Flight OpuFlightOpuBeta
← Back to home

Privacy Policy

Last updated: June 29, 2026

1. Who We Are

Flight Opu ("we", "us") is the data controller for personal data processed in connection with the Service. Contact: privacy@flightopu.com.

2. Data We Collect

  • Account data: name, work email, role, operator/AOC name.
  • Operational data: flight schedules, tail numbers, route data, crew rosters, fuel & W&B figures you upload or sync via SFTP / API.
  • Crew PII: names, licence numbers, recency dates — only when uploaded by your operator.
  • Usage data: pages viewed, features used, error logs (no third-party advertising trackers).
  • Cookies: a single first-party session cookie plus your consent preference (see Cookie banner).

3. How We Use Data

  • To provide the Service (briefings, NOTAM summaries, weather pulls).
  • To improve product reliability and AI summary quality (aggregated, de-identified).
  • To support billing and customer success.
  • To comply with legal obligations.

We do not sell personal data, and we do not use crew PII to train third-party AI models.

4. AI Processing

NOTAM summaries and dispatch assistance use the Lovable AI Gateway (Google Gemini / OpenAI GPT). Inputs are sent over TLS, are not used by the providers for model training under the gateway agreement, and are retained only as needed to render the response.

5. Data Sharing

We share data only with sub-processors necessary to operate the Service: Lovable Cloud (hosting & database), Cloudflare (edge delivery), aviationweather.gov & FAA DINS (read-only public data sources). A current sub-processor list is available on request.

6. Data Residency & Retention

Operational data is hosted in the EU by default. Crew PII is retained for the duration of your subscription plus 90 days, then deleted. Flight log data may be retained longer where required by aviation record-keeping rules (typically 3 months for ops records, longer for accident-related material).

7. Your Rights (GDPR / UK GDPR)

You may request access, rectification, deletion, restriction or portability of your personal data, and you may object to processing or lodge a complaint with your supervisory authority. Email privacy@flightopu.com; we respond within 30 days.

8. Security

TLS 1.2+ in transit, AES-256 at rest, role-based access control, audit logs, RLS-enforced data isolation per operator, and SSH-key authenticated SFTP for legacy integrations. We will notify affected operators of any confirmed breach within 72 hours.

9. International Transfers

Where data is transferred outside the EEA / UK, we rely on Standard Contractual Clauses and the UK Addendum.

10. Changes

We will post material changes on this page and notify operator admins by email at least 14 days before they take effect.