Privacy Policy

1. Introduction

This Privacy Policy explains how RosterSwift ("we", "our", "the App"), operated by Squawk Labs SAS, handles your personal data when you use our mobile application.

• Device Verification: Apple's App Attest technology cryptographically verifies that only genuine instances of our app can access your data
• Secure Authentication: JWT authentication with automatic token refresh
• No Password Storage: We NEVER store your passwords on our servers — they are kept exclusively on your iPhone using Apple's secure Keychain
• End-to-End Encrypted Messaging: Messages between users are encrypted using the Signal Protocol — even we cannot read them
• Encrypted Tax Vault: Tax data is encrypted on your device with AES-256-GCM before upload — we cannot read it

We are committed to protecting your privacy and ensuring compliance with the GDPR and French data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Squawk Labs SAS
Contact: contact@squawklabs.app

3. Data We Collect

• Airline portal passwords (CrewLink, Notilus, JetSched) — stored in iOS Keychain
• JWT authentication tokens — encrypted in iOS Keychain
• App Attest cryptographic keys — in Secure Enclave
• End-to-end encryption keys for messaging (Signal Protocol)
• Decrypted message content
• Tax vault encryption key — derived from your passphrase, stored in iOS Keychain

• Employee trigram, employee number, email, home base, airline affiliation

• Flight schedules and rosters
• Duty assignments, simulator sessions, training records
• Layover information and aircraft registrations
• Your email (for account identification only)
• Device attestation records (for security verification)
• Encrypted messages (ciphertext only — we cannot read the content)
• E2EE public keys for messaging key exchange
• Encrypted tax vault backups (we cannot decrypt them)
• Crew list visibility preference (visible or invisible)
• Feedback submissions
• Device identifiers for push notifications (Apple Push Notification token)
• Basic diagnostic data (crash reports, error logs) to improve app stability

• Tax vault documents (receipts, payslips) — encrypted with AES-256-GCM on your device before upload
• Messaging file attachments — end-to-end encrypted

• Accessed only when you send images in messages or capture receipts for the Tax Assistant
• Photos sent via messaging are end-to-end encrypted
• Receipt photos are encrypted on your device before upload to the vault

4. How We Use Your Data

We process your personal data for the following purposes:

• Retrieving and displaying your flight schedules from airline systems (CrewLink/Visual for Corsair, JetSched for Air Caraïbes and French Bee)
• Calculating flight hours, duty statistics, and salary estimates
• Managing bidding requests for days off and rotations
• Maintaining your EASA logbook
• Calculating tax deductions and generating tax reports
• Delivering end-to-end encrypted messages between crew members
• Enabling roster sharing with other crew members (RosterShare)
• Providing flight lookup information from community-shared data, with privacy-respecting crew list controls
• Sending push notifications for schedule changes and messages
• Accessing Notilus (Corsair expense system) with your credentials

• Consent: You provide explicit consent when using the App
• Legitimate Interest: Processing necessary to provide the core functionality you requested

Your device is verified once using Apple's App Attest, then uses secure JWT tokens for all communication. Your airline passwords are ONLY transmitted when actively fetching data from airline systems. They pass through our server but are NEVER stored, logged, or retained. They exist in server memory for approximately 5–30 seconds during authentication.

5. End-to-End Encrypted Messaging

RosterSwift includes a crew messaging feature secured with the Signal Protocol (X3DH key exchange + Double Ratchet):

• Messages are encrypted on your device before being sent
• Only the intended recipient can decrypt and read messages
• Our servers store only encrypted ciphertext — we cannot read your messages
• Group messages use Sender Keys for efficient encryption
• File attachments (photos, documents) are also encrypted

Moderation: You can report abusive messages and block users. When reporting, you may choose to include decrypted message content, which will be shared with our moderation team for review. This is the only circumstance where message content leaves your device in readable form.

