Privacy Policy
Oct 1, 2025
This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your data.
Service Provider
The “FLYLOG.io" application (the “App”), available at www.flylog.io, app.flylog.io, the Apple App Store, and the Google Play Store App, is owned and operated by Breele s.r.o. (a limited liability company), Prague, Czech Republic, European Union.
This Privacy Policy applies to individual users (pilots) and to business organizations using FLYLOG.io for Business. The personal information we collect is used to provide and improve the service. We will not use or share your information with anyone except as described in this Privacy Policy.
1. Information We Collect and Receive
We only collect and use your personal information for legitimate reasons. We only collect personal information that is reasonably necessary to provide our services to you. All personal data is processed electronically and stored in encrypted form in multiple databases to ensure maximum security.
Data retention:
Individual subscriptions (pilots): We process your personal data for the duration of your subscription and, after cancellation, retain it for up to 12 months to allow recovery, unless you request permanent deletion earlier (see Section 9). Accounts without an active subscription may be deleted after 6 months in line with our Terms of Use.
Business subscriptions: FLYLOG.io acts as a data processor. We process and retain operational and customer data on behalf of the subscribing organization for as long as the subscription remains active. After cancellation or termination, Business account data is retained for 30 days to allow recovery and is then permanently deleted, unless otherwise agreed in writing. The organization may request earlier deletion by contacting support@flylog.io.
Note for users of FLYLOG.io for Business: If your personal data is managed under a Business account (for example, as a student, employee, or customer of the subscribing organization), any requests to delete your data should be directed to your organization, which acts as the data controller. FLYLOG.io will support the organization in fulfilling such requests.
1.1 Personal Data
First and last name
Email address
Company details (e.g., company name, ID number, VAT number) – required for Business accounts and optional for pilots who need invoices for tax purposes
Geographic location and time zone
Flight data (if uploaded or imported)
Planned flight routes (if uploaded)
Licences and certifications (if uploaded)
Contact list (if uploaded)
Other documents (if uploaded)
In-app backups and imported data (if applicable)
1.2 Log Data
When you use our service, or in the event of an error, we collect Log Data such as:
IP address
Device type, name, and OS version
App configuration
Date, time, and usage details
1.3 Access to Your Mobile Device
We may request access to device features such as location services to enable certain app features. You can change permissions in your device settings.
1.4 Push Notifications
We may send account- or app-related notifications. You can turn these off in your device settings.
1.5 Online CV
Users may create an online CV with flight experience visible to others or potential employers. Enabled by default, but can be disabled at any time.
1.6 Public User Profile
Basic profile details (name, avatar, total flight hours) may be visible to other users.
1.7 Business Accounts
For FLYLOG.io for Business, the subscribing organization (e.g., flight school, airline, cargo or private jet operator, or training provider) is the data controller of operational and customer data. FLYLOG.io acts solely as a processor, providing hosting and technical services.
For individuals added under a Business Account (such as employees, contractors, students, or customers of the subscribing organization):
Your personal and operational data (such as flight logs, licences, training records, duty times, certificates, or booking details) is provided and managed by your organization.
Your organization determines what data is collected and how it is used.
FLYLOG.io processes this data strictly on the instructions of the organization.
If you wish to exercise your data rights (access, correction, deletion), you should first contact your organization. We will support them as processor in fulfilling such requests.
Data retention for Business accounts is described in Section 1 (Data retention) above.
2. Tracking Technology
2.1 Cookies
We use cookies to:
Measure traffic and statistics
Save user preferences (e.g., language)
(Optional, with user consent) support marketing purposes, such as measuring the effectiveness of campaigns or showing relevant content.
Marketing cookies are optional and only used with your consent. Refusing them will not affect your ability to use the core services.
You can control cookies in your browser settings. In the EU/UK/CH, consent is required for analytics and marketing cookies. You may withdraw your consent at any time through your browser or cookie settings.
2.2 Web Analytics
We use Google Analytics to monitor and analyse usage. Data is anonymized and aggregated. See Google’s Privacy Policy.
2.3 Remarketing & Behavioural Targeting
We may use remarketing and behavioural targeting services to display ads to you on third-party platforms based on your past interactions with our website.
Currently, this includes:
Google Ads (Google LLC), which may use cookies and similar technologies to deliver targeted advertising. Users can opt out of Google’s personalised ads by visiting Google Ads Settings.
From time to time, we may also use other advertising platforms such as LinkedIn or X (formerly Twitter). These platforms may collect and process usage data in accordance with their own privacy policies.
