Privacy Policy

Last updated: May 14, 2026

Who we are

HT Pilot is operated by Mikael Grön (Sweden), acting as the data controller for any personal data processed in connection with HT Pilot accounts, subscriptions, and the ht-pilot.com website. Contact: mikael@mikael.green.

Overview

HT Pilot is a ham radio companion app that communicates with Benshi-family handheld transceivers via Bluetooth Low Energy (BLE). Your privacy matters — this policy explains what data we collect and how we handle it.

Data we collect

Data stored on your device only

  • Your callsign and APRS settings (SSID, symbol, beacon interval)
  • Radio channel configurations read from your transceiver
  • APRS station data received over the air
  • Activity logs from radio events

This data is stored locally on your device using the app's storage. It is never transmitted to our servers.

Data we do not collect

  • The mobile app does not collect analytics or usage telemetry
  • We do not track your location (GPS data stays on-device and is only transmitted over RF when you enable APRS beaconing)
  • We do not collect crash reports automatically
  • We do not use advertising SDKs or trackers

Bluetooth permissions

The app requires Bluetooth permissions to communicate with your radio via BLE. Bluetooth data is exchanged directly between your phone and your radio — it does not pass through any server.

Location permissions

Android requires location permission for Bluetooth scanning. On iOS, Bluetooth works without location permission. If you enable APRS beaconing, the app uses your GPS position to construct APRS position reports transmitted over RF through your radio. Your location is never sent to our servers.

APRS and RF transmissions

When you transmit APRS beacons or messages, this data is sent over amateur radio frequencies through your transceiver. This is inherently public — anyone monitoring the frequency can receive it. This is the nature of amateur radio and is not something the app controls.

Third-party services

The app may display map tiles from third-party tile servers. These requests are made directly from your device and are subject to the tile provider's privacy policy. No personal data is included in these requests beyond your IP address (which is standard for any web request).

Website analytics

This website (ht-pilot.com) uses Google Analytics 4 to understand how visitors find and use the site. We collect aggregated data such as page views, referrer information, and broad geographic location by country. This data is aggregated only — we do not use it to identify individuals, and advertising features are not enabled.

The mobile app itself does not include Google Analytics or any other analytics SDK. This tracking is website-only. IP addresses in EU traffic are anonymized by default in GA4 per standard processing. You can block analytics using your browser's privacy settings or standard privacy tools.

The website also uses Google Ads conversion tracking and remarketing tags to measure which ad sources drive visitors to ht-pilot.com and to show retargeting ads to people who have already visited. This data is aggregated and pseudonymous, using the same browser controls as Google Analytics. The mobile app remains unchanged — no Ads SDK, no advertising identifiers, no in-app conversion tracking. Visitors in the EU/EEA can manage ad personalization via Google's Ads Settings at adssettings.google.com.

Accounts and subscriptions

If you create an HT Pilot account or purchase a subscription, we process the following data to provide and bill the service:

  • Account record — email address, optional amateur radio callsign, server-minted device identifiers and last-sign-in timestamps. Lawful basis: contract performance.
  • Subscription / purchase record — Stripe customer and subscription IDs, Apple originalTransactionId or Google purchaseToken, product SKU, environment (sandbox vs production), and renewal/expiry timestamps. The full payment card or App Store / Play account details never reach our servers — Stripe, Apple, and Google process those directly and we only see the receipt identifier. Lawful basis: contract performance and legal obligation (tax records).
  • Audit log — append-only entries for sign-in, entitlement changes, and account anonymisation, retained for dispute resolution and security forensics. Lawful basis: legitimate interest.

We do not use any of this data to profile you, run advertising, or sell to third parties. Magic-link sign-in tokens are stored hashed; a database compromise cannot replay them.

Sub-processors

The following providers process personal data on our behalf:

  • Stripe (USA / Ireland) — payment processing and subscription management for web checkouts. Receives your email address and the SKU you purchased.
  • Apple (USA / Ireland) — handles iOS in-app purchases. We see only the originalTransactionId and product identifier returned by the App Store Server API.
  • Google (USA / Ireland) — handles Android in-app purchases. We see only the purchaseToken and product identifier returned by the Play Developer API.
  • Scaleway (France) — sends magic-link sign-in emails on our behalf. Receives the recipient address and the time-limited sign-in link.
  • Elastx (Sweden) — hosts the application servers and Postgres database where account records and audit log entries are stored.

Retention

Account records and audit log entries are kept for as long as the account is active and for up to 7 years after closure, to satisfy Swedish bookkeeping obligations (Bokföringslagen) on subscription transactions. You can request anonymisation at any time — see Your rights below.

Your rights (GDPR)

Under the EU General Data Protection Regulation you have the right to access, rectify, erase, and port your personal data, and to object to or restrict processing. To exercise them:

  • Access your data — open the Account screen in the app or on /account and tap Download my data. You receive a JSON file containing your user record, subscriptions, devices, and audit log.
  • Delete your data — same screens offer Delete account. We anonymise your record (email and callsign cleared, all active entitlements revoked, devices detached) within seconds. Receipt rows are retained with the personal link severed, as legally required.
  • Other requests — email mikael@mikael.green and we will respond within 30 days. You also have the right to lodge a complaint with the Swedish data protection authority (Integritetsskyddsmyndigheten, IMY).

On-device data

All app data outside the account / subscription scope above is stored locally on your device. Uninstalling the app removes that data. You can also clear app data from your device's settings at any time.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

Questions about this policy? Email mikael@mikael.green.