Privacy Policy

Last Updated: 25/04/2026

RHBA ("we," "us," "our," or "Company") operates Radio Navigator (https://radionavigator.app), a radio navigation simulator application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

Note: This Privacy Policy is tailored for our UK and European users. As we expand to serve users in other regions, we will update this policy to include additional regional protections and disclosures.

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

2. What Information We Collect

We collect personal data necessary to provide the Service and comply with legal obligations. Currently, this data is collected only by our partners - Clerk, Paddle and Vercel, and only to the extent required for functionality.

Information You Provide

• Account Information: Email address, name (optional)
• Billing Information: Billing address, payment details (processed by Paddle - we do not store full card details). If you start with a Free Trial, your payment method is collected and held by Paddle at the start of the trial so the Subscription can convert automatically when the trial ends, unless you cancel first.
• Subscription Status: Your tier (free or pro), status (trialing, active, canceled, expired), the end date of your current billing period or trial, and the version of the Terms and Privacy Policy you accepted at checkout. This is stored in your account record at our authentication provider, Clerk.
• Communications: Support requests, feedback, correspondence

Information Collected Automatically

• Usage Data: Pages visited, features used, time spent
• Technical Data: IP address, browser type, operating system, device type
• Location Data: Country/region (derived from IP address, not precise location)
• Marketing and Advertising Data (with consent only): If you consent to marketing cookies, Google Ads and Meta Pixel may collect data such as pages visited, conversion events (e.g. sign-ups, purchases), device and browser information, and IP address, for the purpose of measuring advertising effectiveness

Information from Third Parties

We use service providers who process data on our behalf:

• Clerk (Authentication) - Refer to Clerk's policy
• Paddle (Payments) - Refer to Paddle's policy (paddle.com/legal/privacy)
• Vercel (Hosting & Analytics) - Refer to Vercel's policy
• Google (Advertising) - Google Ads conversion tracking, only with your consent - Refer to Google's privacy policy (policies.google.com/privacy)
• Meta (Advertising) - Meta Pixel conversion tracking, only with your consent - Refer to Meta's privacy policy (facebook.com/privacy/policy)

We do not purchase data from data brokers or third parties.

Free Trial Eligibility Check

When you start enrolment in a Free Trial, we check your account history with Paddle to verify that you have not previously held a Radio Navigator subscription, in line with our one-Free-Trial-per-customer policy (Terms of Service, Section 6.6). Legal basis: our legitimate interest in preventing abuse of the Free Trial offer.

Account Creation During Purchase

3. How We Use Your Information

We process your personal data for the following purposes:

4. Who We Share Your Data With

We do not sell your personal data.

We share data only with:

Service Providers (Processors)

• Clerk (United States) - Authentication processor
• Paddle (United Kingdom) - Payment processor
• Vercel (United States/global) - Hosting and analytics processor
• Upstash (United States) - Rate limiting and webhook processing (Redis database)
• Cookiebot (Usercentrics) (EU) - Cookie consent management
• Cloudflare (United States/global) - Bot detection (Turnstile) and edge security

For these providers, RHBA is the data controller and each provider acts as a processor on our behalf under a written data processing agreement meeting the requirements of Article 28 UK GDPR / EU GDPR. They process your personal data only on our documented instructions and for the purposes identified above, and they are contractually prohibited from using your personal data for their own purposes.

Joint Controllers (Advertising and Conversion Tracking)

• Google (United States) - Google Ads conversion tracking (only with your consent)
• Meta (United States) - Meta Pixel conversion tracking (only with your consent)

For advertising and conversion-tracking purposes, RHBA and each of Google and Meta act as joint controllers within the meaning of Article 26 UK GDPR / EU GDPR. This processing only takes place if you give explicit consent via our cookie banner; without that consent, the relevant tags and pixels are not loaded and no data is shared. Where the joint-controller arrangement applies, we are responsible for the lawful basis for sharing your data with these providers and for providing this notice; Google and Meta are responsible for their subsequent use of that data, including for their own advertising-measurement and modelling purposes, in accordance with their own privacy policies. You may exercise your rights against either joint controller; we encourage you to contact us first at privacy@radionavigator.app so we can coordinate a response.

5. Legal Bases for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Account data: Retained while your account is active by our Authentication provider Clerk, see their policy for more details.
• Payment and billing records: See Paddle policy (paddle.com/legal/privacy), this data is not stored by us.
• Usage and technical data: Anonymised, not currently tracked or retained by us.
• Support correspondence: Retained for the duration of your account plus at least 12 months after account deletion, unless longer retention is required.
• Inactive accounts: Accounts with no login activity for 12 or more months and no active subscription may be deleted.

Where data is processed by our third-party providers (Clerk, Paddle, Vercel), retention is also subject to their respective data retention policies.

7. Cookies and Tracking

We use cookies and similar technologies on this site. These fall into the following categories:

Strictly Necessary

These cookies and browser-storage entries are essential for the Service to function and cannot be disabled. Under PECR / the EU ePrivacy Directive they fall within the "strictly necessary" exemption, so no consent is required for them.

