Privacy Policy

Air Marketplace is operated by AirSecurity. The marketplace does not collect personal data beyond what's strictly necessary to operate the site. With your analytics consent we load two third-party services for anonymous product-usage analytics (Google Analytics and Microsoft Clarity). We also send application error reports and performance measurements to Sentry and Datadog so we can keep the service reliable — see “Product-Usage Analytics” and “Error Reporting and Performance Measurement” below for what is and isn't included. Declining analytics consent has no impact on site functionality.

Cookies and Tracking

We use a small amount of strictly necessary first-party browser storage to operate the site:

• airspace.cookieConsent: records your cookie consent choice so we don't re-prompt you on every page.
• airspace.analysisId: caches the identifier of any in-flight Bill-of-Materials analysis you've started, so a page reload doesn't lose your work.

Both are first-party localStorage entries set and read only by Air Marketplace; nothing is sent to a third party.

You can review or change your consent choice at any time via the “Cookie Preferences” link in the site footer.

Product-Usage Analytics

When you grant analytics consent, Air Marketplace sends anonymous product-usage events to two third-party analytics providers so we can understand how the marketplace and console are used:

• Google Analytics 4 — aggregate page views, navigation patterns, and the in-app events listed in our analytics schema (e.g. search, filter applied, login, install started / succeeded / failed, external link clicked, package detail viewed). Each event carries a coarse-location timezone (see below), a surface tag (“marketplace” or “console”) so we can segment reports by site area, and a runtime tag (“web” or “desktop”) so we can distinguish browser visits from our desktop shell. Where we send content identifiers (package slugs, console extension IDs) these are opaque marketplace identifiers, not tied to your account or tenant.
• Microsoft Clarity — session replays with strict masking enabled, so form inputs and other potentially sensitive content are not recorded.

We do not send your name, email, IP address, or any other personally identifying information to either provider. Both providers set their own first-party cookies (_ga*, _clck, _clsk) that are cleared from your browser when you withdraw analytics consent.

If you decline analytics consent, neither provider is loaded.

Error Reporting and Performance Measurement

Air Marketplace sends application error reports and Core Web Vitals measurements to Sentry and Datadog, third-party error-monitoring and performance services, so we can find and fix bugs and keep the marketplace fast and reliable. Both process limited technical data on a legitimate-interest basis. Reports include:

• The error message and stack trace (Sentry only).
• The route you were on (URL path with identifiers replaced by placeholders so we don't see which specific package or BOM you were viewing).
• Your browser type and version.
• Page load timing and Core Web Vitals (Datadog).

Neither service is used for advertising or behavioral profiling. We do not send cookies or authentication headers, and we never set a user identifier on these events. IP address may be processed by the vendor for abuse prevention. Reports are kept by Sentry and Datadog on our behalf for engineering troubleshooting only.

Coarse Location

When our analytics provider is configured for the environment you're using and you have granted analytics consent, we attach your browser's IANA timezone string (for example, Europe/Berlin or Asia/Jerusalem) to product-usage events as a coarse-location signal. This is the only location-correlated data we collect — we do not use IP geolocation, the browser's Geolocation API, or any finer-grained location source. The timezone is read from your device's settings via the standard Intl.DateTimeFormat browser API and is sent only after you grant analytics consent.

AI-Generated Content and Automated Scoring

Some of the information shown on an add-on’s page is generated or assisted by AIR’s proprietary AI pipeline as part of how we catalogue and review add-ons:

• Catalog metadata. An add-on’s category label and feature summary may be generated by an AI model from its name, description, and source. Although AIR’s proprietary AI pipeline is trained and fine-tuned to provide accurate data, in some cases AI-generated text may be incomplete or inaccurate — treat it as a convenience, not an authoritative description of the add-on.
• Safety verdicts. The safety score and its scan results are produced with AI assistance.

Producing these outputs involves processing the submitted add-on content — for example its manifest, description, and source files — with an AI model.