Privacy Policy

1.1 Information You Provide Directly

• Account Information: When you register, we collect your email address, password (stored in hashed form only), first name, last name, and optionally your phone number.
• Profile Information: Profile photo, company name (for dealers), and contact preferences you choose to display.
• Listing Information: Aircraft details, specifications, photos, documents, pricing, and location information you provide when creating listings.
• Communications: Messages sent through our in-app messaging system, support requests, and other correspondence with us or other users.
• Payment Information: For dealer subscriptions, payment is processed by Stripe. We do not store complete credit card numbers; Stripe provides us with limited payment details for record-keeping.

1.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, and network information.
• Usage Information: Features accessed, actions taken, time spent, and interaction patterns.
• Push Notification Tokens: If you enable notifications, we collect device tokens to deliver push notifications.
• Log Data: IP address, browser type, access times, pages viewed, and referring URLs.

1.3 Information from Third Parties

• Google Sign-In and Google One Tap: If you authenticate using Google (including via the Google One Tap prompt), we receive your name, email address, and profile photo from Google. We do not receive your Google password.
• Apple Sign-In: If you authenticate using Apple, we receive your name and email address (or a private relay email if you choose to hide your email).

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our services, including account management, listing creation, and messaging.
• Legitimate Interests: Processing necessary for fraud prevention, security, platform improvement, and analytics, where such interests are not overridden by your rights.
• Consent: Processing based on your explicit consent, such as marketing communications and optional data collection.
• Legal Obligation: Processing required to comply with applicable laws and regulations.

We use collected information for the following purposes:

• Provide, operate, and maintain the Platform
• Create and manage your account
• Display your aircraft listings to potential buyers
• Facilitate communication between buyers and sellers
• Process dealer subscription payments
• Send transactional notifications (messages, listing activity)
• Prevent fraud, abuse, and unauthorized access
• Enforce our Terms of Service
• Improve and personalize the user experience
• Conduct analytics and performance monitoring
• Send marketing communications (with your consent)
• Comply with legal obligations
• Respond to legal requests and prevent harm

4.1 Publicly Visible Information

When you create a listing, the following information may be visible to all users: aircraft details, photos, general location, and contact preferences you choose to display. Your name and profile information may be visible to users you communicate with.

4.2 Service Providers

We engage trusted third-party companies to perform services on our behalf:

• Firebase/Google Cloud: Hosting, database, authentication, storage
• Stripe: Payment processing for subscriptions
• Google/Apple: Push notification delivery
• Cloudflare: Content delivery and security

These providers are contractually obligated to protect your data and may only process it according to our instructions and for the specific purposes we designate.

4.3 Legal Requirements and Safety

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, or legal process
• Respond to lawful requests from government authorities
• Enforce our Terms of Service and protect our rights
• Protect the safety, rights, or property of any person
• Investigate fraud, security breaches, or violations
• Prevent imminent harm or illegal activity

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.

We implement industry-standard security measures to protect your information:

• Encryption: TLS/SSL encryption for data in transit; AES-256 encryption for data at rest
• Authentication: Secure password hashing, multi-factor authentication options
• Access Controls: Role-based access, principle of least privilege
• Monitoring: Security logging, anomaly detection, regular audits
• Infrastructure: Enterprise-grade cloud hosting with SOC 2 compliance

While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law.

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this Policy:

• Active Accounts: Information retained while your account remains active and for a reasonable period thereafter.
• Deleted Listings: Removed from public view immediately; permanently deleted from our systems within 30 days.
• Messages: Retained while participating accounts are active; may be anonymized after account deletion.
• Account Deletion: Most personal data deleted within 30 days of account closure. Some records may be retained longer for legal compliance, fraud prevention, or dispute resolution.
• Backup Systems: Data may persist in encrypted backups for up to 90 days.

Our Platform may use cookies and similar technologies:

• Essential Cookies: Required for authentication, security, and basic functionality. Always active.
• Preference Cookies: Remember your settings and choices across sessions.
• Analytics Cookies: Help us understand usage patterns and improve the Platform. Opt-in only.

You can manage cookie preferences through your browser settings or the Privacy Settings section of your account.

8.1 Rights for All Users

Regardless of your location, you have the right to:

• Access: View the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Opt-Out: Unsubscribe from marketing communications
• Data Export: Request a copy of your data in a portable format

8.4 How to Exercise Your Rights

To submit a privacy request:

• Email: [email protected]
• Subject: "Privacy Request - [Your Request Type]"
• Response Time: Within 30 days (may be extended for complex requests)

We may require verification of your identity before processing requests. We will not discriminate against you for exercising your privacy rights.

Your information may be transferred to and processed in the United States or other countries where our service providers operate. For transfers from the EEA, UK, or Switzerland, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission. By using the Platform, you consent to such transfers.

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or 16 in the EEA). If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies solely to information collected through our Platform.

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no common understanding of how to interpret DNT signals, our Platform does not currently respond to them. However, you can manage your privacy preferences through the settings described in this Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last Updated" date at the top of this Policy
• We will notify you via email or in-app notification
• For material changes, we may require your acknowledgment

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Platform and delete your account.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Data Protection Contact:
• Email: [email protected]
• Subject: Privacy Inquiry

For GDPR-related inquiries, you may also contact your local data protection authority.