Privacy Policy

Introduction

Ziri.app ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our flight deal tracking platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

We reserve the right to make changes to this Privacy Policy at any time. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the site, and you waive the right to receive specific notice of each such change or modification.

1. Information We Collect

Account Information

When you create an account on Ziri.app, we collect:

• Email address - Used for login, communications, and flight deal notifications
• Username - Your chosen display name
• Password - Encrypted using bcrypt hashing (we never store plain text passwords)
• Account creation date - Timestamp of when you joined

Flight Alert Data

When you set up flight alerts, we collect:

• Origin airport codes - Your departure locations (IATA codes)
• Destination airport codes - Your arrival locations (IATA codes)
• Maximum price preferences - Your budget thresholds for flight deals
• Alert creation dates - When each alert was set up

Notification Preferences

We collect and store your preferences for:

• Email notification settings - Whether you want to receive deal alerts
• Notification frequency - How often you want to receive alerts (instant, daily, weekly)
• Email verification status - Whether your email has been verified

Usage and Notification Data

When we send you flight deal notifications, we track:

• Notification history - Which deals were sent to you
• Deal prices - The prices of flights we notified you about
• Deal URLs - Links to booking sites (if available)
• Email engagement - Whether you opened emails or clicked links (helps us improve service)

Automatically Collected Information

When you use Ziri.app, we may automatically collect:

• Session data - Stored in cookies to keep you logged in
• Browser information - Browser type and version for compatibility
• IP address - For security and fraud prevention
• Usage logs - Access times and pages visited for troubleshooting

2. How We Use Your Information

We use the information we collect for the following purposes:

Provide Our Services

• Create and manage your account
• Monitor flight prices based on your alert preferences
• Send email notifications when flight deals match your criteria
• Display your alerts and preferences in your dashboard

Improve Our Platform

• Analyze usage patterns to improve user experience
• Understand which routes and destinations are most popular
• Optimize notification delivery and timing
• Debug technical issues and improve performance

Communicate With You

• Send flight deal alerts via email
• Respond to your inquiries and support requests
• Send important service announcements
• Notify you of changes to our Terms of Service or Privacy Policy

Security and Compliance

• Detect and prevent fraud, spam, and abuse
• Ensure platform security and stability
• Comply with legal obligations
• Enforce our terms and policies

3. Data Storage and Security

We take the protection of your data seriously and implement industry-standard security measures:

Security Measures

• Password Protection - All passwords are hashed using bcrypt encryption before storage
• Secure Database - Your data is stored in a secure MariaDB database with access controls
• SQL Injection Prevention - We use PDO prepared statements for all database queries
• XSS Protection - All user input is sanitized before display using htmlspecialchars()
• HTTPS/SSL - All data transmitted between your browser and our servers is encrypted
• CSRF Protection - Forms are protected with CSRF tokens to prevent unauthorized actions
• Session Security - Secure session management with httponly and secure flags

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

Limitations

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

Third-Party Services

We may share limited data with trusted third-party service providers who help us operate our platform:

• Email Service Providers - To send flight deal notifications and service emails
• Flight Data APIs - To retrieve real-time flight prices and availability (when implemented)
• Hosting Providers - To store data and host our application

These service providers are contractually obligated to protect your data and may only use it to provide services to us.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

Business Transfers

If Ziri.app is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Your Rights and Choices

You have the following rights regarding your personal information:

Access Your Data

• View your account information and alerts in your dashboard
• Request a copy of all data we have about you

Update Your Information

• Update your account settings and preferences in your profile
• Modify or delete your flight alerts at any time
• Change your email notification preferences

Delete Your Account

• You may request account deletion at any time
• Deleting your account will permanently remove all your data (alerts, preferences, account information)
• This action cannot be undone

Opt-Out of Communications

• Unsubscribe from flight deal notifications in your account settings
• Use the "unsubscribe" link in any email we send you
• Note: We may still send essential service-related emails (e.g., security alerts)

Data Portability

You have the right to request a copy of your data in a structured, machine-readable format.

Right to Object

You may object to our processing of your data for certain purposes. Contact us to exercise this right.

6. Cookies and Tracking

What We Use

Ziri.app uses cookies and similar tracking technologies:

• Essential Cookies - Required for authentication and session management (you remain logged in)
• Functional Cookies - Remember your preferences and settings
• Analytics Cookies - Help us understand how users interact with our platform (if implemented)

Session Cookies

We use PHP session cookies to keep you logged in. These cookies are essential for the platform to function and contain:

• Your user ID
• Your username
• Your email address

Session cookies are deleted when you log out or close your browser.

Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (note: this will prevent you from logging in)
• Delete existing cookies
• Accept or reject cookies on a per-site basis

Disabling essential cookies will prevent you from using key features of Ziri.app, including logging in and managing alerts.

7. Data Retention

We retain your personal information for different periods depending on the type of data:

• Account Data - Retained while your account is active and for 30 days after deletion
• Flight Alerts - Retained while your account is active or until you delete them
• Notification History - Retained for 90 days for service improvement purposes
• Usage Logs - Retained for 30 days for troubleshooting and security purposes
• Legal Compliance Data - Retained as long as required by law

Account Deletion

When you delete your account:

• All personal data is permanently deleted within 30 days
• All flight alerts are immediately deleted
• You will stop receiving all email notifications
• Backups containing your data are purged within 90 days

8. Children's Privacy

Ziri.app is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA) and do not target services to children under 13.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

By using Ziri.app, you consent to the transfer of your information to our facilities and to the third parties with whom we share it as described in this Privacy Policy.

10. Your Privacy Rights by Jurisdiction

GDPR (European Union)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access - Request a copy of your personal data
• Right to Rectification - Correct inaccurate or incomplete data
• Right to Erasure - Request deletion of your data ("right to be forgotten")
• Right to Restriction - Limit how we use your data
• Right to Data Portability - Receive your data in a machine-readable format
• Right to Object - Object to processing of your data
• Right to Withdraw Consent - Withdraw consent at any time

Legal Basis for Processing: We process your data based on:

• Contractual necessity (to provide our services)
• Legitimate interests (to improve our platform)
• Your consent (for marketing communications)

CCPA (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know - What personal information we collect, use, and share
• Right to Delete - Request deletion of your personal information
• Right to Opt-Out - We do not sell personal information
• Right to Non-Discrimination - We will not discriminate against you for exercising your rights

Categories of Personal Information Collected:

• Identifiers (email, username)
• Internet activity (usage logs, email engagement)
• Commercial information (flight alert preferences, prices)

We do NOT sell your personal information.

11. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon posting to the site.

How We Notify You

• Update the "Last Updated" date at the top of this page
• For significant changes, we may send an email notification
• Display a notice on our homepage or dashboard

Your Acceptance

By continuing to use Ziri.app after changes are posted, you accept the updated Privacy Policy. If you do not agree with the changes, you should stop using our services and delete your account.

Version History

We maintain previous versions of our Privacy Policy for transparency. Contact us if you would like to review a previous version.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

13. Legal Disclaimer

This Privacy Policy is provided as a template and should be reviewed by legal counsel before production deployment. Privacy requirements vary by jurisdiction, and you may need to add additional sections or modify language to comply with applicable laws in your region.