Privacy Policy

Last updated: May 23, 2026

Introduction

AirportRoutes.com ("we," "our," or "us") is operated by ADR Media, a Berlin-based publisher run by Andreas De Rosi. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

Information We Collect

Automatically Collected Information

When you visit AirportRoutes.com, we automatically collect certain technical information about your visit, including:

  • Browser type and version
  • Operating system
  • Referring website
  • Pages visited and time spent on pages
  • Date and time of visits
  • Approximate geographic location (country/region level, from IP address)

Information You Provide

We may collect information you voluntarily provide when you:

  • Create an account on our website (email, optional first/last name, password or social-login identity)
  • Track an airport for route-change alerts (your airport selections, alert preferences)
  • Submit comments on airport pages
  • Contact us through our contact form (name, email, message)
  • Sign in via a third-party identity provider such as Google (we receive your email address, name, and profile picture URL from that provider)

Analytics and User-Behaviour Tools

Plausible Analytics

We use Plausible Analytics (self-hosted at my.sitemetrics.app) for aggregate website traffic analytics. Plausible is a privacy-focused analytics service that does not use cookies and does not collect personally identifiable information. It is compliant with GDPR, CCPA, and PECR. Plausible provides us with aggregated, anonymized statistics about visitor counts, page popularity, referrers, and device types.

Microsoft Clarity

We use Microsoft Clarity to understand how visitors interact with our website through session recordings and heatmaps. Clarity collects information about your interactions (mouse movements, clicks, scroll behaviour), the pages you visit, and standard technical metadata. Clarity uses cookies and similar storage technologies, and shares the data with Microsoft to provide the service. We use this information to identify usability issues and improve the site. You can read Microsoft's privacy statement for more detail.

Cookies and Similar Storage

We use the following categories of cookies and local-storage items:

  • Strictly necessary: Session management, CSRF protection, authentication tokens, and your cookie-consent preference itself. These cannot be disabled without breaking core site functionality.
  • Functional: Remembering your tracked airports and notification settings when you are logged in.
  • Analytics & behaviour: Cookies/storage used by Microsoft Clarity (Plausible does not set cookies).
  • Security: Cloudflare Turnstile may set short-lived storage to remember that you completed a bot challenge.

You can manage your browser's cookie storage at any time through your browser settings, and EU/EEA visitors are presented with a cookie-consent banner on first visit. Removing or blocking cookies may impact your experience and prevent certain features from working.

Third-Party Services and Sub-Processors

We rely on the following third-party services. Each handles a defined slice of data on our behalf, subject to their own privacy practices:

  • Cloudflare — CDN, DDoS protection, DNS, and edge security. Processes all incoming HTTP requests; logs IP addresses for abuse-prevention purposes.
  • Cloudflare Turnstile — Bot challenge displayed on signup, login, and contact-form pages. Receives a token from your browser to verify you are not an automated client. No CAPTCHA, no cognitive challenge in most cases.
  • Postmark (operated by Wildbit / ActiveCampaign) — Transactional email delivery (sign-in magic links, route-change alerts, contact-form replies). Postmark processes the email content and the recipient address strictly to deliver the message. We are migrating to Postmark from Amazon SES; one or both services may be in use during the transition period.
  • Amazon SES (Amazon Web Services) — Fallback transactional email delivery.
  • Google Sign-In — Optional social login. When you choose "Continue with Google" we receive your verified email address, name, and profile picture URL from Google. We do not receive your password.
  • FlightAware (AeroAPI) — Flight route and schedule data. We send airport identifiers to FlightAware (not user data) to retrieve schedules.
  • Travelpayouts — Powers our Flight Booking search (white-label site at flights.airportroutes.com). When you submit a search, your search parameters are sent to Travelpayouts and partner booking sites (Kiwi, Booking.com, airlines). We may earn a commission on bookings made through these partners.
  • OpenStreetMap / Leaflet — Interactive maps.
  • OpenWeatherMap — Weather data displayed on airport pages.

These third parties have their own privacy policies. We encourage you to review them via the links above.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

  • Account data (email, name, password hash) is retained for the lifetime of your account. Closing your account triggers deletion within 30 days, subject to legal obligations.
  • Email logs (delivery status, bounces) are retained by our email providers (Postmark, SES) for up to 45 days for deliverability troubleshooting.
  • Session recordings (Microsoft Clarity) are retained for up to 13 months per Microsoft's default settings.
  • Aggregated analytics (Plausible) is retained indefinitely in aggregated, anonymized form.
  • Server logs are retained for 30 days for security/abuse-prevention purposes.

Your Rights (GDPR / CCPA)

If you are a resident of the European Economic Area (EEA), United Kingdom, Switzerland, or California, you have certain data-protection rights, including:

  • The right to access, update, or delete your personal information
  • The right to rectification if your information is inaccurate or incomplete
  • The right to object to our processing of your personal data
  • The right to request restriction of processing
  • The right to data portability
  • The right to withdraw consent at any time
  • The right to lodge a complaint with a supervisory authority (in the EU, your national data-protection regulator)

To exercise these rights, email us at [email protected] or use our contact form. We respond within 30 days.

Children's Privacy

Our website is not intended for children under 13 years of age (or 16 in the EU, where applicable). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

International Data Transfers

Some of our service providers are located outside the European Economic Area (notably in the United States: Cloudflare, Microsoft, Amazon Web Services, Postmark, Google, FlightAware). When we transfer data internationally, we rely on Standard Contractual Clauses or equivalent safeguards adopted by the European Commission to ensure your data remains protected.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes affecting how we process your data, we may also notify you via email. You are advised to review this Privacy Policy periodically.

Contact Us

If you have questions about this Privacy Policy, want to exercise your data-protection rights, or need to report a concern, please contact us: