Privacy Policy – CrewLine

Duty Plan Toolkit for Airline Crew

Last updated: April 21, 2026

1. Controller / Data Responsible

CrewLine is developed and operated by:

Marius Hoppmann
E-Mail: [email protected]
Website: homgsa.de/crewline

If you have any questions about this privacy policy or the handling of your personal data, please contact the address above.

2. Overview

CrewLine is a mobile application for iOS and Android that allows airline crew members to download, view, and manage their duty schedules (rosters). The app authenticates against your airline's crew management portal, stores your credentials locally on your device, and can optionally synchronise your duties with your device's calendar.

    Key principles: CrewLine does not run a central database of user data. Your login credentials and roster files are stored exclusively on your own device. The only data transmitted to external servers is for crash reporting, analytics (both optional and user-controlled), and roster conversion (when you use the DienstPlanKonverter feature).
  

3. Data Collected and Processed

3.1 Data Stored Locally on Your Device

The following data is stored only on your device and is never transmitted to our servers:

Data	Storage	Purpose
Airline login credentials (username, password, session cookies, tokens)	Encrypted secure storage (iOS Keychain / Android Keystore)	Automatic login to your airline's crew portal
Name, surname, employee ID / 3-letter code	Encrypted app storage	Display and calendar event generation
Selected airline (IATA code)	App preferences	Configure correct crew portal
Downloaded roster PDF files	App documents directory	Offline access to your duty plans
Calendar settings (calendar ID, export preferences)	App preferences	Control how duties are written to your calendar
In-app purchase / donation history	App preferences	Track voluntary donations made within the app
App settings (theme, timezone, notification preferences)	App preferences	Personalise the app
Debug log messages	App memory (not persisted to disk)	Troubleshooting; only transmitted if you manually trigger a bug report

3.2 Data Transmitted to External Services

The following data may be transmitted to external services under the conditions described:

Service	Data Transmitted	When	Opt-out
Firebase Crashlytics (Google LLC)	Crash logs, device model, OS version, app version, an anonymous identifier combining your selected airline and user ID (e.g. "EW - ABC123")	Only when the app crashes and only if crash reporting is enabled	Can be disabled in app Settings → Crash Reports
Firebase Analytics (Google LLC)	Anonymised usage events (e.g. roster downloaded, calendar synced), app version, device type	Continuously while the app is in use, only if analytics is enabled	Can be disabled in app Settings → Analytics
HOMGSA Notification Server (homgsa.de)	No personal data. Only a version check request is made.	On app launch, to check for in-app notifications and version updates	Not applicable (no personal data sent)
HOMGSA Bug Report Server (homgsa.de)	Debug log, your selected airline, your user ID (employee number)	Only when you manually tap "Submit Bug Report" in the app	You initiate this explicitly; no automatic transmission
DienstPlanKonverter (crewline.dienstplankonverter.de)	Your roster PDF file	Only when you use the DienstPlanKonverter import feature to convert a PDF roster	Feature is opt-in; simply do not use it to avoid any transmission
Airline Crew Portals (various, see §4)	Your airline login credentials, entered via an embedded browser within the app	When you log in or the app refreshes your session automatically	Required for core app functionality
Apple App Store / Google Play (in-app purchases)	Purchase transactions are handled entirely by Apple / Google. CrewLine receives only a purchase confirmation token.	When you make a voluntary donation in-app	Only when you choose to make a purchase

4. Connection to Airline Crew Portals

CrewLine connects to your airline's official crew management system on your behalf using the credentials you provide. These portals are operated by the airlines themselves and are not controlled by CrewLine. The following systems are supported:

Eurowings / Eurowings Discover
Germanwings
Luxair
Austrian Airlines
Condor
GOL Linhas Aéreas
Air Baltic
Norwegian
Portugalia
Aero Logic
Corendon Airlines
Croatia Airlines

Your credentials are only ever transmitted directly to your airline's own portal. CrewLine never receives, stores, or forwards your credentials to any third-party server. Please refer to your airline's own privacy policy for how they handle your authentication data.

