Legal

Privacy Policy - 5X Wingman

Effective Date: February 2026 · Last Updated: July 2026

Welcome to 5X Wingman ("the App"), a mobile application for pilot schedule tracking and layover tools. This Privacy Policy explains how we collect, use, store, and protect your information when you use the App or visit 5xwingman.com. By using the App or website, you agree to the practices described here. For the full Terms of Service, see our Terms of Service.

Aviation and Safety Disclaimer (Critical)

5X Wingman is an informational tool only. It is not FAA-certified, approved, or endorsed by any airline, the Independent Pilots Association (IPA), or any regulatory authority. The App does not replace official airline schedules, logbooks, crew management systems (CMS/JCT), or any regulatory requirements under Federal Aviation Regulations (FARs), including 14 CFR Parts 121 and 117 duty and rest rules.

You are solely responsible for verifying the accuracy of all data displayed in the App. This includes, but is not limited to, report times, flight times, duty periods, rest requirements, layover durations, deadhead information, contract warnings, pay/credit estimates, live data overlays, Trip Kit exports, and any parsed roster or schedule data. Errors or inaccuracies in the App can have serious professional consequences, including potential violations of duty/rest rules, regulatory infractions, or career-ending outcomes. Always cross-check all information against your official airline sources (e.g., CMS Workschedule or JCT Details page) before relying on it.

Offline data, parsed rosters, live flight information, contract-rule alerts, pay/credit estimates, layover information, and exported documents may be delayed, incomplete, unavailable, or incorrect. Official airline, company, FAA, CMS, JCT, and other authoritative sources always control over anything displayed or generated by the App.

Your use of the App must comply at all times with:

  • All applicable laws and regulations, including Federal Aviation Regulations (FARs) and 14 CFR Parts 121 and 117;
  • Your airline's Standard Operating Procedures (SOPs), policies, and procedures;
  • Company rules and the IPA collective bargaining agreement;
  • Any other restrictions on electronic device use during flight or critical phases of operation.

You agree not to use the App in any manner or at any time that is prohibited by law, regulation, airline policy, or safety requirements. We disclaim any liability for any consequences arising from your use (or misuse) of the App in violation of these rules.

5X Wingman is an independent application and is not affiliated with, endorsed by, sponsored by, or part of United Parcel Service Co. (UPS), the Independent Pilots Association (IPA), any airline, the FAA, or any other regulatory authority. References to any airline, union, system, contract, or regulator are for identification and informational purposes only.

1. Data We Collect

We collect the following data directly from you, your device (with your permission), or via imports you initiate:

  • Account and Profile Data: Email address, password (hashed), first/last name, display name, domicile/base, seat position, preferences, account status, family account status, invite relationships, and the last 4 digits of your GEMS number submitted for eligibility review.
  • Schedule and Roster Data: Flight/duty/vacation schedules, trips, legs, custom calendar events (e.g., bid/pay periods), layover reviews/ratings/text, transportation records, parking spots (latitude/longitude and labels), user presence (check-in/check-out), Family/Friend sharing settings, live flight status, and exported schedule content.
  • Crew, Family, and Contact Data: Crewmember names/phone numbers, family invite details, and contact entries added manually or from your device's contacts with your explicit permission.
  • Location Data: Precise foreground and background location (with permission) solely for parking navigation and maps.
  • Device and Usage Data: Device identifiers, analytics (e.g., usage patterns), subscription status, and cached/offline data.
  • Email-Parsed Data: From roster/schedule/travel emails you forward or import (via Resend.com): sender email (to match your account), email metadata needed for processing, and parsed schedule details.
  • Photo/Media Data: Access to your photo library (read/write, with permission) for exports, sharing, and uploading layover photos and other app media to Supabase Storage.
  • Other Permissions: Contacts (for adding crew — explicit action only); local network (development only).

2. How We Use Data

  • To provide core features (schedule syncing, parking navigation, user-to-user and family sharing, live flight display, exports, Trip Kit, layover tools, and contract-rule summaries).
  • To parse and import roster data from emails you forward.
  • For account management, eligibility review, invite management, subscription processing, security, fraud prevention, support, and service improvements.
  • Analytics (non-personal, aggregated or anonymized) to fix bugs and enhance the App.

We do not use your data for advertising or to track you across other apps/websites.

3. Data Storage and Sharing

Data is stored both locally on your device (secure local storage for offline access) and in the cloud (Supabase for authentication, database, realtime, and Storage; AWS Amplify for hosting).

We share data only with trusted third-party service providers under strict contracts and only as necessary:

  • RevenueCat (subscription management)
  • Supabase (authentication, database, realtime, storage)
  • Resend.com (email parsing)
  • AWS Amplify (website hosting/storage)
  • Apple App Store and Google Play (distribution and purchases)
  • Google (Maps/Places for location search; Google Calendar API when you choose Connect/Sync)

Google Calendar sync (optional, user-initiated): If you connect Google Calendar in the App, we store an encrypted OAuth refresh token on our servers and send schedule event details you choose to export (trip/leg/reserve times, titles, airports, and related descriptions) to Google so they can appear on a calendar you select. This does not include pay credit, hotel confirmation numbers, or authentication secrets. You can disconnect in Account settings; disconnecting revokes our Google access. Events already written to Google remain until you delete them in Google Calendar. Using both the live webcal Subscribe feed and API Sync can create duplicate calendars or events.

We do not sell your personal data. Data is shared only as needed for the service, backups, security, support, legal requirements, or the sharing features you choose to use.

When you use user-to-user, Friend, or Family sharing features, selected schedule, trip, live flight, layover, review, or family-facing information is shared with the specific users or invited family members you choose or approve. You are responsible for making sure each recipient is authorized to receive that information and for revoking access when it should no longer be shared.

4. Website Tracking

Our website (5xwingman.com) may use essential cookies and analytics tools for basic functionality and to understand usage. You can manage cookies through your browser settings.

5. Security

We use industry-standard measures (encryption, hashing, Row-Level Security in Supabase, etc.) but cannot guarantee absolute security.

6. Your Choices and Rights

  • Access, update, or delete your data via in-app settings or by contacting us.
  • Disconnect Google Calendar sync in Account → Connected accounts (or Export) to revoke our Google access.
  • Withdraw permissions (location, contacts, photos, etc.) in your device settings at any time.
  • Request data export or deletion (we respond within 30 days).
  • California (CCPA) and EU/international (GDPR) users have additional rights to access, rectify, erase, or restrict data—contact us.
  • Opt-out of non-essential communications.

7. Data Retention

We retain your data as long as your account is active or as needed to provide the service, maintain security, prevent fraud or abuse, resolve disputes, or meet legal obligations. Deletion requests remove active records where reasonably possible, but backups, logs, legal records, fraud-prevention records, and security records may persist for a limited period before deletion or anonymization.

8. International Users

Data is processed and stored in the United States. By using the App, you consent to this transfer. We comply with applicable laws (including GDPR where required).

9. Children

The App is not intended for users under 18.

10. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you if your data is transferred under a different privacy policy.

11. Changes to This Policy

We may update this policy. Continued use after changes means acceptance. We will notify you of material changes via the App or email.

12. Contact Us

Email: support@5xwingman.com

By creating an account or using the App, you acknowledge reading and accepting this Privacy Policy.

© 2026 5X Wingman. All rights reserved.

Back to home