Legal
Privacy Policy
Effective Date: March 6, 2026 · Last Updated: March 6, 2026
Vertical Data Group, LLC · airindex.io
This Privacy Policy describes how Vertical Data Group, LLC (“Company,” “we,” “us,” or “our”) collects, uses, stores, discloses, and protects information about you when you access or use the AirIndex platform, website, and related services (collectively, the “Service”) at airindex.io.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
We collect information in three ways: information you provide directly, information collected automatically when you use the Service, and information received from third-party services that power the platform.
1.1 Information You Provide Directly
- Account information — name and email address when you create an account
- Payment information — billing name, billing address, and last 4 digits of your payment card. Your full card number is entered directly into Stripe's secure form and is never transmitted to or stored on our servers
- Alert and subscription preferences — the markets and corridors you choose to monitor, and how you want to be notified
- Communications — any messages you send to legal@airindex.io
1.2 Information Collected Automatically
- Usage data — pages visited, features used, dashboard interactions, session timing, and navigation patterns. Collected via Plausible Analytics (see Section 5)
- Technical data — browser type, operating system, screen resolution, country-level location (derived from IP address, not stored), referring URL. Collected via Plausible Analytics in aggregated, non-personal form
- API usage data — API key identifiers, endpoint requests, and rate limit consumption for Institutional and Enterprise subscribers
- Watchlist data — the markets you save to your watchlist are stored in your browser's localStorage on your own device. This data is not transmitted to our servers unless you are logged in and sync is enabled
1.3 Information from Third-Party Services
The platform uses the following third-party services that may process technical data as part of delivering the Service. See Section 5 for full details:
- Mapbox — stores an anonymous random device UUID in your browser's localStorage to support map telemetry. This UUID is not linked to your account or identity
- Google Fonts — font files are loaded from Google's servers, which logs the request (your IP address and browser type) as part of standard server operation
- Sentry — error tracking service that captures crash reports and exceptions. May include browser type, OS, page URL, and error context at the time of a crash
- Stripe — processes payment card data directly when you subscribe to a paid plan
We do not collect: government ID numbers, social security numbers, health data, biometric data, racial or ethnic origin, religious beliefs, or precise geolocation.
2. How We Use Your Information
We use the information we collect solely for the following purposes:
- Provide and operate the Service — delivering readiness scores, corridor data, regulatory filings, operator tracking, alerts, and all features associated with your subscription tier
- Process transactions — subscription payments, renewals, upgrades, and cancellations via Stripe
- Send service communications — account confirmations, payment receipts, magic link sign-ins, score change alerts you have opted into, and the monthly market report for eligible subscribers
- Send marketing communications — only with your explicit consent; unsubscribe at any time via the link in any marketing email or by emailing legal@airindex.io
- Improve the platform — using aggregated, anonymized Plausible Analytics data to understand which features are used most and where the experience can be improved
- Security and fraud prevention — monitoring for unauthorized access or abuse
- Legal compliance — responding to lawful requests from courts or regulators
We do not sell your personal information. We do not share your information with advertisers. We do not use your personal information to train AI or machine learning models without your separate explicit consent.
3. Cookies, Local Storage, and Tracking Technologies
No Tracking Cookies
AirIndex does not set any tracking cookies. The site sets zero cookies. We use Plausible Analytics, which is specifically designed to operate without cookies and without collecting personal data.
3.1 Cookies
We do not set first-party cookies. Stripe may set cookies during the checkout flow on their hosted payment pages, governed by Stripe's own privacy policy.
3.2 Browser Local Storage
We use your browser's localStorage (a standard web technology that stores data on your device, not on our servers) for the following purposes:
| Key | Purpose | Can You Clear It? |
|---|---|---|
airindex-watchlist | Saves the markets you've added to your watchlist so your selections persist between sessions | Yes — clear via your browser's “Clear site data” setting. Watchlist will reset. |
mapbox.eventData.uuid | Anonymous random device identifier used by Mapbox for map tile telemetry. Not linked to your account or identity | Yes — clear via browser storage settings. A new anonymous UUID will be generated on next map load. |
mapbox.eventData.uuidTimestamp | Records when the Mapbox UUID was created | Yes — cleared alongside the Mapbox UUID |
plausible_ignore | Opt-out flag: if set to 'true', Plausible Analytics will not count your page views. Useful for site administrators | Yes — delete this key to re-enable analytics counting of your visits |
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to anyone, for any reason, ever.
