Privacy Policy

1. Data Controller and Contact

Fly-Right is the controller of personal information processed in connection with the Site and App. You can reach our Privacy Office at inquiry@flyrightconsulting.com. EU/UK residents may also contact our representative through the same address.

2. Information We Collect

We collect the categories of information described below.

2.1 Information you provide directly

• Account information — name, email address, operator/company name, role (e.g., captain, dispatcher), and password (stored as a salted hash).
• Inspection content — tail-number profiles, notes, photos, attached documents, findings, and PDF reports you generate. We treat this as your User Content; you control whether to share it.
• Communications — emails or support tickets you send us, and any information you choose to include.
• Payment information — if you purchase a subscription, payment is processed by Apple via the App Store. Apple shares limited transaction information with us; we do not see or store your full card number.

2.2 Information collected automatically

• Device information — device model, operating system version, language, time-zone, and a unique installation ID.
• Usage data — events such as which features you use, crash diagnostics, and aggregated performance metrics.
• Log data — IP address, browser type and version, referring URL, pages viewed on the Site, and timestamps.
• Cookies and similar technologies — see our Cookie Policy for details.

2.3 Information we do not collect

We do not knowingly collect government-issued ID numbers, biometric data, geolocation finer than country/region, or special categories of personal data (such as health, religion, or sexual orientation).

3. Sources of Information

We obtain personal information from (a) you directly, when you create an account or use the App; (b) automatically, through your device and our analytics tools; and (c) from service providers, such as Apple's App Store (limited transaction data) and our cloud-hosting provider.

4. How We Use Information

We use personal information to:

• Provide, operate, and maintain the Site and App.
• Authenticate users and protect accounts from unauthorized access.
• Sync your inspection profiles between your devices.
• Generate PDF reports you ask the App to produce.
• Provide customer support and respond to inquiries.
• Send service-related communications (e.g., security alerts, policy updates).
• Send marketing emails, where permitted by law and only to recipients who have opted in.
• Detect, prevent, and respond to fraud, abuse, or violations of our Terms.
• Improve our products through aggregated analytics and crash reports.
• Comply with legal obligations and enforce our agreements.

We do not use your personal information to train machine-learning models, and we do not sell your personal information.

5. Legal Bases for Processing (GDPR)

For users in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 GDPR:

• Performance of a contract — to provide the App and Site features you request.
• Legitimate interests — to improve our products, secure our services, and prevent fraud, balanced against your rights.
• Consent — for marketing emails and non-essential cookies; you may withdraw consent at any time.
• Legal obligation — to comply with applicable laws.

6. When We Share Information

We share personal information only as described below.

• Service providers — vendors that host our infrastructure, send transactional email, process payments, and provide analytics. They are bound by contract to use information only as we direct.
• At your direction — when you choose to share an inspection profile, send a PDF report, or invite a colleague to your account.
• Business transfers — in connection with a merger, acquisition, or sale of all or part of our business, subject to standard confidentiality protections.
• Legal compliance — to comply with a court order, subpoena, or other legal process; to protect our rights, property, or safety; or to investigate fraud or violations of our Terms.
• With your consent — for any other purpose disclosed at the time of collection.

We do not share your information with advertisers, data brokers, or for cross-context behavioral advertising.

7. "Sale" or "Sharing" of Personal Information (CCPA)

In the preceding twelve (12) months, we have not sold personal information for monetary consideration, and we have not shared personal information for cross-context behavioral advertising as those terms are defined under the CCPA. We have not knowingly sold or shared the personal information of consumers under sixteen (16) years of age.

8. International Data Transfers

Fly-Right is based in the United States. If you access the Site or App from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. Where required by law, we use Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum to provide appropriate safeguards for cross-border transfers.

9. Data Retention

We retain personal information for as long as necessary to provide the App, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Account data — for the life of your account and up to twenty-four (24) months thereafter.
• Inspection content — until you delete it; deleted records are purged from backups within ninety (90) days.
• Server logs — typically thirty (30) days, longer for security investigations.
• Marketing preferences — until you unsubscribe or opt out.

10. Information Security

We use administrative, technical, and physical safeguards designed to protect your personal information, including encryption in transit (TLS 1.2+) and at rest, principle-of-least-privilege access controls, audit logging, and vendor security reviews. No system is completely secure, however, and we cannot guarantee absolute security. If a breach occurs, we will notify affected users and regulators as required by law.

11. Your Privacy Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your information ("right to be forgotten").
• Restrict or object to certain processing.
• Portability — receive your information in a structured, commonly used, machine-readable format.
• Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
• Opt out of the sale or sharing of personal information (we do not sell or share, but you may still submit a request).
• Opt out of automated decision-making, including profiling that produces legal or similarly significant effects (we do not perform such automated decision-making).
• Non-discrimination — we will not retaliate against you for exercising your rights.
• Lodge a complaint with your local data protection authority.

12. How to Exercise Your Rights

Submit a request by emailing inquiry@flyrightconsulting.com with the subject line "Privacy Rights Request." We will verify your identity using information already in our possession and respond within forty-five (45) days, or as required by applicable law. You may also designate an authorized agent to make a request on your behalf, subject to verification.

13. Notice to California Residents

The CCPA grants California residents specific rights regarding their personal information. The categories of personal information we collected in the past twelve (12) months map to the CCPA categories as follows:

• Identifiers (name, email, IP address)
• Customer records (account information)
• Commercial information (subscription transactions)
• Internet activity (Site usage, App usage events)
• Geolocation (general region inferred from IP)
• Inferences (none drawn for profiling)

We did not collect "sensitive personal information" as defined under the CPRA.

To exercise your CCPA rights, email inquiry@flyrightconsulting.com or call our toll-free line at +1-800-555-0142. We will not discriminate against you for exercising any of these rights.

Shine the Light: California Civil Code §1798.83 permits California residents to request information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing.

14. Notice to EEA, UK, and Swiss Residents

You have the rights described in Section 11 under the GDPR/UK GDPR. You may lodge a complaint with the supervisory authority in your member state of residence or with the UK Information Commissioner's Office (ICO). For Swiss residents, the Federal Data Protection and Information Commissioner (FDPIC) is the competent authority.

15. Notice to Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information to third parties. We do not sell personal information as defined by Nevada law, but if you wish to submit a verified opt-out request you may email inquiry@flyrightconsulting.com.

16. Children's Privacy

The Site and App are intended for users 18 years of age or older. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If we learn that we have collected such information, we will delete it. Parents or guardians who believe their child may have provided information to us should contact inquiry@flyrightconsulting.com.

17. Do Not Track Signals & Global Privacy Control

Some browsers transmit Do Not Track ("DNT") signals or Global Privacy Control ("GPC") signals. We honor GPC signals as opt-out preference signals where required by law. Because there is no industry standard for DNT, our Site does not currently respond to DNT signals.

18. Third-Party Sites and Services

Our Site and App may contain links to third-party websites or services. Their privacy practices are governed by their own policies; we encourage you to read them before providing any personal information.

19. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through the Site, the App, or by email. Your continued use of the Site or App after the changes take effect constitutes acceptance of the revised Policy.

20. Contact Us

Privacy questions, requests, or complaints can be directed to:

Fly-Right
Attn: Privacy Office
Email: inquiry@flyrightconsulting.com