Privacy Centre & Privacy Policy

CAPA - Centre for Aviation respects the privacy rights of our users and is strongly committed to protecting your privacy online. Our privacy policy, along with controls to manage data we collect are below.

Use of Cookies and Similar Technologies

CAPA makes use of cookies and similar technologies (particularly HTML5 local storage) to give you a better experience with this website. A cookie is a small text file that is stored within your browser, and passed back to the server every time a page is requested. This allows websites to differentiate between users, or serve different content depending on what values are in the cookie. HTML5 local storage is a way for websites to store small amounts of data in your browser that can only be read client-side, unless the site contains code to send data from local storage back to the server.

The CAPA website makes use of HTML5 local storage as a cache, so that it can quickly display Alerts settings, use your User ID, and remember your authentication token between browser sessions (ie. if you leave this site or close your browser and open it again, you won't need to log in again). If you are interested in what data we are storing in local storage for this site, you can get a live view of it by clicking here.

Your User ID

If you are logged into the CAPA website, you will have a User ID. This ID is a number that the CAPA website uses internally to quickly match your account to your details, subscriptions you have enabled, as well as your settings. This User ID will also be transmitted to Google Analytics if (and only if) you are logged in, however it is not identifiable unless matched against our internal accounts database, which is not shared with any third parties. If you visit the Route Maps tab on CAPA Profiles, your User ID will be encrypted and transmitted to OAG, who then transmit the encrypted token back to us in order to verify that your account has the appropriate access. OAG have no knowledge of your User ID during this entire process.

Data Collection

CAPA makes use of several technologies to collect data from you as you use the website. They are detailed below. The data collected by these tools is only directly viewable to CAPA and the companies hosting the analytics tools, however it may be disclosed in an anonymous, broad aggregate format in certain situations (ie. a potential advertising client would want to know how many views per month our website gets).

Google Analytics

CAPA uses the industry-standard Google Analytics platform to collect data related to how users are using the site. We use this data in an aggregated form in order to figure out overall site traffic, which types of content are performing well, how long users spend on the site, how long pages take to load, how various marketing campaigns have performed and so on. This data is anonymous, unless you are logged into the site. When logged into the website (and only when logged into the website), your User ID is transmitted to Google Analytics and your activity will be linked to that ID. CAPA can then potentially use that data to identify the product usage of individual users and companies. Agreeing to this tracking is part of the Terms of Service for CAPA Membership and other products.


CAPA make use of a third-party analytics tool called Act-On. Similar details to Google Analytics are stored, however once you fill in a contact form or sign up for a product, all your previous usage of the site will be instantly associated with your identity. Act-On is used by our marketing team in order to determine how successful marketing campaigns have been, and also to get an idea of what type of content an individual user or company finds relevant and useful.

Crash Data

The CAPA website is an extremely complex Javascript application, and like all computer applications, it has bugs. There are rare occasions where a data tool or other website feature will cause the website to break in your browser. When this happens, the screen will change to a page that indicates that the site has crashed, and will ask if you'd like to send a message stating what you were doing, for troubleshooting purposes. If you consent to automatic crash data collection, that page will still appear when something breaks, but relevant details will be automatically submitted to CAPA. You can still add a message if you wish (and please do, they're very helpful).

Data collected when a crash occurs:

  • URL - the web page address that the crash occurred on. This helps us quickly narrow the scope of possible crash causes.
  • Error Type - this is the type of the Javascript error, as reported by your browser. It will be something like "TypeError: Cannot read property 'years' of undefined."
  • Error Details - this will contain a list of components that the error occurred within. Due to minification, this list usually isn't helpful, but sometimes it has helped us quickly get to the bottom of where an error is occuring.
  • Browser Type - the web browser user-agent string. We use this to determine whether the bug only affects one brand/version of web browser.
  • Page History - this is a list of the previous pages of the CAPA website you were on in the current browser tab during the leadup to the crash occuring. Pages from outside the CAPA site are not included in this list. We use it to troubleshoot whether something on a previous page triggered a bug that caused a crash on the next page.
  • User ID - if you are logged into the CAPA website, your user ID will be transmitted. This helps us figure out whether it was a particular setting you had under your account that caused the crash.
  • Message - if you've included any message in the crash data submission, this would be it. Note that automatic crash data submission doesn't contain a message.

