Privacy Policy

We collect three buckets of data. We try to collect as little as possible while still being able to run the platform and verify claims.

• Running the platform. Authenticating you, rendering your account page, showing your claims and contributions, processing payments through Stripe.
• FAA cross-referencing. We use the airline code, flight number, route, and incident date you provide to match your claim against FAA Civil Penalty enforcement records. When a match is found, the FAA case number and fine are attached to the incident.
• Email notifications. Magic-link sign-in emails, claim confirmation emails, and FAA-match notifications when a record is attached to an incident you filed a claim on. These are transactional, not marketing.
• Public ledger. Verified claims are published with your anonymized display name. The underlying incident — flight details, narrative, FAA match status — becomes part of the public record.
• Service integrity. Detecting fraudulent claim filings, abusive comments, or attempts to defraud the solidarity pool.

• Publicly, in anonymized form. Once an incident is published, the flight, route, date, narrative, FAA match status, vote counts, and pool totals are visible to anyone on the internet. Your name and email are not attached — only the anonymized Member ABC123 identifier.
• With service providers we need to run Row30. Stripe (payments), Resend (transactional email), Supabase (database hosting), Vercel (application hosting), and Inngest (scheduled jobs like the daily FAA scraper). Each one only receives the data needed for its specific job — e.g. Stripe sees payment data but never your claim narratives; Resend sees your email and the email body but never your payment data.
• When we’re legally required to. Valid court orders, subpoenas, or government requests we cannot lawfully refuse. We will tell you about a request affecting your account unless the order prohibits it.
• We do not sell your data.Ever. No ad networks, no data brokers, no mailing-list rentals. Row30 doesn’t run advertising and has no business model that involves monetizing user data.

• Account record — kept until you request deletion (see your rights below).
• Published incidents are part of the public ledger and persist after account deletion. Your authorship is anonymized when you delete your account (the incident stays; the link to you is severed).
• Unverified or dismissed claims that never made it to publication are deleted when you close your account.
• Documents (boarding passes, receipts) are retained for as long as the underlying claim or published incident is active. Deleting your account removes any unattached documents; documents tied to a published incident are preserved as evidence in the ledger.
• Payment recordsare kept for as long as tax, accounting, and chargeback-window requirements demand (typically seven years for US tax records). Stripe’s own retention policies apply separately to data they hold.
• Email logs are retained for approximately 30 days for deliverability troubleshooting and then purged.

• Access. Your account page at /account shows your claims, contributions, and account details live from the database.
• Export. Email privacy@row30.com from your account email and we’ll send back a JSON file of every record we hold for you within 30 days.
• Correction.If something we hold about you is wrong, email privacy@row30.com and we’ll fix it.
• Deletion.You can delete your account anytime. Email privacy@row30.com from your account email; we’ll remove your account record and anonymize your authorship on any published incidents. Published incident records themselves stay in the public ledger.
• Opt out of email.Sign-in and claim-confirmation emails are essential to operating the platform and you can’t opt out while your account is active. We don’t send marketing email, so there’s nothing else to opt out of.
• Where applicable (GDPR, CCPA, similar regional laws): the rights granted by your local privacy law apply on top of the ones above. Email privacy@row30.com to exercise them.

Row30 uses session cookies only— the cookie that keeps you signed in. We don’t use analytics cookies, advertising cookies, or third-party tracking pixels. There is no cookie banner because there is nothing to consent to beyond the strictly-necessary session cookie.

The session cookie is HTTP-only, Secure (in production), and scoped to the Row30 domain. It expires automatically and is removed when you sign out.

Row30 is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has registered, email privacy@row30.com and we’ll remove the account.

We may update this policy. Material changes will be announced by email to active accounts and by an updated effective date at the top of this page. Continuing to use Row30 after changes take effect means you accept the new policy.

Privacy questions, data requests, or anything else covered above: privacy@row30.com.

For general support (not privacy-specific), use support@row30.com.