Privacy Policy

1. Scope and related documents

This Policy applies to all GDL Services listed below. It supplements in-app privacy disclosures, permission prompts, and end user agreements shown on first launch or in Settings. For contractual terms, see our Terms of Service. App Store and Google Play privacy nutrition labels should match this Policy and each app's on-device privacy manifest where applicable.

• Secure Envelope website — marketing pages, account sign-in, and web tools at secure-envelope.com (and www).
• BRAA — iOS app (bundle ID com.secureenvelope.braa) for bearing, range, altitude, and aspect (BRAA) geometry from ADS-B traffic.
• United SA — iOS app (bundle ID com.secureenvelope.unitedsa.app) for traffic, weather/radar, optional AR, and related pilot situational-awareness features.

BRAA and United SA are separate App Store products. They share this Policy and the same corporate operator, but use distinct app identities, entitlements, and in-app legal flows.

2. Information we collect

Depending on which Services you use, we may process the categories below. Not every category applies to every product or user.

• Account and authentication data: Email address, user ID, and session tokens processed by our authentication providers (for example Clerk on the web, or Sign in with Apple on supported iOS apps). Hide My Email relay addresses from Apple are treated as contact identifiers for account linking.
• Subscription and transaction data: Plan tier, subscription status, App Store transaction metadata, and entitlement records (we generally do not store full payment card numbers on our servers; Apple or Google process storefront payments).
• Location data: Precise or coarse location when you enable location-based features, as described in product-specific sections below.
• Aviation and traffic-related inputs: Airline selections, flight numbers, callsigns, aircraft registrations, and similar identifiers you enter to request traffic or geometry calculations.
• Device and sensor data: Device identifiers, Bluetooth pairing status for compatible ADS-B receivers, motion/orientation samples, and—only when you enable features that require them—camera or AR sensor data authorized through iOS permission prompts. BRAA does not use the device camera for core functionality; United SA may use the camera only for optional AR features.
• Observability and safety telemetry (United SA): When you opt into features that upload device-origin observations (for example Safety Session), we may process motion, timing, and related metadata needed to operate those features—not for advertising.
• Web and messaging metadata: For Secure Envelope web accounts and related products, authentication cookies, preferences, and—where applicable—encrypted payloads and routing metadata needed to deliver services.
• Diagnostics and security: Log data, crash reports, performance metrics, and security signals to protect accounts and infrastructure (for example optional crash reporting when configured in production builds).
• Usage and session metering (United SA): Timestamps and usage counters associated with your account or device to enforce Core plan session limits.
• Communications with us: Information you send to support or surveys.

3. Secure Envelope website and web services

The secure-envelope.com website provides information about GDL products, account access, and related web experiences (including sign-in flows that complement the BRAA and United SA iOS apps).

• Accounts: Web sign-in may use email-based authentication (for example passwordless codes via Clerk). An Apple ID used in an iOS app may be linked to the same email for cross-device access when you complete that optional linking flow in the app.
• Subscriptions on web: Where offered, web billing may use our payment processors; iOS apps use the App Store only and do not link to external checkout for digital subscriptions inside the app.
• Collection and STAMP platform: Authenticated users with active entitlements may query or interact with GDL collection APIs as described in product documentation. Access is gated by subscription or entitlement records, not sold as behavioral advertising profiles.
• Cookies and storage: We use cookies, local storage, and similar technologies for authentication, preferences, security, and analytics on the web. You can control many cookies through browser settings; disabling some cookies may limit functionality.

4. BRAA mobile app (iOS)

The BRAA app is an informational, advisory tool for pilots. It is not certified avionics or a collision-avoidance system.

• Sign-in: Sign in with Apple is required to open the app. Apple processes authentication according to your Apple ID settings.
• Subscriptions: Auto-renewable subscriptions are sold through the App Store (StoreKit). Apple processes payment; we receive subscription status and transaction metadata to unlock features.
• Location and queries: With your permission, the app sends precise location (latitude, longitude, and altitude while the app is in use) and identifiers you enter (flight number, callsign, or registration) to GDL APIs over HTTPS to correlate your position with ADS-B traffic and return bearing, range, aspect, and related geometry.
• Camera: BRAA does not use the device camera or photo library for core features.
• Retention: Location and query data sent for a BRAA calculation are processed to fulfill that request; we do not use them for cross-app advertising.
• Web linking (optional): After Sign in with Apple, the app may silently register a passwordless web session so you can access related secure-envelope.com features with the same email. Core BRAA functionality does not require the web.
• Account deletion: Settings → Delete Account removes local sign-in data and requests deletion of the linked web account where applicable. Deleting the account does not cancel an App Store subscription—you manage billing in Apple ID → Subscriptions.

In-app EULA and safety copy on your device supplement this section for BRAA-specific disclosures.

5. United SA mobile app (iOS)

United SA provides pilot situational-awareness features that combine on-device processing with server-assisted traffic and weather. It is not certified avionics; see in-app aviation safety and coverage disclosures at first launch.

