Privacy Policy

We collect only what we need to run the Service.

Account information

• Email address and password (passwords are stored as one-way hashes via Supabase Auth)
• Optional profile information you choose to add: full name, license number, profile photo (avatar)
• Locale preference (English, Korean, Simplified Chinese, Spanish)
• Primary aviation regime (CA, FAA, EASA, etc.)

Content you upload

• Flight records (dates, aircraft, route, times, roles, conditions, remarks)
• Documents you choose to store in the document vault (medical certificates, licenses, ratings)
• Avatar images

Payment information

We do not see, store, or process your credit card details. Payments are handled by Stripe, Inc. We store only Stripe customer and subscription identifiers needed to associate your account with your billing record (e.g., cus_xxx, subscription status).

Technical information

• IP address, browser type, device type (used for security and to prevent abuse)
• Pages visited, referrer, approximate location at country/region level (via Vercel Analytics — no cookies, no individual user profiles)
• Error and performance data when something fails

We use your information to:

• Provide, maintain, and improve the Service (storing flights, computing currency, generating PDFs)
• Process payments and manage subscriptions through Stripe
• Authenticate you and keep your account secure
• Send transactional emails — signup confirmation, password resets, payment receipts, important account or service notices
• Detect, prevent, and respond to fraud, abuse, or security incidents
• Comply with legal obligations

We do not send marketing emails. The Service does not have a newsletter or promotional email list. If we ever add one, it will be strictly opt-in (CASL-compliant).

For users in jurisdictions that require a legal basis (e.g., Canada under PIPEDA, the EU under GDPR), we process your information based on:

• Performance of a contract — to deliver the Service you signed up for
• Your consent — given when you create an account and agree to these terms
• Our legitimate interests — security, fraud prevention, service improvement
• Compliance with legal obligations — tax records, lawful requests

We don’t sell your personal information. We share it only with the service providers we need to run the Service:

We may also disclose information when required by law (court order, subpoena, lawful regulatory request) or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

If we ever change ownership of the business (sale, merger, acquisition), your information may transfer to the new owner subject to this Privacy Policy or a successor policy.

We operate out of British Columbia, Canada, but the Service uses providers with infrastructure outside Canada. Your information may be processed and stored in the United States and other countries by our sub-processors listed above.

When information is transferred outside Canada, it becomes subject to the laws of the destination country, including potential government access requests. By using the Service, you consent to this transfer.

We use a small number of cookies and similar storage mechanisms:

• Authentication cookies (Supabase) — keep you signed in. Essential.
• Locale preference cookie (logbookhq.locale) — remembers your chosen language. Essential.
• No third-party advertising cookies. Vercel Analytics is cookieless.

You can clear cookies in your browser at any time; doing so will sign you out and reset your locale to English.

We keep your information only as long as needed:

• Account data and Your Content — for the life of your account.
• After account deletion — deleted from active systems within 30 days. Encrypted backups containing your data are purged on our backup-rotation schedule (up to 90 days).
• Payment and tax records — retained as required by Canadian tax law (typically six years from the end of the tax year they relate to).
• Security and fraud records — retained as long as needed to investigate or resolve an incident.

You have the right to:

• Access your information — you can see it in your account, and export your flight data anytime via Settings (CSV and PDF formats).
• Correct inaccurate information — edit it in your account settings.
• Delete your account and information — from account settings, or by emailing us.
• Withdraw consent — by closing your account. Note that this may end your ability to use the Service.
• Complain to a data protection regulator — in Canada, the Office of the Privacy Commissioner of Canada; in the EU/UK, your local data protection authority.

To exercise any of these rights, email support@pilotlogbookhq.com from the address on your account. We’ll respond within 30 days.

The Service is not directed at children under 16. We don’t knowingly collect information from children under 16. If you believe a child has provided us information, email support@pilotlogbookhq.com and we’ll delete it promptly.

We use reasonable administrative, technical, and physical measures to protect your information, including:

• HTTPS / TLS encryption in transit for all traffic
• Encryption at rest at our sub-processors (Supabase, Vercel, Stripe)
• Row-level security policies in the database to ensure you can only access your own data
• Access controls and audit logging on our infrastructure
• Limited employee and contractor access on a need-to-know basis

No system is 100% secure. If we ever detect a breach that affects your information, we’ll notify you promptly as required by law.

The Service lets you generate a public, read-only share link for your logbook snapshot. When you create a share link, anyone with the URL can view it. The link contains a long, unguessable token, but treat it like a private link — don’t post it publicly unless you intend the data to be public.

You can revoke any share link at any time from Settings. Once revoked, the URL stops working immediately.

We may update this Privacy Policy from time to time. When we do, we’ll update the “Last updated” date at the top. For material changes, we’ll send notice via email or in-app banner at least 14 days before they take effect.

Questions, requests, or complaints about your privacy? Email us at support@pilotlogbookhq.com.