We may share limited information in the following circumstances:
- Service providers — with the third-party platforms listed in Section 5, solely to deliver the Service
- Legal requirements — when required by law, court order, subpoena, or other legal process
- Safety — to protect the rights, safety, or property of our users, the Company, or the public
- Business transfers — in connection with a merger, acquisition, or sale of company assets. You will be notified via email before your data is transferred or becomes subject to a different privacy policy
5. Third-Party Services
The Service relies on the following third-party platforms:
| Service | Purpose | Data Shared |
|---|---|---|
| Plausible Analytics | Privacy-focused website analytics | Aggregated page views, referrers, country (no IP stored, no cookies) |
| Mapbox | Interactive map rendering | Anonymous UUID for telemetry; map tile requests |
| Google Fonts | Typography | Standard HTTP request (IP, browser type) |
| Stripe | Payment processing | Billing name, address, card (entered directly into Stripe) |
| Amazon SES | Transactional email | Email address, message content |
| Amazon RDS | Database hosting | Account data, subscriptions (encrypted at rest) |
| Sentry | Error tracking | Browser, OS, page URL, error context at time of crash |
| Upstash | Rate limiting | Hashed IP or API key identifier, request counts |
Each service processes data under its own privacy policy. We select services that align with our privacy-first approach and minimize unnecessary data collection.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information (email, name) | Duration of account + 30 days after deletion request |
| Billing and payment records | 7 years (US tax and accounting requirements) |
| Plausible Analytics data | Retained indefinitely in aggregated, non-personal form |
| Server logs (IP addresses, access logs) | 90 days |
| Sentry error reports | 90 days |
| Email correspondence | 3 years from last communication |
| Alert subscription preferences | Duration of subscription; deleted within 30 days of cancellation |
| Inactive free accounts | Deleted after 24 months of inactivity with 30 days' email notice |
7. Data Security
We implement technical and organizational measures appropriate to the sensitivity and volume of data we handle:
- All data in transit is encrypted using HTTPS/TLS
- Payment card data is handled entirely by Stripe and never transmitted to or stored on our servers
- Access to personal data within the Company is limited to what is necessary to operate the Service
- We use passwordless authentication via secure magic links — no passwords are created or stored
- We use a privacy-first analytics tool (Plausible) that was specifically designed to avoid collecting personal data
No system is perfectly secure. In the event of a data breach materially affecting your rights, we will notify you as required by applicable law.
8. Your Rights and Choices
We honor the following rights for all users regardless of location:
Access
Request a copy of the personal information we hold about you by emailing legal@airindex.io with the subject “Data Access Request.”
Correction
Update your account information at any time through your account settings or by contacting us.
Deletion
Request deletion of your account and personal data. We honor deletion requests within 30 days, subject to legal retention requirements (e.g., billing records). Email legal@airindex.io with “Data Deletion Request” in the subject.
Opt-Out of Marketing
Click the unsubscribe link in any marketing email, or email legal@airindex.io. You will continue to receive transactional service emails (receipts, score alerts you subscribed to) until you cancel your account.
Plausible Analytics Opt-Out
To exclude your visits from Plausible Analytics, set the key plausible_ignore to “true” in your browser's localStorage for airindex.io.
Mapbox UUID Reset
Delete the mapbox.eventData.uuid and mapbox.eventData.uuidTimestamp keys from localStorage to reset your anonymous Mapbox identifier. A new random UUID will be generated on your next visit.
California Residents (CCPA/CPRA)
You have the right to: (1) know what personal information we collect and how it is used; (2) request deletion; (3) opt out of sale (we do not sell data); and (4) non-discrimination for exercising rights. To exercise these rights, email legal@airindex.io. We will respond within 45 days.
EEA / UK Residents (GDPR / UK GDPR)
You have rights to access, correct, erase, restrict, and port your data, and to object to processing. Our legal bases for processing are: contract performance (account and subscription), legitimate interests (security, analytics), and consent (marketing). You may lodge a complaint with your local supervisory authority. Contact: legal@airindex.io.
9. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us data, contact legal@airindex.io and we will promptly delete it.
10. International Data Transfers
Vertical Data Group, LLC is based in the United States. If you access the Service from outside the US, your information may be transferred to and processed in the United States. Plausible Analytics is hosted in the EU (Germany) and does not transfer analytics data to the US. Stripe and Mapbox operate globally. By using the Service, you consent to transfer of your personal information to the US consistent with this policy.
11. Changes to This Privacy Policy
We will update this Privacy Policy when our practices change. For material changes, we will: (1) update the Last Updated date, (2) email registered account holders at least 30 days before changes take effect, and (3) post a notice on the Service. Continued use after the effective date constitutes acceptance.
12. Contact
Questions, requests, or concerns about this Privacy Policy:
| legal@airindex.io | |
| Subject lines | “Privacy Policy Inquiry” / “Data Access Request” / “Data Deletion Request” |
| Company | Vertical Data Group, LLC |
| Website | airindex.io |
| Response time | 5 business days (45 days for formal CCPA/GDPR requests) |