Last updated: February 25, 2026 | Version 2.0

Privacy Policy

Last Updated: February 25, 2026

1. Introduction

At AviatorFlow, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our flight school management platform. Please read this privacy policy carefully.

2. Your Data Ownership

You own your data. All data you input into AviatorFlow, including but not limited to:

  • Student records and flight logs
  • Instructor information and schedules
  • Aircraft maintenance records
  • Financial and billing information
  • Communications and documents

remains your property. You retain all rights, title, and interest in your data at all times.

3. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email, phone number)
  • Flight school data (students, instructors, aircraft, schedules)
  • Usage data and analytics
  • Communication preferences
  • Payment and billing information

4. How We Use Your Data

We use your data for the following purposes:

Service Provision

  • To provide and maintain our services
  • To process your transactions and manage billing
  • To send you service-related communications
  • To provide customer support

Service Improvement

  • To analyze usage patterns and improve our platform
  • To develop new features and functionality
  • To enhance security and prevent fraud
  • To optimize performance and user experience

Important: We use aggregated and anonymized data for service improvements. This means we may analyze usage patterns, feature adoption, and performance metrics without identifying individual users or flight schools.

5. Marketing Communications

We will never use your data for marketing purposes without your explicit consent.

You may opt-in to receive:

  • Product updates and new feature announcements
  • Industry news and best practices
  • Educational content and webinars
  • Special offers and promotions

You can opt-out of marketing communications at any time by clicking the unsubscribe link in any email or by updating your preferences in your account settings.

6. Data Sharing and Third Parties

We will never sell your data to third parties. Period.

We may share your data only in the following limited circumstances:

  • Service Providers: We may share data with trusted third-party service providers who assist us in operating our platform (e.g., hosting, payment processing, email delivery). These providers are bound by confidentiality agreements and are prohibited from using your data for any other purpose.
  • Legal Requirements: We may disclose data if required by law, court order, or governmental regulation.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, but only with the same privacy protections.
  • With Your Consent: We may share your data with third parties when you explicitly authorize us to do so.

7. Sub-Processors and Third-Party Services

We use the following third-party service providers (sub-processors) to operate our platform. Each processor is bound by a Data Processing Agreement (DPA) and appropriate safeguards for international data transfers as required by GDPR Article 28.

Processor NamePurposeData CategoriesCountryTransfer Safeguard
Amazon Web Services (SES)Transactional email deliveryEmail addresses, email contentUnited StatesStandard Contractual Clauses
Firebase/FCM (Google)Mobile push notificationsDevice tokens, notification contentUnited StatesStandard Contractual Clauses
Square (Block, Inc.)Student payment processingNames, emails, payment tokensUnited StatesStandard Contractual Clauses
StripePlatform subscription billingBusiness names, emails, billing addressesUnited StatesEU-US Data Privacy Framework
CivoCloud infrastructure hostingAll application dataUnited KingdomUK Adequacy Decision

For questions about our data processing practices or to request a copy of any Data Processing Agreement, please contact us at privacy@aviatorflow.com.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Regular backups and disaster recovery procedures
  • Employee training on data privacy and security

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. If you close your account, we will delete or anonymize your data within 90 days, except where we are required to retain it for legal, tax, or regulatory purposes.

10. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of your data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your data
  • Export: Download your data in a portable format
  • Restriction: Request restriction of data processing
  • Objection: Object to certain data processing activities

To exercise these rights, please contact us at privacy@aviatorflow.com.

11. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. You can control cookie preferences through your browser settings. Essential cookies required for the platform to function cannot be disabled.

12. Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

13. Your Data Subject Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR). These rights can be exercised at any time through your Privacy Dashboard.

  • Right to Access: Request a copy of your personal data. Exports are provided as a ZIP archive within 30 days of your request.
  • Right to Erasure: Request deletion of your account. Your personally identifiable information (PII) will be anonymized while FAA-required flight records are preserved as mandated by 14 CFR Part 61.51.
  • Right to Rectification: Update or correct your personal information at any time through your account settings.
  • Right to Data Portability: Export your data in machine-readable format for use with other services.
  • Right to Restrict Processing: Withdraw specific consent types and limit how we process your data through your Privacy Dashboard.

To exercise any of these rights, visit your Privacy Dashboard. You may also contact us directly at privacy@aviatorflow.com.

14. Consent Management

We collect and process your personal data based on your explicit consent. You can manage your consent preferences at any time through your Privacy Dashboard.

We request consent for the following data processing activities:

  • Marketing Communications: Product updates, news, and promotional content
  • Analytics: Usage data to improve the platform
  • Data Sharing: Sharing with third-party integrations you enable
  • Push Notifications: Mobile and browser push notifications

Withdrawing consent does not affect the lawfulness of any processing carried out before your withdrawal. Cookie consent is managed separately via our cookie consent banner, which appears on your first visit.

15. Data Retention Schedule

We retain your personal data only as long as necessary for the purposes outlined in this policy. Our retention practices are as follows:

  • FAA-Regulated Records: Flight logs, maintenance records, and endorsements are retained indefinitely as required by federal law (14 CFR Part 61.51). These records cannot be deleted even upon an erasure request.
  • Non-Regulated Data: Account data, preferences, and non-essential records have defined retention periods and are automatically purged when those periods expire.
  • Account Data on Erasure: Upon an erasure request, your account data is anonymized (not permanently deleted) to preserve the integrity of FAA-regulated records while removing your personal identifiers.

For a full breakdown of retention periods by data type, contact us at privacy@aviatorflow.com.

16. Breach Notification

In the event of a data breach affecting your personal data, we will notify you within 72 hours of discovery as required by GDPR Article 33. Our breach notifications will include:

  • The nature of the breach and the categories of data affected
  • The approximate number of individuals and records affected
  • The measures we have taken or propose to take to address the breach
  • Recommended actions you can take to protect yourself

We maintain a documented breach response procedure and an audit trail for all incidents. We also notify the relevant supervisory authority as required by applicable law.

17. Sub-Processors & International Transfers

We use third-party service providers (sub-processors) to operate our platform. All sub-processors have Data Processing Agreements (DPAs) in place as required by GDPR Article 28.

For a current list of sub-processors, their purposes, and the data transfer mechanisms we rely upon, visit your Privacy Dashboard. The sub-processor table in Section 7 above also provides a summary.

Data transfers outside the EU/EEA are protected by one of the following mechanisms: Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, or a European Commission adequacy decision. We do not transfer personal data to countries without adequate protections in place.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

Get in Touch

If you have questions about this Privacy Policy or our data practices, we'd love to hear from you.

Contact Us