Steadway

Privacy Policy

Last updated: May 21, 2026 · Effective: May 21, 2026

This Privacy Policy explains how Copacetic Builds LLC (“Steadway,” “we,” “us,” or “our”) collects, uses, discloses, and protects information about you when you visit steadway.guide, use the Steadway web or mobile application at app.steadway.guide, or otherwise interact with our services (together, the “Service”).

Steadway is a guide that helps travelers prepare for, fly through, and recover from demanding flights. The Service is provided by Copacetic Builds LLC, a Florida limited liability company. For any privacy question, contact us at support@copaceticsolutions.org or by mail at 8115 Main St, Bokeelia, FL 33922, USA.

Contents

  1. 1. Scope and who we are
  2. 2. Information we collect
  3. 3. How we use information
  4. 4. Legal bases (EU/UK/EEA)
  5. 5. How we share information
  6. 6. Cookies and similar technologies
  7. 7. Analytics and advertising
  8. 8. Payments and subscriptions
  9. 9. International data transfers
  10. 10. Data retention
  11. 11. Security
  12. 12. Your rights and choices
  13. 13. California privacy rights
  14. 14. European, UK, and Swiss rights
  15. 15. Brazil (LGPD)
  16. 16. Other US state rights
  17. 17. Children
  18. 18. Do Not Track
  19. 19. Third-party links
  20. 20. Changes to this policy
  21. 21. How to contact us

1. Scope and who we are

This policy covers personal information we process as the data controller of the Service. It does not cover websites, products, or services operated by third parties that we link to or that are referenced inside the Service. The controller of your personal information is Copacetic Builds LLC, 8115 Main St, Bokeelia, FL 33922, USA, EIN 42-2556621.

By using the Service, you agree to the processing of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information we collect

We collect the minimum information needed to give you a useful guide through your flight. We group it as follows.

2.1 Information you provide

  • Account information. When you create an account, we collect your email address and, optionally, your first name. We authenticate you with a magic link sent to your email.
  • Trip information. To build your path, you provide your flight identifier (airline, flight number, date), origin and destination airports, and any optional details such as recovery preferences. For connecting journeys, you may provide both legs.
  • Communications. If you contact us by email, fill in the waitlist form on the marketing site, or otherwise communicate with us, we receive your name, email, and the content of your message.
  • Payment information. If you subscribe to a paid plan, our payment processor (Stripe) collects your payment card or bank details directly. We do not see, store, or have access to your full payment card number. We do receive a token, the last four digits, card brand, expiration, and billing country to support your subscription. If you subscribe through an app store (Apple App Store, Google Play), that store handles your payment details under its own privacy practices.

2.2 Information collected automatically

  • Device and usage information. When you use the Service, we automatically receive your IP address, approximate location derived from IP, user-agent string, device type, operating system, browser, language preferences, referring URL, the pages and screens you view, the actions you take, and timestamps.
  • Flight-data lookups. When you enter a flight, we query third-party flight-data providers (currently AeroDataBox and FlightAware AeroAPI) for the schedule, status, and timing of that specific flight. We send only the flight identifier and date; we do not send your account identity to those providers.
  • Cookies and local storage. We use a small number of cookies and browser-storage entries to keep you signed in, remember preferences, and measure how the Service is performing. See section 6.

2.3 Information from third parties

  • Flight-data providers return schedule, route, aircraft, and timing facts about your flight. We tie this data to your trip record, not to a profile about you.
  • Payment processor returns subscription state, billing country, last four digits, and chargeback or refund events.
  • Analytics providers return aggregated usage statistics; see section 7.

2.4 What we do not collect

We do not ask for your government identification, social security number, passport number, frequent-flyer credentials, contacts list, calendar contents, microphone, camera, or precise GPS location. If we ever add a feature that requires any of those, we will update this policy first and ask for your permission in-product.

3. How we use information

We process personal information for the following purposes.

