Privacy Policy

Last updated: 7/14/2026

1. Introduction

Welcome to Pilot in Cloud ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our flight logbook application (the "App") and website.

Data Controller: Jordi Marques
Contact: support@pilotincloud.com

2. Data We Collect

We collect the following types of information:

  • Identity Data: Name, email address, pilot license number.
  • Flight Data: Flight times, aircraft registrations, departure/arrival aerodromes, and other logbook entries.
  • Uploaded Content: Images of logbooks, licenses, and medical certificates for OCR processing and storage.
  • Technical Data: Anonymized (truncated) IP address, coarse location (country/city), device information and usage logs — only with your consent on the web.

3. How We Use Your Data

We use your data only for the following specific purposes. We do not profile you, build advertising audiences, or share your data with marketers or recruiters in any form:

  • To provide and maintain the digital logbook service.
  • To process images and extract flight data using AI/OCR technologies, strictly on your behalf.
  • To manage your account and subscription (payments processed by Paddle; we never see or store your card details).
  • To improve our services and analyze usage trends — only with your explicit consent, and only in aggregate.
  • To comply with legal obligations (e.g., aviation authority requirements where applicable).

4. Data Sharing and Processors

We do not sell your data. We share data only with the following third-party service providers ("Data Processors") necessary to operate the App:

  • Supabase: For authentication, database hosting, and file storage.
  • Vercel: For hosting the web application and serverless functions.
  • Google Gemini / AI Processors: Used solely for OCR image processing. Images are processed transiently and are not used to train AI models or retained by the AI provider beyond the scope of the request.
  • Paddle: Our Merchant of Record. They handle all payments, tax compliance, and subscription billing. We do not store your credit card information.
  • Analytics: First-party only — page visits are stored in our own database with a truncated IP and no precise location. No third-party analytics providers.

5. Data Storage and Security

Your data is stored securely on Supabase infrastructure with encryption at rest and in transit (TLS). We enforce Row-Level Security (RLS) so that no user can access another user's data, even in the event of a misconfiguration. We conduct regular security reviews and apply security patches promptly. In the event of a data breach that affects your personal data, we will notify you within 72 hours as required by GDPR.

Retention: Analytics data is automatically deleted after 180 days. Your logbook and documents are kept until you delete them or your account.

6. Your Rights (GDPR)

Regardless of your location, we commit to honoring the following rights for all users. If you are in the EEA, these rights are also guaranteed under GDPR. We will respond to any request within 30 days:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data ("Right to be Forgotten").
  • Restriction: Request restriction of processing.
  • Portability: Receive your data in a structured, commonly used format.

You can export all your data (JSON/CSV) and permanently delete your account at any time from Account → Data & Privacy.

To exercise these rights, please contact us at support@pilotincloud.com.

7. Cookies

We use essential cookies for authentication and security. We also use analytics cookies to understand how you use our App, but only if you consent. You can manage your cookie preferences at any time via the settings in the App.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via the App or email at least 30 days before they take effect, giving you the opportunity to review the changes and, if you disagree, to close your account and export your data before the new policy applies.