Privacy Policy
FollowMe GmbH
Based on the revised Swiss Federal Act on Data Protection (revFADP, SR 235.1), in force since 1 September 2023.
This privacy policy applies to FollowMe GmbH and to all apps and services offered under the name “FollowMe”.
The protection of your privacy is important to us. We respect your personality and privacy and ensure their protection as well as the lawful processing of your personal data in accordance with the revFADP. To the extent that the EU General Data Protection Regulation (GDPR) applies, we also comply with its requirements.
Personal data is any information relating to an identified or identifiable person (Art. 5 lit. a revFADP). Processing covers any handling of personal data, in particular storage, use, disclosure and deletion (Art. 5 lit. d revFADP).
Our core promise: We never share your personal data with third parties, except where this is strictly required to fulfil our contract with you or where we are legally obliged to do so. We do not sell your data, we do not rent your data, and we do not use it for third-party advertising profiling.
1. Data Controller #
The controller within the meaning of Art. 5 lit. j revFADP is:
FollowMe GmbH
Nelkenweg 6
7310 Bad Ragaz
Switzerland
For questions, suggestions or to exercise your rights, please contact us at info@followme.aero.
2. Scope #
This privacy policy applies to all products and services of FollowMe, in particular the FollowMe app, the website followme.aero and the Salt framework mobile plan. It applies analogously to future products and services unless otherwise specified.
3. What Data We Process #
3.1 At Registration #
For the app to function, we store the following information at registration:
- Flight crew member: yes / no
- First and last name
- Email address
- Airline / employer
- Rank
- Home airport
- Aircraft types flown
- Place of residence (optional – may be entered in your profile but is not required to use the app)
- Password (stored encrypted; additionally placed on the device in the operating system’s secure key store)
We do not verify the accuracy of this information. The use of pseudonyms or fictitious data is expressly permitted, provided this does not interfere with contract performance.
3.2 When Using the App #
Roster import: When you import your roster, we read only the “duties” from the plan. Other content (e.g. hotel stays, crew names) is not read. Imported duties are stored in our database and locally on your device. The original import file is stored encrypted on our server for a maximum of 3 months and is then automatically deleted.
Receiving shared content: If you forward rosters from other apps (e.g. an email or file app) to FollowMe, we receive that file for processing. Only the shared files are processed; there is no further access to the source app.
Device calendar: If you enable this in the app settings, the app can read events from the device calendar to incorporate them into the roster display. Access is read-only; FollowMe does not write entries into your calendar and does not transmit these events to our servers.
Camera and photo access: If you wish to upload a profile picture, the app will request one-time access permission to the photo library or camera. Only the image you select is transmitted. Access does not occur in the background.
File access: Used only when you actively select a file (e.g. a roster) and upload it to the app.
Device information: We collect anonymous technical device information such as model, operating system version and app version. This is linked in pseudonymised form to support and crash reports to help isolate errors. No device fingerprinting tracking takes place.
Network status: Used exclusively locally to check whether the device is online or offline (e.g. to control roster sync). Network status is not transmitted to our servers.
Purchases and subscriptions: Purchases are processed directly with Apple or Google. Only the type, time and validity are transmitted to us, which we link to your account. We do not receive payment data.
Authentication: If you sign in with a third-party account (e.g. Apple or Google), the login is performed via the respective OAuth procedure. We receive a pseudonymous user ID and – depending on your selection in the sign-in dialog – your email address. We never receive third-party passwords.
Push notifications: We use the OneSignal service (USA) to deliver push notifications. A device token and player ID are generated and linked to your account. The OneSignal servers also process technical events relating to push delivery. You can disable push notifications at any time in the device settings.
App usage analytics (Firebase Analytics): We use Firebase Analytics by Google to analyse app usage in order to make the app more stable and useful. The data processed includes an internal, pseudonymous user ID (which allows us to link usage to your FollowMe account), device data, app version, approximate location at country level (derived from the IP address) and usage events within the app. Google itself cannot link this data to a specific person without our involvement. The legal basis is Art. 31 para. 2 lit. f revFADP (overriding interest in app stability and improvement) and – to the extent the GDPR applies – Art. 6 para. 1 lit. f GDPR. A data processing agreement is in place with Google pursuant to Art. 9 revFADP and Art. 28 GDPR. We have reduced data sharing with other Google services to the minimum technically necessary. Further information can be found in the Google Privacy Policy.
Friends feature: To share your roster, you must establish a “friendship”. Friends can see your roster as long as the friendship exists. Your friends’ rosters and your friend list are stored on your device; your roster is stored on your friends’ devices.
Flight and position data: To display live status, position and statistics for individual flights, we access external third-party providers (see Section 5). These queries are made exclusively via our servers, transmitting only the flight number. No personal data of users is transmitted to those providers.
3.3 For the Mobile Plan (Salt framework) #
To activate the Salt framework mobile plan, we collect the following additional data:
- Full first and last name
- Residential address
- Phone number
- Copy of an official identity document
- Copy of the crew ID
This data is used exclusively to process the contract with Salt Mobile SA and is transmitted to Salt Mobile SA (see Section 5). Collecting this data is mandatory for activation of the mobile plan; without it, the plan cannot be activated.
3.4 When Visiting Our Website #
You may visit followme.aero and the support platform without providing personal information. During visits, technically necessary server logs are kept (IP address, timestamp, requested resource), which are stored for security and error analysis for a maximum of 90 days and then deleted or anonymised.
3.5 When Contacting Support #
For support requests, we process the content you submit (email address, description, possibly screenshots or rosters). This data is used exclusively to handle your request.
