Last updated: May 4, 2026
The Fair Information Practice Principles ("FIPPs") form the backbone of modern privacy law, including the U.S. Privacy Act of 1974, the OECD Privacy Guidelines, and the EU General Data Protection Regulation (GDPR). Fly-Right ("we", "us", or "our") has adopted the FIPPs as the foundation of our privacy program. This page explains how we apply each principle to the Fly-Right website at flyright.app and the SAFA Inspection Checklist app.
This Fair Information Practices statement supplements — but does not replace — our Privacy Policy, which contains the legally binding description of our data practices and your rights.
1. Notice / Awareness
You should know who is collecting information about you, what is being collected, and how it will be used. We provide this notice in plain language at the point of collection — through our Privacy Policy, on-screen disclosures within the App, and clear labeling on every form on the Site. We provide a meaningful description of:
- The identity of the entity collecting the information.
- The categories of information collected.
- The purposes for which it will be used.
- The categories of recipients with whom it may be shared.
- The means available to limit collection or use.
- The steps we take to protect the confidentiality, integrity, and quality of the data.
2. Choice / Consent
You should have meaningful choices about how your information is collected and used. We honor this principle by:
- Asking for opt-in consent for non-essential cookies and marketing communications, where required.
- Providing a one-click unsubscribe link in every marketing email.
- Allowing you to disable analytics within the App's settings.
- Honoring Global Privacy Control (GPC) signals where legally required.
- Allowing you to delete inspection content, photos, and your account from within the App.
3. Access / Participation
You should be able to view, correct, and delete information held about you. We provide:
- Self-service access to your inspection content within the App.
- An export feature that produces a machine-readable archive of your data.
- A privacy request form at inquiry@flyrightconsulting.com for access, correction, deletion, restriction, objection, and portability requests.
- A response timeline of forty-five (45) days or fewer, consistent with GDPR and CCPA.
- The right to designate an authorized agent to make a request on your behalf.
- The right to lodge a complaint with the data protection authority in your jurisdiction.
4. Data Integrity & Quality
Information held about you should be accurate, complete, and current. We support this principle by:
- Allowing you to update account details at any time.
- Validating data at the point of input where practicable.
- Promptly correcting inaccuracies you bring to our attention.
- Periodically reviewing retained data and purging records that are no longer necessary.
5. Purpose Specification & Data Minimization
We collect only the information we actually need, and we use it only for the purposes disclosed at collection. Specifically:
- We do not collect government-issued ID numbers, biometric identifiers, or precise geolocation.
- We do not use your inspection content to train machine-learning models.
- We do not sell, rent, or trade personal information.
- We do not use the App's data for cross-context behavioral advertising.
- We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
6. Security
We protect your information with reasonable administrative, technical, and physical safeguards, including:
- Encryption in transit (TLS 1.2 or higher) and at rest (AES-256).
- Principle-of-least-privilege access controls and multi-factor authentication for staff.
- Audit logging of access to production systems.
- Regular vulnerability scans, third-party penetration testing, and dependency monitoring.
- A documented secure-software-development lifecycle (SSDLC).
- Vendor security reviews before any third party is granted access to personal data.
- An incident-response plan with defined roles, escalation paths, and post-incident reviews.
7. Accountability & Enforcement
The FIPPs require enforcement mechanisms to ensure that organizations follow through on their commitments. Our accountability framework includes:
- A designated Privacy Office reachable at inquiry@flyrightconsulting.com.
- Regular internal audits of our data-handling practices.
- Mandatory privacy training for all employees and contractors.
- Contractual data-processing agreements with all service providers, including the EU Standard Contractual Clauses for cross-border transfers where applicable.
- Cooperation with regulators, including the U.S. Federal Trade Commission, state attorneys general, EU supervisory authorities, the UK ICO, and equivalent bodies elsewhere.
- Maintenance of a record of processing activities (RoPA) as required by Article 30 GDPR.
8. Breach Notification Commitment
If a security incident affects the confidentiality, integrity, or availability of personal information, we will:
- Investigate the incident promptly and engage qualified forensic experts when warranted.
- Notify affected individuals without undue delay and, where required, within seventy-two (72) hours of becoming aware of the breach (consistent with GDPR Article 33).
- Notify supervisory authorities and other regulators as required by applicable law.
- Provide information on the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address it.
- Where appropriate, provide credit-monitoring or identity-theft protection at no cost.
9. Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) before launching new features that involve large-scale processing, novel uses of data, or processing that is likely to result in a high risk to the rights and freedoms of individuals. DPIAs are reviewed by our Privacy Office and, where appropriate, by independent counsel.
10. Privacy by Design & by Default
Privacy is built into the App and the Site from the outset. Our defaults are the most privacy-protective options. For example:
- Inspection content is private to you by default; sharing requires an explicit action.
- Analytics within the App are opt-in for users in jurisdictions requiring opt-in consent and may be disabled by any user at any time.
- The App does not request access to your camera, microphone, contacts, or location unless you choose a feature that requires it (for example, attaching a photo to a finding).
- We minimize the personal information embedded in PDF reports the App generates and never include account-level identifiers without your knowledge.
11. Contact & Complaints
If you believe we have not complied with these principles, please contact our Privacy Office. We take all complaints seriously and will respond as quickly as possible.
Fly-Right
Attn: Privacy Office
Email: inquiry@flyrightconsulting.com
You also have the right to lodge a complaint with the data protection authority in your jurisdiction, including (without limitation) the U.S. Federal Trade Commission, the California Privacy Protection Agency, the UK Information Commissioner's Office, the Irish Data Protection Commission, or the supervisory authority in your country of residence.