (never transmitted to us):
- Your airport watchlist (ICAO codes you select)
- Cached weather data (METAR, TAF, SIGMET) for offline access
- Cached NOTAM data for offline access
- Your app settings and preferences
- Decoded SNOWTAM, MOTNE, and GRF results
This data is stored using standard Android/iOS local storage and is deleted if you uninstall the App.
2.4 Analytics & Crash Reporting
To improve the App's stability and understand which features are most useful, we use Google Firebase Analytics and Google Firebase Crashlytics. These services collect:
- Analytics events: Which screens you visit and which features you use (e.g., decoder usage, weather chart views, flight tracking). These events do not include your name, email, location, or any personal identifier — they are anonymous usage patterns.
- Crash reports: If the App crashes, Crashlytics automatically sends a report containing the error stack trace, your device model, and operating system version. This helps us find and fix bugs. Crash reports do not contain your identity or any personal data.
This data is processed by Google LLC (United States) under their Firebase privacy documentation. We use the Firebase free tier (Spark plan) and have not enabled any advertising or user-identification features.
2.5 Information We Do NOT Collect
We do not collect: names, email addresses, phone numbers, GPS location data, hardware device identifiers (IMEI, serial number), or advertising IDs.
3. How We Use Information
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| IP address (transient) | Rate limiting and request routing | Legitimate interest — service delivery and abuse prevention (Art. 6(1)(f)) |
| Device or account identifier | Flight tracking credit management | Legitimate interest — preventing service abuse (Art. 6(1)(f)) |
| Flight number searched | Credit transaction logging | Legitimate interest — service accounting (Art. 6(1)(f)) |
| Anonymous analytics events | Feature usage analysis and app improvement | Legitimate interest — service improvement (Art. 6(1)(f)) |
| Crash reports (stack trace, device model, OS) | Bug detection and stability improvement | Legitimate interest — service reliability (Art. 6(1)(f)) |
We do not use your data for advertising, profiling, marketing, or any purpose other than delivering the App's core functionality.
4. Data Sharing
We do not sell, rent, trade, or share any personal data with third parties.
The App retrieves aviation data from the following sources on your behalf:
- NOAA Aviation Weather Center (US federal government) — for METAR, TAF, and SIGMET data
- FAA Notice to Air Missions System (US federal government) — for NOTAM data
- Flightradar24 AB (Sweden) — for live flight tracking data (situational awareness only)
- Google Firebase (United States) — for anonymous analytics and crash reporting (no personal data transmitted)
When you use the live flight tracking feature, a request containing the flight number is sent to Flightradar24's servers. Flightradar24 may process this request according to their own privacy policy.
Government data sources (NOAA, FAA) may process your request according to their respective privacy policies.
Platform Services: If you subscribe to the App, Google Play or Apple App Store processes your payment. We receive only a confirmation of your subscription status and an anonymized account token — we never receive your payment details, name, or email address from these platforms. Google and Apple process your data according to their respective privacy policies.
5. International Data Transfer
Our servers are hosted in the United States (Oregon) via Render, Inc. When you use the App, your request (including your IP address) is routed to these servers. Analytics and crash data is processed by Google Firebase on servers in the United States. These constitute transfers of data to the United States. We rely on the necessity of the transfer for the performance of the service (Art. 49(1)(b) GDPR) as the legal basis for this transfer.
6. Data Retention
- IP addresses: Not retained. Processed transiently during your request only.
- Device or account identifier: Retained on our server for up to 90 days from your last use of the flight tracking feature. After 90 days of inactivity, your record is automatically deleted.
- Flight tracking transaction logs: Retained for up to 180 days, then automatically deleted.
- Local device data: Retained on your device until you clear the App's data or uninstall the App.
- Server-side aviation data: METAR, TAF, NOTAM, and SIGMET data is retained on our servers for the purpose of serving it to all users. This is not personal data.
- Analytics data: Anonymous usage events are retained by Google Firebase for up to 14 months, then automatically deleted. We do not export or store analytics data on our own servers.
- Crash reports: Crash data is retained by Google Firebase Crashlytics for up to 90 days.
7. Your Rights
Under GDPR (for EU/EEA users), Morocco's Law 09-08, and other applicable data protection laws, you have the right to:
- Access any personal data we hold about you
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Object to processing based on legitimate interest
- Data portability — receive your data in a structured format
To exercise any of these rights, contact us at loading... and we will respond within 30 days. To process your request, we may ask you to provide your device or account identifier (found in the App's settings) so we can locate your records.
For EU/EEA users: You have the right to lodge a complaint with your local data protection supervisory authority.
For Moroccan users: You may exercise your rights through the CNDP (Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel) at www.cndp.ma.
8. Children's Privacy
The App is designed for professional and student pilots. It is not directed at children under the age of 16 (or under 13 in the United States under COPPA). We do not knowingly collect data from children. If you believe a child has provided us with data, contact us at loading... and we will promptly delete it.
9. Security
We protect your data through encrypted connections (HTTPS/TLS), database access restrictions, API authentication, and regular security reviews. While no system is perfectly secure, we take reasonable measures to protect the limited data we process.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this document. Continued use of the App after changes constitutes acceptance of the updated policy.