Privacy Policy

Effective Date: January 2025

1. Who We Are

Creative Shrimp is a software development project operated by an individual developer based in the United States. We build aviation simulation software for the VATSIM virtual air traffic control community.

Contact: For any privacy-related inquiries, contact us at ethan.martin@vatusa.net or via Discord.

2. Data We Collect

The data we collect varies by product. Here's a breakdown:

Product	Data Collected	Storage Location
Landline	VATSIM CID (via OAuth), display name, facility assignments	Server-side
VATDS	VATSIM CID (via OAuth), display name, facility assignments	Server-side
SSG	None - runs entirely locally	Local machine only
CTrack	Discord user ID, VATSIM CID, training records	Server-side
SWIMPlans	None - internal use only	Internal network only

2.1 Information You Provide

• Account information: When you authenticate via VATSIM OAuth or Discord, we receive your user ID and display name
• Communications: When you contact us for support, we retain the conversation for quality and reference

2.2 Information Collected Automatically

• Server logs: Basic server logs (IP address, timestamp, request type) for security and debugging purposes, retained for 30 days maximum
• Error reports: Application error data to help us fix bugs (no personal information included)

2.3 Information We Do NOT Collect

• Payment or financial information
• Precise geolocation data
• Biometric data
• Data from minors (our services are for adults)
• Browsing history or cross-site tracking data

3. How We Use Your Data

We use collected data exclusively to:

• Provide services: Authenticate users, manage training records, enable coordination features
• Improve software: Fix bugs, optimize performance, develop new features
• Communicate: Respond to support requests and send service-related notifications
• Ensure security: Detect and prevent abuse, unauthorized access, or malicious activity

We do not use your data for advertising, profiling, or automated decision-making.

4. Data Sharing

We do not sell, rent, or trade your personal data. We may share data only in these limited circumstances:

• With your consent: When you explicitly authorize sharing
• Service providers: Hosting providers (e.g., server infrastructure) who process data on our behalf under strict contractual obligations
• Legal requirements: When required by law, court order, or to protect rights and safety
• VATSIM/VATUSA: Training records may be shared with your ARTCC or VATUSA for certification purposes, as part of the training program

5. Data Retention

• Account data: Retained while your account is active; deleted within 30 days of account deletion request
• Training records: Retained per VATUSA training department requirements; contact your ARTCC for specifics
• Server logs: Automatically deleted after 90 days
• Support communications: Retained for up to 2 years for reference

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS/HTTPS) and at rest
• Access controls limited to essential personnel
• Regular security updates and vulnerability monitoring
• Secure authentication via OAuth (no password storage)

No system is 100% secure. If you discover a security vulnerability, please report it to us immediately.

7. Your Rights

Regardless of your location, we provide the following rights to all users:

7.1 Access and Portability

You can request a copy of your personal data in a machine-readable format.

7.2 Correction

You can request correction of inaccurate or incomplete data.

7.3 Deletion

You can request deletion of your personal data, subject to legal retention requirements.

7.4 Restriction and Objection

You can request that we restrict processing or object to certain uses of your data.

7.5 Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us using the information below. We will respond within 30 days.

8. International Data Transfers

Our servers are located in the United States. If you are accessing our services from outside the US (including the EU/EEA), your data will be transferred to and processed in the US. By using our services, you consent to this transfer.

For EU/EEA users: We rely on Standard Contractual Clauses (SCCs) and your explicit consent as legal bases for international transfers.

9. GDPR Compliance (EU/EEA Users)

If you are located in the European Union or European Economic Area:

• Legal basis: We process your data based on legitimate interests (providing services), contract performance, and your consent
• Data Protection Officer: Given our small scale, we do not have a formal DPO, but all privacy inquiries are handled directly by the developer
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority

10. CCPA Compliance (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know: What personal information we collect, use, and share
• Right to delete: Request deletion of your personal information
• Right to opt-out: We do not sell personal information, so this right does not apply
• Non-discrimination: We will not discriminate against you for exercising your rights

11. Children's Privacy

Our services are not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately for deletion.

12. Third-Party Services

Our software may integrate with third-party services:

• VATSIM: For authentication and network data (VATSIM Privacy Policy)
• Discord: For bot functionality and authentication (Discord Privacy Policy)
• FAA SWIM: For flight data (public government data, no personal information)

These services have their own privacy policies. We encourage you to review them.

13. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via our Discord or product update notes. The "Effective Date" at the top indicates the last revision.

14. Contact Us