  • Provide and operate the Service. Authenticate you, build your path, anchor cards to your real takeoff, remember your journeys, and let you return to them later.
  • Quality and improvement. Understand which parts of the Service work well and which need work, fix bugs, prevent abuse, and improve our recommendations.
  • Communications. Send transactional messages (magic links, receipts, service notices). Send marketing messages only where permitted and only after you opt in. You can opt out of marketing at any time.
  • Payments. Process subscriptions, prevent payment fraud, and handle refunds and chargebacks.
  • Legal and safety. Comply with law, enforce our Terms of Service, protect the rights and safety of users and third parties, and respond to lawful requests.

We do not sell your personal information for money. We do not share your personal information for cross-context behavioral advertising. See section 13for the California-specific meaning of “sale” and “sharing.”

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases under the GDPR and UK GDPR:

  • Contract. To provide the Service you signed up for, including building your path, processing payments, and providing support.
  • Legitimate interests. To run, secure, and improve the Service; prevent fraud and abuse; and conduct internal analytics, where those interests are not overridden by your rights and freedoms.
  • Consent. For optional analytics or marketing where consent is required, and for any other processing where we ask for it. You may withdraw consent at any time.
  • Legal obligation. Where we must process information to comply with applicable law.

5. How we share information

We share personal information only with the following categories of recipients and only as needed for the purposes above.

  • Service providers (processors) who operate the Service on our behalf. Current categories include cloud hosting and application infrastructure, transactional and customer email, analytics, error monitoring, customer support tools, flight-data providers, and the payment processor. We bind them by contract to process personal information only on our instructions.
  • App stores (Apple, Google) where you obtain or pay for the mobile app, for the purposes of distribution, billing, and fraud prevention.
  • Affiliates. Other entities under common ownership or control with Copacetic Builds LLC, subject to this policy.
  • Legal, safety, and compliance. Courts, regulators, law-enforcement agencies, and other authorities where required by law or subpoena, or to protect the rights, property, or safety of Steadway, our users, or others.
  • Business transfers. A counterparty in a merger, acquisition, financing, restructuring, bankruptcy, or sale of assets. We will notify you of any such transfer and your choices.
  • With your direction or consent for any disclosure not listed above.

6. Cookies and similar technologies

We use cookies, local storage, and similar technologies for three purposes:

  • Strictly necessary cookies and tokens keep you signed in, remember your consent choices, secure form submissions against forgery, and maintain session state. These do not require consent.
  • Functional entries remember preferences such as reduced motion and last-used input.
  • Analytics entries help us understand how the Service is used. Where the law requires consent (for example, in most of the EU and UK), analytics fire only after you consent.

You can block or delete cookies through your browser settings. Some features of the Service will not work without strictly necessary cookies.

7. Analytics and advertising

We currently use the following analytics providers:

  • Google Analytics 4 (Google LLC) for aggregated traffic and behavior analytics on the marketing site. Where required by law, we configure IP anonymization and limit data sharing.
  • Vercel Analytics for first-party performance analytics on pages we host with Vercel.

We do not currently run targeted advertising and we do not engage in cross-context behavioral advertising. If we add an advertising partner, we will update this policy and, where required, give you a way to opt out.

8. Payments and subscriptions

Paid subscriptions are billed through Stripe, Inc. for web transactions, and through Apple or Google for in-app purchases in their respective stores. Those processors handle your payment instrument under their own privacy practices.

We receive subscription metadata: the plan, the renewal date, the billing country, the card brand and last four digits, and the events needed to manage your subscription (paid, refunded, charged back, canceled). We never receive or store your full card number, CVV, or bank credentials.

For details on auto-renewal, cancellation, and refunds, see the Subscriptions section of our Terms of Service.

9. International data transfers

We are based in the United States, and the providers we use are primarily located in the United States and the European Union. When we transfer personal information out of the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (and the UK addendum or Swiss equivalent where applicable) and put in place the additional safeguards required by law. You can ask us for a copy of the relevant safeguards by emailing the address in section 21.