6. Crew List Visibility & Privacy Controls

RosterSwift includes a crew list visibility system that gives you control over whether other crew members can see your name on shared flight information:

• You can set your visibility to Visible or Invisible at any time in the Crew Hub settings
• When set to Invisible, your name and trigram are hidden from other users' crew lists — they will see your role (e.g., CDB, OPL) but not your identity
• This setting is stored on our servers and applies across all flights

• If you choose to be invisible, you also lose access to viewing other crew members' identities (except on your own flights)
• This ensures fairness: you cannot hide from others while still seeing them

• Switching from invisible back to visible triggers a 7-day cooldown period
• During this period, you remain unable to view crew lists on other flights
• This prevents abuse of rapid visibility toggling

• Your airline may configure different access levels per function (cockpit, cabin, etc.)
• Full access: see all crew members regardless of their visibility setting
• Partial access: see the crew list, but invisible members appear with their role only (name and trigram hidden)
• No access: crew lists are not available for flights you are not assigned to

• Your role/function on the flight remains visible (e.g., "CDB", "PNC")
• Your name, trigram, and base are hidden
• A note indicates that some crew members have private visibility

7. Roster Group Discovery & Opt-Out

When creating a group chat from a flight roster, RosterSwift can show which crew members on your flight have an app account, even if they are not in your buddy list. This helps crew coordinate before flights.

• Discovery is flight-scoped: only crew members on a flight you are assigned to can be discovered
• Your trigramme and user ID may be shared with other crew members on the same flight
• No browsing or searching of arbitrary users is possible

• You can disable "Allow Group Invitations from Roster" in Chat Privacy settings
• When disabled, you appear as if you do not have the app to other non-buddy crew members
• Buddies can always add you to groups regardless of this setting
• This setting does not affect groups you are already a member of

8. Encrypted Tax Vault

The Tax Assistant includes an encrypted vault for storing sensitive tax data:

• All data is encrypted on your device using AES-256-GCM before upload
• Encryption key is derived from your passphrase via HKDF-SHA256 — it never leaves your device
• Encrypted backups are stored on our servers; documents (receipts, payslips) on Cloudflare R2
• We cannot decrypt your vault data — only you can, with your passphrase
• If you forget your passphrase, your vault data cannot be recovered

9. Data Storage and Security

• Servers hosted on dedicated private infrastructure in France (EU)
• All data encrypted in transit (HTTPS/TLS)
• Database access restricted and protected
• Daily encrypted backups with 30-day retention

• Apple App Attest — cryptographic verification of genuine app installations
• JWT Authentication — secure tokens with automatic refresh and rotation
• Signal Protocol — end-to-end encryption for messaging
• AES-256-GCM — client-side encryption for tax vault
• HTTPS/TLS — all data transmission encrypted
• Per-device access control — revoke access for specific devices

10. Data Retention

• Flight and schedule data: Retained as long as your account is active
• Account information: Retained until you request deletion
• Encrypted messages: Retained on server until deleted by users
• Tax vault data: Retained until you delete it or reset your vault
• Access tokens: Expire after 1 hour; refresh tokens expire after 1 year
• Passwords: NEVER stored on our servers

You may request deletion of your server-side data at any time (see Section 11).

11. Data Sharing and Third Parties

• Airline Systems: CrewLink/Visual (Corsair), JetSched (Air Caraïbes, French Bee), Notilus (Corsair expenses) — your credentials are used to authenticate and retrieve your data
• Cloudflare R2: Encrypted tax vault documents and encrypted messaging attachments (we cannot read the content)

• Sell your personal data
• Share your data with advertisers
• Use your data for profiling or automated decision-making
• Transfer your data to third parties for their own purposes

We are not affiliated with, endorsed by, or officially connected to Corsair, Air Caraïbes, French Bee, or any airline. This is an independent tool.

12. Your Rights (GDPR)

Under GDPR and French law, you have the right to: access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent.

To exercise these rights:
Contact us at contact@rosterswift.com. We will respond within 30 days.

You can also delete local data at any time using "Delete All Data" in Settings or by uninstalling the app.

Complaints: You may lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) at www.cnil.fr.

13. Children's Privacy

This App is intended for professional airline crew members only. We do not knowingly collect data from individuals under 18 years of age.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by displaying a notice within the App and updating the "Last updated" date above.

15. Contact Us

For any questions regarding this Privacy Policy or your personal data:

Email: contact@rosterswift.com

We aim to respond to all inquiries within 48 hours.