Privacy Policy

Last updated: June 23, 2026

LayoverLounge ("we", "the app") helps travelers understand their air-passenger rights and prepare compensation claims when flights are delayed, cancelled, overbooked, or diverted. This policy explains what we collect, why, and your choices.

Information we collect

• Account information — your email address, a username, an optional display name, and a password (stored only as a salted cryptographic hash, never in plain text). If you sign in with Apple or Google, we receive the email and name they provide.
• Flight and claim data — flights you add, disruption details you enter, and claim letters you generate. This is stored so the app can track your flights and your claims for you.
• Device push token — if you enable flight alerts, a notification token so we can send you status updates.
• Technical data — basic request information (such as a session token and the browser/app user-agent) needed to keep you logged in securely.

How we use your information

• To provide the core service: assessing your rights, generating claim letters, and tracking flights and claims.
• To send transactional emails you request (password resets, email verification) and, if enabled, flight-status alerts.
• To secure your account and prevent abuse (for example, rate-limiting sign-in attempts).

We do not sell your personal information, and we do not use it for third-party advertising.

Third-party services

We share the minimum data needed with service providers that operate the app:

• Cloudflare — hosting and database for our backend.
• Flight-data providers (e.g. AeroDataBox) — we send a flight number/date to retrieve status; we do not send your identity.
• Resend — delivery of transactional emails.
• Apple / Google — only if you choose to sign in with them, and for push-notification delivery.
• Anthropic — optional. AI letter-polishing only runs if you add your own Anthropic API key in Settings; in that case your letter text is sent to Anthropic using your key. This feature is off by default.

Data retention & deletion

We keep your account data until you ask us to delete it. To delete your account and associated data, email glitchbound1@gmail.com from your account email and we will remove it.

Security

Passwords are hashed, session tokens are stored hashed, and all traffic is encrypted in transit (HTTPS). No method of storage is 100% secure, but we follow industry-standard practices.

Children

LayoverLounge is not directed to children under 13, and we do not knowingly collect data from them.

Your rights

You may request access to, correction of, or deletion of your personal data by contacting us. Depending on your region (e.g. EU/UK/Israel), you may have additional rights under applicable law.

Changes

We may update this policy; the "last updated" date above reflects the latest version.

Contact

Questions about this policy: glitchbound1@gmail.com.

LayoverLounge · Questions? glitchbound1@gmail.com