Privacy Policy

1. Who We Are

Galley Desk ("we," "us," or "our") is a subscription software service built for American Airlines flight attendants. We provide tools including PBS bid analysis, contract reference, duty day calculation, and related features designed to help flight attendants navigate their workday.

Our service is operated from North Carolina. All disputes are governed by North Carolina law and subject to the jurisdiction of Mecklenburg County courts.

For privacy questions, contact us at [email protected].

2. Information We Collect

Account Information

When you create an account, we collect a personal email address of your choice and a password (stored as a secure hash via Supabase Auth). Your personal email becomes your Galley Desk login. We do not store your password in plain text.

Employment Verification Information

To confirm you are an active AA flight attendant, we use a two-step process: first, we send a one-time verification code to your @aa.com address to confirm active AA employment. Second, you enter your AA employee number, which is cross-referenced against the APFA seniority roster — information accessible to all AA flight attendants through their union. Once verified, we record your employee number, seniority number, domicile base, hire date, equipment group, and base rank to personalize your bidding tools. Your @aa.com address is not retained after verification. Your employee number and seniority profile remain stored for as long as your account is active.

Payment Information

Subscription payments are processed by Stripe. Galley Desk does not store your credit card number, CVV, or full card details on our servers. Stripe returns a customer ID that we store in order to manage your subscription status. You can review Stripe's privacy practices at stripe.com/privacy.

Usage Data

We collect basic usage information such as which tools you interact with, queries submitted to the concierge AI, and general activity logs. This data is used to improve the service and troubleshoot issues. It is not linked to any advertising profile.

Feedback

If you submit optional feedback through the app (for example, during the subscribe flow), that message is stored in our database and used solely to improve the product.

Cookies and Local Storage

We use browser local storage to maintain your login session. We do not use advertising cookies or third-party tracking pixels.

3. How We Use Your Information

• To verify your eligibility as an AA flight attendant
• To create and manage your account and subscription
• To deliver personalized PBS bidding analysis based on your seniority and domicile
• To process subscription payments and handle billing events via Stripe
• To send transactional emails (verification codes, subscription confirmations, admin notifications) via Resend
• To send optional product update emails, if you opted in during signup
• To improve and debug the service
• To enforce our Terms of Service

We do not use your information for advertising, behavioral profiling, or sale to third parties.

4. How We Share Your Information

We share personal data only with the following service providers, and only to the extent necessary to operate the service:

• Supabase — database and authentication infrastructure
• Stripe — payment processing and subscription management
• Resend — transactional email delivery
• Anthropic — AI model provider that powers the concierge and bidding AI features. Queries you submit are processed by Anthropic's API. We do not send your name, employee number, or payment information to Anthropic.
• Vercel / Railway — cloud hosting infrastructure for the frontend and backend applications

We may disclose information if required by law or to protect the rights, property, or safety of Galley Desk, our users, or the public.

We do not sell, rent, or trade your personal information.

5. Data Retention

We retain your account data for as long as your account remains active. If you cancel your subscription and request account deletion, we will remove your personal information from our active database within 30 days. Anonymized or aggregated usage data that cannot be linked back to you may be retained indefinitely to improve the service.

To request deletion of your account and data, email us at [email protected].

6. Security

We take reasonable technical and organizational measures to protect your information. These include encrypted data transmission (HTTPS), hashed password storage, AES-256 encryption at rest via Supabase, row-level security controls in our database, and restricted access to production systems.

No system is completely secure. If you believe your account has been compromised, contact us immediately at [email protected].

7. Your Rights

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your account and personal data
• Opt out of product update emails at any time (reply to any email or contact us directly)
• Cancel your subscription at any time via the billing portal in the app

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Children

Galley Desk is intended solely for adult American Airlines flight attendants. We do not knowingly collect information from anyone under the age of 18. If we become aware that a minor has created an account, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If changes are material, we will notify subscribers by email. Continued use of the service after an update constitutes acceptance of the revised policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the data we hold about you, please contact us at:

Galley