Skip to content
FlightAcademia.ai
Start trial
See pricingStart free 7-day trial

Privacy Policy

Loading version…

This Privacy Policy explains what FlightAcademia.ai ("we," "us") collects, why, and what rights you have. We follow the GDPR (for users in the EU/UK), CCPA/CPRA (for California users), and equivalent privacy laws. Questions: privacy@flightacademia.ai.

1. Data We Collect

  • Account data: name, email, password hash, certificate goal, target checkride date, training aircraft, current flight hours.
  • Training data: quiz attempts, lesson progress, oral session transcripts, scenario decisions, ATC session transcripts (text only — see Section 3).
  • Billing data: subscription plan and status. Card numbers are handled directly by Stripe — we never see or store them.
  • Usage analytics: page views, feature usage, performance metrics (anonymized where possible).
  • Technical data: IP address (recorded with consent log entries; otherwise hashed for rate limiting), browser type, device type, error logs.
  • Consent records: the document versions you accepted at signup, the IP address and user-agent at the time of acceptance.
  • Support data: emails, tickets, and chat messages you send us.

2. Why We Collect It (Lawful Basis)

  • Contract: to deliver the Service you subscribed to.
  • Legitimate interest: security, fraud prevention, product improvement, aggregate analytics.
  • Legal obligation: tax records, responding to lawful requests, retaining consent audit trail.
  • Consent: optional product emails, marketing (you can withdraw any time).

3. ATC Voice Trainer Audio (Important)

ATC Voice Trainer sessions: only the text transcript is retained for your access. Voice audio is processed in real-time and not stored. Your microphone audio is streamed live to the speech model to generate the controller's response, and is discarded as soon as the session ends. We do not write voice recordings to disk and we do not retain any audio files. The session transcript (your phraseology and the controller's responses) is stored as part of your training history so you can review your debrief.

4. Subprocessors

We share data only with vetted subprocessors that help us deliver the Service:

  • Supabase (database, authentication, file storage) — US.
  • Cloudflare (CDN, edge compute, DNS) — global.
  • Anthropic (Claude models — oral coach, scenario evaluation) — US.
  • OpenAI (GPT and Realtime models — ATC voice trainer, written prep) — US.
  • Google (Gemini models — supplemental coaching) — US.
  • Stripe (payments) — US.
  • Resend (transactional email) — US.

Anthropic, OpenAI, and Google are contractually prohibited from using your data to train their general models when accessed through their commercial APIs. Each subprocessor has signed a Data Processing Agreement consistent with our obligations under GDPR.

5. AI Content Accuracy Disclaimer

AI-generated content delivered by the Service may contain inaccuracies, hallucinations, outdated information, or errors. We make no warranty as to its accuracy or current-ness. See the Terms of Service §8 (No Warranty on AI Content) and the Aviation Disclaimer for the full statements. You must independently verify all information against current authoritative FAA sources before acting on it.

6. How Long We Keep Data

  • Account & training data: while your account is active, plus 24 months after deletion (for instructor records and CFI reference).
  • ATC voice audio: not retained.
  • Consent log entries: retained for the life of the account plus 7 years (legal audit trail).
  • Billing records: 7 years (tax law).
  • Server access logs: 90 days.
  • Support tickets: 24 months.

7. Your Rights

You can:

  • Access, export, or correct your data from account settings, or by email.
  • Delete your account at any time. We will delete personal data within 30 days, except where retention is required by law (including the consent audit trail).
  • Object to processing for legitimate-interest purposes (e.g. analytics).
  • Withdraw consent for marketing email at any time.
  • Lodge a complaint with your local data protection authority.

Send rights requests to privacy@flightacademia.ai. We respond within 30 days.

8. CCPA / CPRA (California)

California residents have the right to know what personal information we collect, to delete it, to correct it, and to opt out of "sale" or "sharing" of personal information. We do not sell personal information and we do not share it for cross-context behavioral advertising.

9. Security

We use TLS in transit, encryption at rest, hashed passwords, row-level security on all training data, and strict role-based access for staff. We log and audit administrative access.

10. Children

The Service is intended for users 16 and older. We do not knowingly collect data from children under 13. If you believe we have, email privacy@flightacademia.ai and we will delete it.

11. International Transfers

We are based in the US. If you access the Service from outside the US, your data is transferred to and processed in the US under Standard Contractual Clauses where required.

12. Changes

We will notify you of material changes by email or in-app notice at least 14 days before they take effect, and may require re-acceptance of updated terms.

13. Contact

Privacy questions: privacy@flightacademia.ai.