Privacy & Data Handling Policy
XPGuard ("we", "the service") provides VATSIM-controlled airfield lighting — runway stop bars, Takeoff Hold Lights (THL) and Follow-the-Greens taxi guidance — for X-Plane 12 and Microsoft Flight Simulator, together with a website where contributors can map and edit airport lighting and taxi networks. This policy explains what data we collect, why, and how we protect it. XPGuard is an independent, community project and is not affiliated with or endorsed by VATSIM, Laminar Research, Microsoft or Asobo Studio.
1. Who we are
XPGuard is operated by the XPGuard project maintainer. For any privacy request, contact [email protected].
2. What we collect
- VATSIM Connect sign-in: when you log in with VATSIM, we receive — only for the scopes you approve — your VATSIM CID, full name, email address, and ratings/division.
- Email sign-up (alternative): your email address and a securely hashed password (we never store passwords in plain text).
- Contributions: the airport stopbar and taxi-network edits you submit (positions, runway assignments, names) and which account submitted them, for attribution and review. Your display name and VATSIM CID are visible to the volunteer moderators who review submissions, and appear in the per-airport contribution history shown to signed-in users (similar to other public mapping projects). Your email address is not shared with moderators.
- Downloads: when you download a plugin build while signed in, we record which file you downloaded and when, as an access/audit log.
- Plugin data: the pilot plugins (X-Plane, MSFS) send your simulated aircraft's position so the server can return the nearest airport's stop bars, and — while you are connected to VATSIM — a short-lived presence beacon (your callsign) so controllers can see who is running XPGuard. Positions are used in the moment and expire from memory within about a minute; they are not stored against you. The EuroScope and vatSys controller plugins send your VATSIM callsign and the runways you claim, so live stop-bar and Takeoff-Hold-Light state can be shared with pilots; claimed airports and controller callsigns (never names) also appear on our public Live Status page.
- Taxi-network traces (opt-in): if you pair your simulator with the taxi-network editor and record taxi traces, the recorded ground tracks of your simulated aircraft are stored together with your callsign to help map that airport's taxiways. Traces are kept on a rolling basis (only the newest recordings per airport are retained), are visible only to the mapping team, and are deleted on request.
- Technical: a session cookie to keep you signed in, and minimal server logs (IP address, timestamps) for security and debugging.
3. Why we use it
- To authenticate you and keep you signed in.
- To attribute and review your contributions before they are published.
- To operate, secure and improve the service.
Our legal basis is your consent (given when you sign in / sign up) and our legitimate interest in running a secure service.
4. How it is stored & protected
Data is stored on our own server (hosted at DigitalOcean) in a private database. All traffic is encrypted in transit (HTTPS/TLS). Passwords are hashed. Routine database backups are kept for up to 14 days. We do not sell your data and do not share it except with the infrastructure providers needed to run the service (see below).
5. Third parties
- VATSIM — sign-in (VATSIM Connect OAuth). Separately, our Live Status map displays publicly available VATSIM network data (traffic positions and controller callsigns from VATSIM's public data feed).
- DigitalOcean — server hosting.
- Cloudflare — DNS and network services in front of the site.
- Resend — email delivery for all transactional emails: account verification, password reset, and contribution/moderation status notifications.
- ntfy.sh — operational push notifications to the maintainer (e.g. a new runway claim); receives the claim's callsign and airport, not your account details.
- Discord — moderator applications submitted through our Discord bot (VATSIM CID, name, vACC) are posted to the moderation channel of our Discord server; release announcements are posted to our public channel.
- Embedded web resources — our pages load fonts from Google Fonts, open-source scripts from the unpkg and jsDelivr CDNs, the landing-page trailer from YouTube (privacy-enhanced mode), and — in the map editor and Live Status map, when you select those layers — map imagery from OpenStreetMap, Esri and Google Maps. When your browser loads these resources, your IP address and browser details are sent to the respective provider; map-tile requests also convey the map area you are viewing.
6. Retention & your rights
We keep your account data while your account is active. You may request access, correction, or deletion of your data at any time by emailing [email protected]; we will delete your account and personal data on request (published contributions may be retained in anonymised form, and deleted data may persist in routine backups for up to 14 days before it is purged).
7. Cookies
We use a single, essential, http-only session cookie to keep you signed in. We do not use advertising or third-party tracking cookies. The embedded third-party resources listed above involve direct requests from your browser to those providers, but set no tracking cookies on our pages.
8. Changes
We may update this policy; the "last updated" date above will change. Material changes will be announced on the site.