You can opt out of interest-based advertising directly through the respective platform’s privacy or advertising settings.
2.4 Email Marketing
We use Mailjet to send both transactional emails (such as account notifications, invoices, or password resets) and marketing emails (such as updates or newsletters). You can unsubscribe from marketing emails at any time, while transactional emails will continue as they are necessary for your account.
2.5 Payments
We use Stripe and PayPal Braintree as our trusted payment processors. Both providers are certified to the highest level of PCI DSS (Payment Card Industry Data Security Standard). Your payment details are encrypted, handled, and processed directly by these providers — FLYLOG.io never stores or has direct access to your full card information.
3. Data Processing Agreements (DPA)
We maintain Data Processing Agreements (DPAs) with all third-party service providers (such as hosting, payment, and email providers) who process personal data on our behalf. A DPA is a legally required contract under data protection laws (including GDPR) that ensures personal data is processed securely, lawfully, and only for the purposes agreed.
Individual subscriptions (pilots): No DPA is required, as pilots act as both the controller and the data subject of their own data. Our Terms of Use and this Privacy Policy govern the relationship.
Business subscriptions: In these cases, the subscribing organization (e.g., an airline, flight school, or operator) acts as the data controller, and FLYLOG.io acts as the processor. A standard DPA is included as part of the subscription terms. If needed for compliance or audit purposes, a signed copy of the DPA can be provided upon request.
4. Data Security
Data is stored securely with Google Cloud (ISO 27001, SOC 2 compliant). We use strong encryption, TLS, and access controls. Payment providers Stripe and PayPal Braintree are PCI-DSS compliant.
5. Links to Other Websites
Our App and website may contain links to third-party sites. If you click on a third-party link, you will be directed to that site. We are not responsible for the content, privacy policies, or practices of any third-party sites or services. We strongly encourage you to review the privacy policies of those sites.
6. International Data Transfers
When transferring personal data outside the EU/EEA/UK/Switzerland, we ensure safeguards such as:
Standard Contractual Clauses (SCCs)
Adequacy decisions (where available)
Binding Corporate Rules (BCRs)
7. Age Limitations
We do not provide services to anyone under 18. We do not knowingly collect data from children under 13 (COPPA). If collected, it will be deleted immediately.
8. Account Information
You can review or update your information via your profile settings, even if your account is suspended to basic view.
9. Data Deletion
Users can permanently delete their data at any time by using the “Permanently Delete My Data” option in their profile.
Cancelled accounts: Data is retained for 12 months to allow recovery, then permanently deleted.
Unactivated accounts: Accounts that were never activated will be deleted after 6 months.
Deletion requests: When you use the “Permanently Delete My Data” option, your data is immediately removed from active systems. For up to 14 days, limited recovery may still be technically possible (e.g., from system backups), but this is not guaranteed. After 14 days, your data is permanently deleted from all systems and backups.
10. Emails and Communications
You can unsubscribe from marketing emails via the “Unsubscribe” link. Transactional emails (account, billing, support) will still be sent.
11. Data Ownership & Usage
Individual accounts (pilots): You are solely responsible for the legality of the data you upload.
Business accounts: The subscribing organization is the data controller for all data entered or managed under its account (including data relating to staff, students, contractors, or customers). FLYLOG.io acts solely as the data processor and processes such data only on the organization’s instructions.
In all cases, anonymized or aggregated data may be used by FLYLOG.io for statistical analysis, service improvements, and limited marketing (e.g., general usage trends).
12. Your Rights
Depending on your location, you may have the right to:
Access, correct, or delete your data
Restrict or object to processing
Data portability
Withdraw consent at any time
Opt out of “sale” or “sharing” of data (California, Virginia, Colorado, etc.)
File a complaint with your local authority (see §14)
Note for Business Account users: Some rights (such as access, correction, or deletion of operational records) may need to be exercised directly through your organization, which is the controller of your data. FLYLOG.io will support the organization in fulfilling these requests.
Requests can be made by contacting support@flylog.io.
13. Data Protection Officer
For privacy matters, contact our Data Protection Officer at support@flylog.io.
14. Supervisory Authorities
EU: Your local Data Protection Authority
UK: Information Commissioner’s Office (ICO)
Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
US: State Attorneys General (for CCPA/CPRA and other state laws)
15. Changes to This Privacy Policy
We may update this Policy from time to time. Updates will be posted here and, where significant, notified by email. The revised Policy takes effect immediately upon posting.
