1. Introduction

Welcome to Pilot in Cloud ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our flight logbook application (the "App") and website.

Data Controller: Jordi Marques
Contact: support@pilotincloud.com

2. Data We Collect

We collect the following types of information:

• Identity Data: Name, email address, pilot license number.
• Flight Data: Flight times, aircraft registrations, departure/arrival aerodromes, and other logbook entries.
• Uploaded Content: Images of logbooks, licenses, and medical certificates for OCR processing and storage.
• Technical Data: IP address, device information, and usage logs (via analytics cookies if consented).

3. How We Use Your Data

We use your data only for the following specific purposes. We do not profile you, build advertising audiences, or share your data with marketers or recruiters in any form:

• To provide and maintain the digital logbook service.
• To process images and extract flight data using AI/OCR technologies, strictly on your behalf.
• To manage your account and subscription (payments processed by Paddle; we never see or store your card details).
• To improve our services and analyze usage trends — only with your explicit consent, and only in aggregate.
• To comply with legal obligations (e.g., aviation authority requirements where applicable).

4. Data Sharing and Processors

We do not sell your data. We share data only with the following third-party service providers ("Data Processors") necessary to operate the App:

• Supabase: For authentication, database hosting, and file storage.
• Vercel: For hosting the web application and serverless functions.
• Google Gemini / AI Processors: Used solely for OCR image processing. Images are processed transiently and are not used to train AI models or retained by the AI provider beyond the scope of the request.
• Paddle: Our Merchant of Record. They handle all payments, tax compliance, and subscription billing. We do not store your credit card information.
• Analytics Providers: (e.g., Google Analytics, PostHog) only if you explicitly consent to tracking cookies.

5. Data Storage and Security

Your data is stored securely on Supabase infrastructure with encryption at rest and in transit (TLS). We enforce Row-Level Security (RLS) so that no user can access another user's data, even in the event of a misconfiguration. We conduct regular security reviews and apply security patches promptly. In the event of a data breach that affects your personal data, we will notify you within 72 hours as required by GDPR.

6. Your Rights (GDPR)

Regardless of your location, we commit to honoring the following rights for all users. If you are in the EEA, these rights are also guaranteed under GDPR. We will respond to any request within 30 days:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("Right to be Forgotten").
• Restriction: Request restriction of processing.
• Portability: Receive your data in a structured, commonly used format.

To exercise these rights, please contact us at support@pilotincloud.com.

7. Cookies

We use essential cookies for authentication and security. We also use analytics cookies to understand how you use our App, but only if you consent. You can manage your cookie preferences at any time via the settings in the App.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via the App or email at least 30 days before they take effect, giving you the opportunity to review the changes and, if you disagree, to close your account and export your data before the new policy applies.