• Clerk session cookies for authentication
• Cookiebot consent preference cookie (records your cookie choices)
• Security cookies (CSRF protection)
• sessionStorage rn_subscription_status_<userId> — caches your subscription tier and trial status in your browser for up to 5 minutes to reduce repeated API calls and to keep the Pro paywall in sync with your real entitlement. Cleared when you close the browser tab.
• sessionStorage trial_ended_overlay_dismissed:<userId> — records that you have dismissed the trial-ended overlay so it is not re-shown on every navigation within the same session. Cleared when you close the browser tab.
• sessionStorage rn_entitlement_refresh — throttles how often the app re-validates your entitlement on tab focus. Cleared when you close the browser tab.

The three sessionStorage entries above are first-party only and are not transmitted to any third party.

Analytics

Vercel Analytics is privacy-focused and does not use cookies or collect personal data. No consent is required.

Marketing (consent required)

The following marketing technologies are only activated if you give explicit consent via the cookie banner:

• Google Ads (gtag.js): Measures advertising conversions (e.g. sign-ups and purchases originating from Google Ads campaigns). May set cookies and collect browsing data, device information, and IP address.
• Meta Pixel: Measures advertising conversions from Meta platforms (Facebook, Instagram). May set cookies and collect browsing data, device information, and IP address.

How We Manage Consent

We use Cookiebot (provided by Usercentrics) to manage cookie consent. When you first visit the site, a consent banner is displayed. Marketing scripts are blocked until you actively consent. You can change or withdraw your consent at any time by clicking the cookie settings icon or contacting privacy@radionavigator.app.

You can also manage cookies through your browser settings, but disabling essential cookies may limit functionality.

Cookie Declaration

View full cookie declaration

8. Your Privacy Rights

Under UK GDPR and EU GDPR, you have the following rights:

Rights You Can Exercise

• Access - Request a copy of your personal data
• Rectification - Correct inaccurate or incomplete data
• Erasure - Request deletion of your data (subject to legal retention requirements)
• Restriction - Limit how we use your data in certain circumstances
• Portability - Receive your data in a portable format
• Objection - Object to processing based on legitimate interests
• Withdraw Consent - Where processing is based on consent

If you are outside the UK/EU, you may have additional rights under local law. Contact us to exercise them.

California Residents (CCPA / CPRA)

If you are a California resident and the California Consumer Privacy Act (as amended by the California Privacy Rights Act) applies to our processing of your personal information, you have the right to know what personal information we collect and how we use it, the right to request deletion and correction, the right to opt out of the sale or sharing of personal information, and the right not to be discriminated against for exercising these rights. We do not sell your personal information within the meaning of CCPA/CPRA and we do not share it for cross-context behavioural advertising except where you have given consent via our cookie banner. To exercise California rights, contact privacy@radionavigator.app.

Right to Lodge a Complaint

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:

• UK users: Information Commissioner's Office (ICO) — ico.org.uk
• EU/EEA users: Your local data protection authority

We encourage you to contact us first at privacy@radionavigator.app so we can try to resolve your concern directly.

How to Exercise Your Rights

Email: privacy@radionavigator.app

Response timeline: We respond to requests to exercise your rights within one (1) calendar month of receipt. Where a request is complex or we receive a large number of requests, we may extend this period by up to two further months and will notify you within the first month of the extension and the reasons for it.

There is no fee for exercising your rights, unless a request is manifestly unfounded or excessive, in which case we may either charge a reasonable administrative fee or refuse to act on the request. We may also need to verify your identity before responding, to prevent unauthorised disclosure of your personal data.

9. International Transfers and Retention

Our service providers (Clerk, Paddle, Vercel, Google, Meta) may process personal data in the United Kingdom, United States, and other locations outside the UK/EEA. These transfers are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner
• Providers' compliance with equivalent data protection frameworks

We do not store personal data directly on our own servers; our providers retain data in line with their respective policies and legal obligations.

10. Data Security

We take the security of your personal data seriously and apply technical and organisational measures appropriate to the risks of our processing, including:

• Transport Layer Security (TLS/HTTPS) for all traffic between your device and our Service
• Authentication, session management, and password hashing handled by Clerk, which operates under SOC 2 Type II
• Payment card data handled exclusively by Paddle (PCI DSS compliant) and never stored on our systems
• Role-based access controls on administrative interfaces, limited to a need-to-know basis, with multi-factor authentication enforced on owner accounts
• Supplier due diligence before onboarding any new processor, including a written data processing agreement that meets the requirements of Article 28 UK GDPR / EU GDPR
• Rate limiting, abuse monitoring, and fraud prevention across our API and payment flows
• Security headers, CSRF protection, and input validation on all user-facing endpoints

No method of electronic transmission or storage is fully secure. While we use commercially reasonable measures, we cannot guarantee absolute security.

If you believe your account or data has been compromised, contact us immediately at privacy@radionavigator.app so we can investigate and respond.

11. Data Breach Notification

We will notify regulators and affected individuals as required by applicable law in the event of a personal data breach.

12. Children's Privacy

In the UK and EU/EEA, the Service is not intended for users under 18. We do not knowingly collect or process personal data from anyone under 18 in these regions.

United States: In the US, the Service is not intended for users under 13. Users between 13 and 18 should have parental or guardian consent. We do not knowingly collect personal data from children under 13 in compliance with COPPA.

13. Third-Party Links

Our Service may link to third-party websites or services. This Privacy Policy does not apply to those third parties.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy, update the "Last Updated" date, and provide reasonable notice for material changes.

15. Contact Us

For privacy-related inquiries, requests, or complaints:

This Privacy Policy was last updated on 25/04/2026.

RHBA refers to Rory Bennett trading as RHBA.