5. Calendar Access

If you choose to use the calendar synchronisation feature, CrewLine will request read and write access to your device's calendar. The app uses this access solely to create, update, and delete duty events corresponding to your roster. No calendar data is transmitted to any server. You can revoke calendar access at any time in your device's system settings, and you can disable the feature within the app.

6. Location Data

CrewLine does not collect, process, or transmit your location. The app does not use location services for any purpose.

7. Firebase (Google LLC)

CrewLine uses Firebase services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Firebase Crashlytics: Collects crash reports to help identify and fix bugs. Data may be transferred to and processed on Google servers in the United States. Processing is based on your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time in the app settings.
Firebase Analytics: Collects anonymised usage statistics. Processing is based on your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time in the app settings.

Both Firebase services are disabled by default on first launch. You are asked to opt in during initial setup. You can change your preference at any time under Settings in the app.

Google's privacy policy: policies.google.com/privacy
Firebase data processing terms: firebase.google.com/terms/data-processing-terms

8. In-App Purchases

CrewLine offers a voluntary "Thank You" donation via the App Store (Apple) or Google Play (Google). All payment processing is handled exclusively by Apple or Google respectively. CrewLine only receives a confirmation that a purchase occurred and the purchased item identifier. No payment card data, billing addresses, or other financial details are accessible to or stored by CrewLine.

9. Legal Basis for Processing (GDPR)

Processing Activity	Legal Basis
Storing credentials locally to provide core app functionality	Performance of a contract / legitimate interest (Art. 6(1)(b),(f) GDPR)
Transmitting credentials to airline portals on your behalf	Performance of a contract / your explicit instruction (Art. 6(1)(b) GDPR)
Calendar read/write access	Your explicit consent (Art. 6(1)(a) GDPR)
Firebase Crashlytics & Analytics	Your explicit consent (Art. 6(1)(a) GDPR); can be withdrawn at any time
Uploading roster PDF to DienstPlanKonverter	Your explicit action / consent (Art. 6(1)(a) GDPR)
Submitting a bug report	Your explicit action / consent (Art. 6(1)(a) GDPR)

10. Data Retention

Locally stored data (credentials, roster files, settings) is retained until you delete the app or manually clear it within the app.
Firebase crash reports and analytics are retained according to Google's standard retention periods (typically 90 days for crash data, 14 months for analytics). Disabling the feature stops further collection but does not automatically delete previously transmitted data from Google's servers.
DienstPlanKonverter uploads: Uploaded roster files are processed for conversion and not retained beyond the request. Please refer to DienstPlanKonverter's own terms for details.
Bug reports: Transmitted debug logs are retained on our server for as long as necessary to diagnose the reported issue.

11. Your Rights (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): Request a copy of the data we hold about you.
Right to rectification (Art. 16 GDPR): Request correction of inaccurate data.
Right to erasure (Art. 17 GDPR): Request deletion of your data.
Right to restriction of processing (Art. 18 GDPR): Request that we limit how we use your data.
Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
Right to object (Art. 21 GDPR): Object to processing based on legitimate interest.
Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact: [email protected]

Since most personal data in CrewLine is stored exclusively on your device, you can also exercise many of these rights directly by clearing the app data or deleting the app.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority competent for Germany is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn
www.bfdi.bund.de

13. Children's Privacy

CrewLine is intended for use by adult airline crew members. The app is not directed at children under the age of 16. We do not knowingly collect personal data from children.

14. Security

Login credentials (usernames, passwords, session tokens) are stored using the platform's secure credential storage (iOS Keychain / Android Keystore) with hardware-backed encryption where available. Sensitive data is never stored in plain text on the device.

All communication with external services uses HTTPS. Some legacy airline portals may only support older TLS configurations or HTTP on internal networks; in those cases the app applies the minimum exceptions required for connectivity to that specific airline's internal system.

15. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available at homgsa.de/crewline/privacy_policy.html. Significant changes will be communicated via an in-app notification.