MileX
← Back to Home

Privacy Policy

Last updated:

This Privacy Policy describes how MileX ("we", "us", or "our") collects, uses, and shares your personal information when you visit or use our services through milex.com (the "Site") and our browser extension.

Information We Collect

Personal Information

When you sign up for MileX, we collect:

  • Email address
  • Display name (if provided)
  • Authentication information (securely managed through Firebase)
  • Marketing preferences

Service Usage Information

When you use our services, we collect:

  • Airline program preferences
  • Award search queries (routes, dates, cabin classes)
  • Waitlist position and related activity

Browser Extension Data (When Installed)

When you install and use the MileX browser extension, we collect and process additional information to provide verified award search functionality:

  • Session detection data: We detect when you're logged into airline loyalty programs (e.g., United MileagePlus, American AAdvantage) to know which programs are available for verification
  • Elite status information: We capture your loyalty tier (e.g., Gold, Platinum, Diamond) from airline websites to ensure verified results reflect YOUR specific access to award space
  • Award search verification results: When you search for award flights, we capture the availability data shown in your browser session
  • Network request data: We intercept XHR/fetch requests to airline award search APIs to extract structured availability data
  • Cryptographic proof: We generate timestamps and hashes to prove that verified results came from a real airline session
  • Anonymous usage statistics: With your opt-in consent, we may collect coarse-grained, anonymized signals about award availability trends (never your personal session data)

🔐 Privacy First: How Your Extension Data is Protected

  • ✓ Local processing: Most data processing happens locally in YOUR browser. The extension does not continuously send data to our servers.
  • ✓ No password access: We NEVER access, store, or transmit your airline login credentials or passwords. You log into airlines normally through their official websites.
  • ✓ No payment data: We do not access or collect payment information, credit card details, or booking confirmation data.
  • ✓ You control sessions: The extension only accesses airline websites when you're actively using MileX search features. You can disable the extension at any time.
  • ✓ Verified results only: We only receive award availability data that was verified in your actual browser session—never estimates or data from other users.
  • ✓ Opt-in crowd signals: Anonymous availability trend data collection is entirely optional and requires your explicit consent. This data is coarse-grained (e.g., "Business awards available SFO→Tokyo in June") with no personally identifiable information.

Required Permissions Explanation: The MileX extension requires certain browser permissions to function:

  • webRequest/declarativeNetRequest: To detect when you're logged into airline programs and to capture award search results from airline APIs
  • Host permissions (airline domains): To interact with specific airline websites (United.com, AA.com, Delta.com, etc.) when verifying award availability
  • storage: To remember your preferences, session states, and cached verification results locally in your browser
  • alarms: To periodically check if saved sessions have expired and to schedule alert monitoring (when you enable alerts)

Automatically Collected Information

When you visit our site, we automatically collect:

  • IP address (anonymized)
  • Browser and device information
  • Pages viewed and features used
  • Referring websites
  • Time spent on our site

We collect this information using cookies and similar technologies. For more information, please see our Cookie Policy.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services, including verified award search functionality
  • Verify award flight availability in your browser sessions and present personalized search results
  • Detect your login status across airline loyalty programs to enable smart search planning
  • Calculate award value and provide recommendations based on your elite status and preferences
  • Send you technical notices, updates, security alerts, and support messages
  • Send you award availability alerts when you've opted in to alert monitoring
  • Respond to your comments, questions, and requests
  • Communicate with you about products, services, offers, and events
  • Monitor and analyze trends, usage, and activities in connection with our services
  • Improve our verification algorithms and search planning intelligence (using anonymized, aggregated data only)
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize the website and extension experience
  • Facilitate waitlist management and provide status updates

Legal Basis for Processing (EU/EEA Users)

If you are located in the European Union or European Economic Area, we collect and process your personal data only where we have a legal basis for doing so. The legal bases depend on the services you use and how you use them. This means we collect and use your information only:

  • To fulfill our contractual obligations to you
  • To comply with legal obligations
  • When we have legitimate interests in processing your information (which are not overridden by your data protection interests or rights and freedoms)
  • When you have given your consent

How We Share Your Information

We may share your personal information in the following situations:

  • With Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • With Your Consent: We may share your personal information for other purposes with your consent.
  • Legal Obligations: We may disclose your information where we are legally required to do so to comply with applicable law, governmental requests, judicial proceedings, court orders, or legal processes.

We do not sell your personal information to third parties.

Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Your Data Protection Rights

Depending on your location, you may have the following data protection rights:

  • Access: You can request copies of your personal information.
  • Rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Erasure: You can request that we erase your personal information under certain conditions.
  • Restriction: You can request that we restrict the processing of your personal information under certain conditions.
  • Object: You can object to our processing of your personal information under certain conditions.
  • Data Portability: You can request that we transfer the data we've collected to another organization or directly to you under certain conditions.

You can exercise these rights by visiting your Profile settings or by contacting us using the information provided in the "Contact Us" section below.

If you are located in the European Union or European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority.

International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

For transfers from the EU/EEA to countries not considered adequate by the European Commission, we ensure appropriate safeguards, such as standard contractual clauses, are in place.

Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal identifiable information from children under 18. If we discover that a child under 18 has provided us with personal information, we will immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, you can contact us:

  • By email: privacy@milex.com
  • By visiting the Contact page on our website: milex.com/contact
← Back to HomeCookie Policy →