4. Purposes of Processing #
- Provision of our services: import, display and sharing of rosters, flight data, statistics and other app functions.
- Contract processing: management of your mobile plan, processing of orders and payments.
- Technical improvement: error correction, optimisation and further development of our products, including pseudonymous usage analysis.
- Communication: information about product changes, new app versions, technical topics, as well as FollowMe’s own notices about new or related products and services (see Section 6).
- Compliance with legal obligations: in particular accounting and tax retention obligations.
5. Third Parties and Data Transfers #
We use the following external services to operate our apps. For transfers to countries outside Switzerland / the EEA (in particular the USA), we ensure an adequate level of protection in accordance with Art. 16 para. 2 lit. d revFADP through standard contractual clauses and supplementary technical measures.
| Service / Provider | Purpose | Data | Location / Transfer |
|---|---|---|---|
| Salt Mobile SA | Activation and operation of mobile plan | Name, address, phone number, ID copy, crew ID | Switzerland (Salt Mobile SA) |
| OneSignal | Push notifications | Device tokens, player IDs, app usage events, possibly internal user ID | USA (Onesignal Inc.) |
| Firebase Analytics (Google) | App usage analysis, stability and improvement | Pseudonymous internal user ID, device info, app version, approximate location (country), usage events | USA (Google LLC) |
| Firebase Crashlytics (Google) | Crash reports, technical stability | Anonymised crash reports, device info, app version. No personal identifiers such as email or real name | USA (Google LLC) |
| Airlabs | Live flight status and position data | Flight number (no personal data of users) | EU (Airlabs) |
| Lufthansa Group API | Flight data of the Lufthansa Group | Flight number (no personal data of users) | EU / Germany (Deutsche Lufthansa AG) |
| OpenStreetMap | Display of maps / tiles | IP address when fetching tiles, map coordinates of the displayed region | UK / EU (OpenStreetMap Foundation) |
| Apple App Store / Google Play | Processing of in-app purchases and subscriptions | Type of purchase, time, validity (payment data remains with Apple/Google) | USA / Ireland |
| Apple Sign-In / Google Sign-In (if used) | Authentication via OAuth | For OAuth login: pseudonymous user ID, depending on selection email address | USA (Apple Inc., Google LLC) |
| FollowMe own servers | Database, account, roster sync, support | Account data, imported duties, friends lists, support requests | Switzerland / EU |
6. Marketing and Communication #
We do not use your data for third-party advertising profiling and do not pass it on to third parties for advertising purposes. We contact you by email or in-app notification in the following cases:
- contract-relevant and system-relevant messages, e.g. concerning your account, contract, invoices or security,
- information on product changes, new app versions and technical topics,
- occasional notices from FollowMe itself about new or related products and services (e.g. mobile plans, app extensions, offers for flight crew).
You can unsubscribe from promotional or product-related messages at any time via the unsubscribe link in the respective email or by sending a message to support@followme.aero. Unsubscribing has no effect on your other use of our services; contract-relevant and system-relevant messages are excluded from this.
7. Retention Period #
We store personal data only for as long as is necessary to fulfil the purpose or as required by statutory retention obligations.
- Account data: as long as your account exists. You can delete it at any time within the app.
- Imported roster data: as long as your account exists. Individual events can be deleted in your profile at any time.
- Import files (raw): a maximum of 3 months, encrypted on our server.
- Server logs: a maximum of 90 days.
- Firebase Analytics data: a maximum of 14 months, in line with Google’s default setting.
- Support correspondence: up to 3 years after closure of the matter.
- Contract and accounting records (Salt subscription, in-app purchases via FollowMe servers): 10 years pursuant to Art. 958f Swiss Code of Obligations.
- ID and crew ID copies for the Salt mobile plan: as long as the subscription exists, plus the statutory retention periods.
8. Your Rights #
In relation to your personal data, you have the following rights:
- Access to the personal data stored about you (Art. 25 revFADP)
- Rectification of inaccurate data (Art. 32 para. 1 revFADP)
- Erasure of your data, unless a statutory retention obligation prevents this
- Restriction of processing
- Data release and portability (Art. 28 revFADP)
- Objection to certain processing activities
- Withdrawal of consent given, with effect for the future
To exercise your rights, an email to info@followme.aero is sufficient. You can also delete your account directly within the app.
You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch). To the extent that the GDPR applies, this right of complaint also exists with the relevant EU supervisory authorities.
9. Data Security #
We take appropriate technical and organisational measures pursuant to Art. 8 revFADP to protect your data – including encrypted transmission (TLS), encrypted storage of sensitive data on the device, access-restricted databases and regular security updates. Despite all measures, residual risk cannot be entirely excluded when transmitting information over the internet; we cannot guarantee absolute security.
10. No Disclosure to Third Parties #
FollowMe does not disclose your personal data to third parties under any circumstances, with the following – exclusive – exceptions:
- Disclosure is strictly required to perform the contract concluded with you (e.g. transmission of your data to Salt Mobile SA to activate your mobile subscription).
- You have expressly consented to the disclosure.
- We are legally required to disclose by virtue of a legally binding decision of a Swiss authority or court.
We do not sell, rent or trade your data. We do not use it for advertising profiling or third-party targeting. Agreements on data processing pursuant to Art. 9 revFADP are in place with all technical processors (see Section 5); we remain the data controller throughout.
11. Changes to This Privacy Policy #
We may amend this privacy policy to adapt it to changed legal requirements, new functions or new third-party providers. The current version is available at followme.aero. For material changes, in particular concerning new data categories, new recipients or changed purposes, we will notify you in good time by email or in-app notification.
Last updated: 12 May 2026
