What we collect, what we don't, and why.

1. What we collect

TravelTSA collects two categories of data: anonymous usage signals and user-submitted trip inputs that you explicitly type into the site.

Anonymous usage signals

When you load the site, your browser may send a small usage event that includes the page path, a coarse geographic region (city and country derived from your IP, never your exact location), a referrer if one is present, and optional campaign parameters. To throttle duplicate counts and understand aggregate traffic, these events may include a pseudonymous browser identifier stored in your browser's localStorage. We do not use that identifier to sell data, serve ads, or contact you. We use these signals to understand which airports and guides are useful and to size infrastructure.

User-submitted trip inputs

When you use the flight number lookup or iCal converter, the inputs you type (flight number, airline code, uploaded duty plan PDF) are sent to our cache service so it can answer the request. Route-level fare snapshots are fetched as comparable planning context for the route and date, not as a traveler-specific booking profile. The website iCal converter returns a standalone .ics file and does not ask you to manage subscription links for normal downloads.

Duty-plan PDF uploads and calendar retention

When you upload a duty-plan PDF, our cache service reads the file bytes in memory, parses them with a PDF reader, and uses the extracted roster text to build calendar events. We do not store the original uploaded PDF file as a saved upload.

The TravelTSA website converter uses a download-only path: it returns a standalone .ics file and does not create a saved feed URL, webcal subscription, or management key for that flow. No generated calendar mapping is retained for that download-only request.

Other direct API or feed workflows may store the generated .ics content and feed mapping for up to 180 days, then delete it when that retention window expires. Standard web-server or application request logs may exist for operations and abuse protection; we do not claim that PDF contents are written into those logs.

2. What we do not collect

• We do not require accounts or passwords.
• We do not sell or share data with advertisers.
• We do not run third-party advertising trackers.
• We do not store your precise GPS location. The "use my location" feature, if you grant it, is resolved in your browser and used only to sort airports by distance.
• We do not store full IP addresses beyond what is needed for short-term request logs (standard web-server access logs, rotated within 30 days).

3. Cookies and local storage

TravelTSA uses localStorage (not cookies) for preferences that stay on your device: theme, pinned favorite airports, and recent flight searches. Those values are not sent to our servers when you browse.

Separately, we may store a pseudonymous browser identifier in localStorage for the anonymous usage events described above. You can clear any of this by clearing site data for TravelTSA.

4. Third parties

The live airport data comes from the airports themselves. When you visit TravelTSA, your browser does not contact those airports directly — our scraper does on a scheduled basis. The flight number lookup fetches schedule and route-level fare context from commercial aviation APIs; those providers receive only the trip input needed to answer the lookup, not who you are.

5. Data retention

Anonymous usage events are retained for up to 90 days and then aggregated. Flight lookup responses are cached for minutes, not days. Legacy iCal feed mappings, when created through older or direct API workflows, are retained for up to 180 days after last access and then deleted.

6. Contact

To ask a privacy question, reach us through the contact page.

7. Changes to this policy

We will update the "last updated" date above when the policy changes. Material changes will also appear on the updates page.