Legal

Privacy Policy

Effective date: June 12, 2026  ·  Governed under North Carolina law

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. Data Retention
  6. Security
  7. Your Rights
  8. Children
  9. Changes to This Policy
  10. Contact Us

Plain-language summary: Galley Desk collects your work email and employee number to verify that you are an active American Airlines flight attendant. We use Stripe to process payments and Supabase to store your data securely. We do not sell your personal information to anyone.

1. Who We Are

Galley Desk ("we," "us," or "our") is a subscription software service built for American Airlines flight attendants. We provide tools including PBS bid analysis, contract reference, duty day calculation, and related features designed to help flight attendants navigate their workday.

Our service is operated from North Carolina. All disputes are governed by North Carolina law and subject to the jurisdiction of Mecklenburg County courts.

For privacy questions, contact us at hello@galleydesk.com.

2. Information We Collect

Account Information

When you create an account, we collect a personal email address of your choice and a password (stored as a secure hash via Supabase Auth). Your personal email becomes your Galley Desk login. We do not store your password in plain text.

Employment Verification Information

To confirm you are an active AA flight attendant, we use a two-step process: first, we send a one-time verification code to your @aa.com address to confirm active AA employment. Second, you enter your AA employee number, which is cross-referenced against the APFA seniority roster — information accessible to all AA flight attendants through their union. Once verified, we record your employee number, seniority number, domicile base, hire date, equipment group, and base rank to personalize your bidding tools. Your @aa.com address is not retained after verification. Your employee number and seniority profile remain stored for as long as your account is active.

Payment Information

Subscription payments are processed by Stripe. Galley Desk does not store your credit card number, CVV, or full card details on our servers. Stripe returns a customer ID that we store in order to manage your subscription status. You can review Stripe's privacy practices at stripe.com/privacy.

Usage Data

We collect basic usage information such as which tools you interact with and general activity logs. This data is used to improve the service and troubleshoot issues. It is not linked to any advertising profile. How we handle your conversations with the AI Concierge is described separately below.

AI Concierge Conversations

Each time you use the AI Concierge or the bidding assistant, we record a small set of non-identifying labels about the exchange, such as the general topic, whether the assistant answered, and which contract sections it referenced. These labels never include the text of your message or the assistant's reply, and they are not linked to your account.

The text of your conversations is stored only if you turn on "Help improve the assistant" in Settings. This setting is off by default and is entirely optional. When it is on, we store the text of your messages and the assistant's replies so that we can review them and improve the assistant's coverage and accuracy. Before any text is stored, we remove direct identifiers such as email addresses, phone numbers, and employee and seniority numbers, and the stored text is not linked to your account or to any other identifier we hold about you. This conversation text is deleted automatically within 60 days. You can turn the setting off at any time, which stops any further text from being stored.

Feedback

If you submit optional feedback through the app (for example, during the subscribe flow), that message is stored in our database and used solely to improve the product.

Cookies and Local Storage

We use browser local storage to maintain your login session. We do not use advertising cookies or third-party tracking pixels.

3. How We Use Your Information

We do not use your information for advertising, behavioral profiling, or sale to third parties.

4. How We Share Your Information

We share personal data only with the following service providers, and only to the extent necessary to operate the service:

We may disclose information if required by law or to protect the rights, property, or safety of Galley Desk, our users, or the public.

We do not sell, rent, or trade your personal information.

5. Data Retention

We retain your account data for as long as your account remains active. If you cancel your subscription and request account deletion, we will remove your personal information from our active database within 30 days. The non-identifying labels and aggregated usage data described in Section 2, which cannot be linked back to you, may be retained indefinitely to improve the service. Conversation text you choose to share through "Help improve the assistant" is deleted automatically within 60 days, regardless of your account status.

To request deletion of your account and data, email us at hello@galleydesk.com.

6. Security

We take reasonable technical and organizational measures to protect your information. These include encrypted data transmission (HTTPS), hashed password storage, AES-256 encryption at rest via Supabase, row-level security controls in our database, and restricted access to production systems.

No system is completely secure. If you believe your account has been compromised, contact us immediately at hello@galleydesk.com.

7. Your Rights

You have the right to:

To exercise any of these rights, email hello@galleydesk.com. We will respond within 30 days.

8. Children

Galley Desk is intended solely for adult American Airlines flight attendants. We do not knowingly collect information from anyone under the age of 18. If we become aware that a minor has created an account, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If changes are material, we will notify subscribers by email. Continued use of the service after an update constitutes acceptance of the revised policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the data we hold about you, please contact us at:

Galley Desk
Operated from North Carolina, United States
Email: hello@galleydesk.com