• Sign-in: Sign in with Apple is required to open the app. Apple processes authentication according to your Apple ID settings.
• Subscriptions: Core and Pro tiers are sold through the App Store (StoreKit 2), including introductory free trials where offered. Apple processes payment; we receive subscription status to unlock features and optional web entitlements.
• Location: While Using the App permission is required for maps, traffic correlation, BRAA/CATA-style geometry, and related calculations. Always location is requested only when you explicitly enable Safety Session (an opt-in shield control); a persistent in-app banner indicates when that mode is armed.
• Traffic and weather: ADS-B and traffic-related data from internet-assisted sources and, on supported Pro hardware, Bluetooth-linked ADS-B receivers (for example Dual XGPS family devices when paired).
• NEXRAD / radar: Server-generated radar preview tiles when you use 3D weather features that fetch previews.
• AR and camera: Optional augmented-reality features use the device camera and motion sensors only when you enable AR and grant iOS permissions.
• Safety Session and uploads: When Safety Session is on, limited background location and related device-origin telemetry may be processed to maintain traffic-awareness; this may affect battery and mobile data use.
• Session metering: Core tier may meter daily server-assisted session time; counters are associated with your account or device to enforce plan limits.
• Notifications: Traffic caution/warning alerts may use time-sensitive notification delivery when authorized.
• Web linking (optional): After Sign in with Apple, the app may register a passwordless Clerk session and link your App Store entitlement for secure-envelope.com / PWA access. Core United SA functionality does not require the web.
• Tracking: We do not use App Tracking Transparency cross-app tracking for United SA. NSPrivacyTracking is false in the app privacy manifest.
• Account deletion: Settings → Delete Account removes local Apple sign-in data and requests deletion of the linked web account where applicable. Deleting the account does not cancel App Store billing.

United SA in-app EULA, aviation safety notice, and coverage scope screens supplement this section. See also our Terms of Service.

6. How we use information

• Provide, operate, maintain, and improve the Services.
• Authenticate users, enforce subscriptions, and prevent fraud or abuse.
• Communicate with you about service, security, and (where permitted) product updates.
• Comply with law, regulation, legal process, or enforceable governmental requests.
• Protect the rights, safety, and property of users, GDL, and the public.

We do not sell your personal information as that term is commonly defined under U.S. state privacy laws, and we do not use your data for cross-context behavioral advertising through App Tracking Transparency "tracking" on Apple platforms unless we separately disclose and obtain any consent required by platform rules.

7. Legal bases (EEA/UK users)

Where the GDPR or UK GDPR applies, we process personal data on the basis of contract (providing the Services), legitimate interests (security, product improvement, and internal analytics balanced against your rights), consent where required (for example certain marketing cookies or optional sensors), and legal obligation where applicable.

8. How we share information

We may share information with:

• Service providers who process data on our behalf under contracts (hosting, authentication, payments, analytics, customer support, email delivery).
• App stores and payment partners to complete purchases you initiate.
• Authorities when required by law or to protect safety and rights.
• Corporate transactions such as a merger or acquisition, subject to standard confidentiality and legal safeguards.

We do not sell personal information for monetary consideration.

9. Retention

We retain information only as long as necessary for the purposes above, including backup, audit, dispute resolution, and legal obligations. Retention periods vary by data type; some server logs roll off on a short cycle while billing and entitlement records may be kept longer. Real-time aviation query data for BRAA/United SA calculations is generally processed transiently for request handling. Aggregated or de-identified information may be retained without time limit where permitted.

10. Security

We use administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

11. International transfers

GDL is organized under the laws of Wyoming, USA, with principal contact at 30 N Gould St Ste R, Sheridan, WY 82801. We may process data in the U.S. and other countries where we or our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

12. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, or export certain personal data; to opt out of certain processing; or to appeal our decisions. You may also have the right to limit use of sensitive personal information where applicable.

• Exercising rights: Email support@gobbodatumlabs.com with your request. We may verify your identity before responding.
• Authorized agents: Where allowed by law, you may use an authorized agent; we may require proof of authorization.
• BRAA and United SA (iOS): Each app provides Sign in with Apple and an in-app Delete Account path in Settings (App Review Guideline 5.1.1(v)). You can also manage Sign in with Apple for each app under iOS Settings → Apple ID → Sign in with Apple. Deleting an in-app account does not cancel App Store subscriptions.
• Secure Envelope web: Contact us to exercise rights related to web accounts, server logs, or support tickets tied to secure-envelope.com.
• California Shine the Light: California residents may request certain information about disclosures to third parties for their direct marketing purposes where that statute applies.
• EEA/UK: You may lodge a complaint with your local supervisory authority.

13. Children

The Services are not directed to children under 13 (or the minimum digital consent age in your jurisdiction). We do not knowingly collect personal information from children without appropriate parental consent. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

14. Third-party links and SDKs

Our Services may link to third-party sites or include third-party SDKs (for example authentication, maps, crash reporting, or store frameworks). Their collection and use are governed by their own policies. Review App Store listings, permission prompts, and on-device privacy manifests for details.

15. Automated decision-making

We do not use personal data for solely automated decisions that produce legal or similarly significant effects about you, except where reasonably necessary for security (for example fraud scoring) as permitted by law.

16. Changes to this Policy

We may update this Policy from time to time. We will post the revised version at https://www.secure-envelope.com/privacy and change the effective date. For material changes, we will provide additional notice as required by law (for example a banner, email, or in-app message).

17. Contact and governing law

Gobbo Datum Labs (GDL)

A Wyoming for-profit corporation
30 N Gould St Ste R
Sheridan, WY 82801, USA

Privacy inquiries: support@gobbodatumlabs.com
Website: https://www.gobbodatumlabs.com

Unless a mandatory law in your jurisdiction provides otherwise, this Policy is interpreted in accordance with the laws of the State of Wyoming, USA, excluding conflict-of-law rules.

This Policy is provided for transparency and convenience. It is not legal advice. Where this English version conflicts with a mandatory local translation required by law, the local version controls for consumers in that jurisdiction.