Privacy Policy

Last updated: January 1, 2024

1. Introduction

FLYCLIM ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our eAIP platform ("Service").

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, organization details, role
  • Profile Information: Avatar, preferences, timezone, language settings
  • Authentication Data: Password (encrypted), login credentials
  • Content Data: Aeronautical information, documents, NOTAM data you create or upload
  • Communication Data: Support requests, feedback, correspondence

2.2 Automatically Collected Information

  • Usage Data: Pages viewed, features used, time spent, actions performed
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, error logs, performance metrics
  • Cookies: Session cookies, preference cookies (see our Cookie Policy)

3. How We Use Your Information

We use collected information for:

  • Service Provision: Operating and maintaining the eAIP platform
  • User Authentication: Verifying identity and managing access
  • Communication: Sending notifications, updates, and support responses
  • Improvement: Analyzing usage to enhance features and performance
  • Security: Detecting and preventing fraud, abuse, and security incidents
  • Compliance: Meeting legal obligations and regulatory requirements
  • Audit Trails: Maintaining records for compliance and accountability

4. Data Storage and Security

4.1 Data Storage

Your data is stored on secure servers provided by Google Cloud Platform. We implement organizational data isolation to ensure complete separation between different organizations' data.

4.2 Security Measures

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Role-based access control (RBAC)
  • Multi-factor authentication support
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery
  • 24/7 security monitoring

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information only in the following circumstances:

  • Within Your Organization: With authorized users in your organization
  • Service Providers: With trusted third-party service providers who assist in operating the Service (e.g., Google Cloud, email services)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice)

6. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time

How to Exercise Your Rights

To exercise any of these rights or request data deletion, contact us at:

Email:

privacy@flyclim.com

Please include your registered email address in your request. We will respond within 30 days.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active
  • Aeronautical Content: Retained according to ICAO and regulatory requirements
  • Audit Logs: Retained for 7 years for compliance purposes
  • Backup Data: Automatically deleted after 90 days

After account termination, we provide a 30-day grace period to export your data. After this period, data is permanently deleted unless legal retention obligations apply.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with all service providers
  • Compliance with GDPR transfer requirements

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email and posted on the Service at least 30 days before taking effect. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

FLYCLIM - Data Protection

Email: privacy@flyclim.com

Website: https://eaip.flyclim.com

EU Representative: Available upon request for GDPR compliance

12. Supervisory Authority

If you are in the EEA and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

By using the eAIP Service, you acknowledge that you have read and understood this Privacy Policy.