Crash data is very helpful for our development team when it comes to troubleshooting and fixing bugs with the site. Previously we've used it to solve crash bugs with the financial graphs, traffic graphs, route maps, the Alerts sidebar and many other things.


CAPA TV and live streaming videos are hosted on third-party websites (Vimeo for on-demand videos and Livestream for live videos) and displayed via inline frames. Anonymous usage data is tracked for these videos, including the length of time the video was played for, whether or not the video was played, the type of device the user was using, and their location (specific to a country/territory level). This data may also be logged by the video hosting provider for their own internal statistics. Please check their privacy policies for more information on what they do with collected data.


Many of CAPA's products are delivered in email format. These emails contain tracking code that allow us to identify whether a user has opened an email or clicked on a link from an email. These values are stored internally and on our email service provider's servers for analytics and fraud prevention purposes. Receiving CAPA emails indicates an acceptance of this Privacy Policy, as outlined in our Terms & Conditions.


CAPA serves advertising on its website. Advertisements are untargeted (all users see the same ads, regardless of their browsing history), and are sent from a server that is owned and operated by CAPA. We do not serve advertisements through third-party networks. This ad server may set cookies, however they are used for the purpose of making the server work properly and not for user tracking or identification. If a third-party customer has booked advertising resources on our ad server, then we provide them with impression and click-through statistics, however this data is aggregate-only and thus nothing personally identifiable is ever sent.

Collection and Use of Personal Information

CAPA collects personal information that you voluntarily provide on this Web site, which may include your name, address, e-mail address, credit card number, billing information, etc. We use this information to communicate with you and provide you with your requested service or product. You may instruct us at any time not to use your personal information to by contacting us here. Please note that this process may take up to thirty (30) days to complete. Credit Card numbers are not stored by CAPA on any internal or external databases, and are immediately deleted once a successful payment has been made.

Disclosure of Personal Information

We may disclose your personal information (such as payment details) to third parties for the purposes of processing transactions, however we do not disclose personal information to third parties for any other purpose.

Accuracy and Security of Personal Information

CAPA uses encryption technology to safeguard your credit card data used in electronic transactions. Any personal information you provide to CAPA is kept on secure servers with regularly updated software. CAPA uses reasonable administrative, technical, personnel, and physical measures (a) to safeguard personal information against loss, theft, unauthorized use, disclosure, or modification; and (b) to ensure the integrity of the personal information. To help us protect your privacy, you should maintain the secrecy of the logon ID and password you may have set up in connection with your participation in this Web site's service.

Server Logs

As is standard with web servers, we keep logs of URLs requested, the time, the response code and the IP address that the data was sent to. These are stored securely and are only accessed for troubleshooting or security purposes. Logged data is deleted after 14 days.

The CAPA Alerts App

The CAPA Alerts app logs anonymous analytics of how you use the app, in order for us to know which stories are being read most, how long users use the app on average for, and other assorted statistics. A condition of installation is that your unique hardware ID is provided to us - this is used for the sole purpose of being able to send notifications to your device about new Alerts, if you have enabled the notifications feature.


Requests made via third-party clients to the CAPA API are logged and stored indefinitely. Logged data includes the user's ID, the client ID used, the time and date of the request, the URL of the request, the request method, and query string parameters. This data is used by CAPA to ascertain the usage of third-party clients and to prevent abuse by enforcing our API terms of service. User IP addresses are also temporarily stored in-memory for the purpose of enforcing rate limits.

Accessing and Updating Your Personal Information

To access, review, rectify, or delete personal information that CAPA has collected about you, please contact us via email. All requests must include the following information: first name, last name, and e-mail address, so we can locate your data. While CAPA will make every effort to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such access requests, if allowed or required by applicable laws.

Transfer of Personal Information To Other Countries or Territories

CAPA is headquartered in Sydney, Australia, but also has employees around the world, and also makes use of web hosting and cloud service providers located in data centres globally. Data you provide to us will be transferred internationally to servers located in various countries throughout the world.

Links To Third-Party Web Sites

CAPA may provide links to third-party websites. Since we do not control third-party sites and are not responsible for any personal information you may provide while on such sites, we encourage you to read the privacy policies on those websites before providing any of your personal information on such sites.

Modifications To This Privacy Policy

CAPA reserves the right to change this privacy policy at any time by posting revisions on this page. CAPA Members and affected users will be notified via email when it is updated.

Last Updated: 09-Jul-2019