Privacy Policy – Fly2High

1. Who We Are

Fly2High is a flight simulator content marketplace offering premium scenery, utilities, and tools for Microsoft Flight Simulator (MSFS) and X-Plane. We operate the website at fly2high.com and related subdomains.

For any privacy enquiries, contact us via the support page or through our Discord server.

2. Data We Collect

Account Registration (Email & Password)

Email address
Password (hashed and stored securely by Firebase Authentication — never stored in plain text)
Display name / username

Discord OAuth Login

If you sign in or link your account using Discord, we receive the following from Discord:

Discord User ID
Discord username and display name
Discord avatar URL
Email address (only if your Discord account has email visibility enabled)
Guild membership and role information from the Fly2High Discord server (used to determine admin/vendor status)

Purchase & Transaction Data

Products purchased (stored as product IDs in your account)
Payment is processed entirely by Stripe — Fly2High does not store card numbers, bank details, or payment credentials
Your email address is pre-filled in the Stripe Checkout form for convenience

Usage & Preferences

Theme preference (dark/light) — stored locally in your browser
Selected display currency — stored locally in your browser
Cart contents — stored locally in your browser
Cached exchange rate data — stored locally in your browser for up to 1 hour

Activity Logs

We log certain account events in our database for security and operational purposes:

Account creation (signup)
Login and logout events
Discord account link/unlink
Password reset requests

Logs include timestamps, event type, and account identifier. They are used for fraud prevention and dispute resolution only.

3. How We Use Your Data

Purpose	Data Used	Basis
Authenticate your account and keep you logged in	Email, password hash, Discord ID	Contract performance
Fulfil product purchases and grant download access	Email, user ID, product IDs	Contract performance
Determine admin or vendor privileges	Discord guild roles	Legitimate interest
Detect and prevent fraud or abuse	Activity logs, account metadata	Legitimate interest
Display your profile information	Username, Discord avatar	Contract performance
Remember your preferences across visits	Theme, currency (stored locally)	Legitimate interest

We do not sell, rent, or trade your personal data to third parties. We do not use your data for advertising or marketing profiling.

4. Third-Party Services

We use the following third-party services which may process your data under their own privacy policies:

Firebase (Google LLC)

Firebase provides our authentication system and database (Firestore). Your account data, purchase history, and activity logs are stored in Google's infrastructure. Google's privacy policy applies: policies.google.com/privacy

Discord (Discord Inc.)

If you use Discord login, Discord processes your OAuth authorisation. We only receive the data described in Section 2. Discord's privacy policy applies: discord.com/privacy

Stripe (Stripe, Inc.)

All payments are processed by Stripe on their hosted checkout pages. Fly2High never handles or stores your payment card data. Stripe's privacy policy applies: stripe.com/privacy

Google Fonts

We load the Inter typeface from Google Fonts CDN. This causes your browser to make a request to Google's servers. Google may log the request. Google's privacy policy applies.

Frankfurter.app

We fetch live currency exchange rates from frankfurter.app (European Central Bank data). No personal data is sent in this request — only a request for exchange rates. Rates are cached locally in your browser for 1 hour.

Coropos Web Services

This website is hosted and managed by Coropos Web Services. Their acceptable use policy applies: coroposws.com/policy-center

5. Data Retention

Account data is retained for as long as your account is active
If you request account deletion, your profile, Discord connection, and purchase records will be removed from our database
Activity logs may be retained for up to 12 months for security purposes
Stripe retains transaction records in accordance with their own policy and applicable financial regulations
Browser-stored preferences (theme, currency, cart) are stored locally and can be cleared at any time via your browser settings

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate data
Deletion — request deletion of your account and associated data
Portability — request your data in a portable format
Objection — object to processing based on legitimate interest
Withdraw consent — disconnect your Discord account at any time via your profile page

To exercise any of these rights, contact us via the support page or our Discord. We will respond within 30 days.

7. Children's Privacy

Fly2High is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us so we can remove it.

Our giveaways are open to users aged 16 and older in accordance with our Terms of Use.

8. Security

Passwords are hashed using Firebase Authentication's industry-standard methods — they are never stored in plain text
All data transmissions between your browser and our servers use HTTPS encryption
Payment processing occurs entirely on Stripe's PCI-DSS compliant infrastructure
Discord OAuth state tokens are used to prevent CSRF attacks during login

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly via our support page.

9. Changes to This Policy

Notice: We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of Fly2High after a policy update constitutes acceptance of the revised terms. For significant changes, we will post a notice on the website.