Last updated: 22 June 2026
When you create an account, we collect: your email address; a securely hashed version of your password (we never store your password in plain text); your chosen home airport and watchlist destinations; and, if you choose to provide them, a Telegram bot token and chat ID. When you subscribe, Stripe (our payment processor) shares with us a customer ID and subscription ID so we can manage your billing status — we never see or store your card details, which are handled entirely by Stripe.
We do not ask for, collect, or store your Wizz Air login credentials. AYCF availability data shown in the Service comes from our own scanning account, not from accessing your personal Wizz Air account.
We use your data solely to: operate your account and authenticate your login; personalise the dashboard to your chosen home airport and watchlist; process your subscription via Stripe; and, if you've configured it, send you notifications via Telegram.
We share billing-relevant data with Stripe, Inc. to process payments. We do not sell, rent, or otherwise share your personal data with any other third party. If you configure Telegram notifications, your message content is sent via Telegram's own infrastructure, subject to Telegram's privacy policy.
We retain your account data for as long as your account remains active. If you cancel your subscription, we retain your account data in case you wish to reactivate, and will delete it on request (see below) or after a reasonable period of inactivity.
You can review and update your preferences (home airport, watchlist, Telegram settings) at any time from Settings. You can request a copy of your data, request correction, or request deletion of your account and associated data by contacting us at [email protected]. If you are in the EU/EEA or UK, these rights are provided under the GDPR / UK GDPR.
We use a single session cookie to keep you signed in. We do not use third-party advertising or tracking cookies. The Service loads a styling library (Tailwind CSS) from a third-party CDN, which may log standard request metadata (such as IP address) as part of serving that file.
Passwords are stored using industry-standard one-way hashing. We take reasonable technical measures to protect your data, but no system is 100% secure, and we cannot guarantee absolute security.
We may update this policy from time to time; material changes will be reflected by updating the "last updated" date above.
Questions about this policy, or requests to access, correct, or delete your data, can be sent to [email protected].