10. Data retention

We keep personal information only as long as we need it for the purposes described in this policy, plus a reasonable period to handle disputes, fraud, security, and legal obligations. In general:

  • Account records are kept while your account is active and for up to 24 months after deletion or last activity, whichever is longer.
  • Trip records are kept while your account is active. You can delete a journey at any time.
  • Payment and tax records are kept for the period required by US federal and state tax law and the laws of your country of residence (typically seven years in the United States).
  • Server and security logs are kept for up to 90 days, except where a longer period is needed to investigate a specific incident.
  • Marketing preferences are kept as long as needed to honor your opt-out.

You can ask us to delete your account at any time; see section 12.

11. Security

We use administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, and unauthorized disclosure. These include encryption in transit (TLS) and at rest where supported, role-based access controls, logging and monitoring, and vendor-security review. No system is perfectly secure, however, and we cannot guarantee the absolute security of any information.

12. Your rights and choices

You have the right to access, correct, update, delete, and export the personal information we hold about you, and to object to or restrict certain processing, subject to applicable law. You can:

  • Access, edit, or delete your account and journeys from inside the Service.
  • Opt out of marketing email by clicking the unsubscribe link in any marketing message or emailing the address below.
  • Withdraw consent for processing that relies on consent at any time. Withdrawal does not affect processing already carried out.
  • Ask us to confirm what we hold, send you a copy in portable form, correct it, or delete it. We respond within the time required by applicable law (typically 30 to 45 days). We may need to verify your identity before acting on a request.
  • Lodge a complaint with your local data-protection authority.

You can exercise any right by emailing support@copaceticsolutions.org. We will not discriminate against you for exercising any right.

13. California privacy rights

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you the following rights:

  • Right to know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete personal information we have collected from you, subject to the exceptions in the law.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. We do not sell your personal information for money, and we do not share it for cross-context behavioral advertising.
  • Right to limit use and disclosure of sensitive personal information beyond what is needed to provide the Service. We do not use sensitive personal information for any purpose that would require a limit-use right under the CPRA.
  • Right to non-discrimination for exercising any of these rights.

In the prior 12 months we have collected the categories of personal information described in section 2, for the purposes described in section 3, from the sources in section 2, and disclosed them for business purposes to the categories of recipients listed in section 5. To exercise a right, email support@copaceticsolutions.org with “California Privacy Request” in the subject line. Authorized agents may submit requests on your behalf with written authorization.

14. European, UK, and Swiss rights

If you are in the EEA, UK, or Switzerland, you have the rights to access, rectification, erasure, restriction of processing, data portability, and objection under the GDPR or UK GDPR. You may also lodge a complaint with your national data-protection authority. The controller is Copacetic Builds LLC; we do not currently maintain an Article 27 representative because our offering is not targeted at the EU within the meaning of Article 3(2). If that changes, we will appoint a representative and list them here.

15. Brazil (LGPD)

If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) gives you the rights to confirmation, access, correction, anonymization or blocking, portability, deletion, information about sharing, and revocation of consent. To exercise these rights, email the address in section 21. Our processing is generally based on contract performance, legitimate interests, or your consent, as applicable.

16. Other US state rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other US states with comprehensive privacy laws have rights similar to those in California, including the rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale, and certain profiling. To exercise any of these rights, email the address in section 21. If we deny your request, you have the right to appeal; instructions will be in our response.

17. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you are under 16, please do not use the Service or provide any information to us. If you are a parent or guardian and believe your child has provided personal information, contact us and we will delete it.

18. Do Not Track

Some browsers transmit “Do Not Track” signals. There is no industry consensus on how to interpret these signals; we do not respond to them at this time. Where the law requires us to honor a Global Privacy Control or similar signal as a right-to-opt-out request, we do so.

The Service may link to third-party websites, apps, or services. This Privacy Policy does not apply to those properties; their operators have their own privacy practices. Read them before providing information.

20. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy here, change the “Last updated” date, and, where appropriate, notify you by email or in-product. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

21. How to contact us

For questions, requests, complaints, or to exercise a privacy right, contact us: