Privacy Policy for FlightRecord

Last Updated: January 21, 2026

Introduction

Pink Bear Industries ("we," "our," or "us") operates the FlightRecord web application and FlightRecordApp mobile application (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

By using FlightRecord, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

Information We Collect

Personal Information

We collect the following personal information when you use our Services:

• Account Information: Username, email address, first name, last name, password (encrypted), phone (optional), birth date (optional), gender (optional)
• Company Information: Company name, company ID, and associated organizational data
• User Preferences: Time zone, app theme preferences, and notification settings
• Authentication Tokens: Secure tokens stored locally on your device to maintain your login session

Credentials and Documents

Additional information can be uploaded by each user to track eligibility and qualifications:

• Professional Credentials: Drivers license, passport, pilot certificates, medical certificates, and other pilot-related credentials and documents
• Document Storage: All documents you upload are stored on secure Amazon S3 servers
• Purpose: We use these documents to track eligibility and qualifications. We do not share or intentionally make public any document you upload to your profile

Location Information

With your permission (mobile app only), we collect precise location data (GPS coordinates) when you:

• Perform equipment inspections and checks
• Submit reports that require location verification
• Use location-based features of the mobile app

Location data is used to associate equipment checks with specific geographical locations for operational and safety compliance purposes.

Equipment and Operational Data

We collect and process:

• Equipment Inspection Data: NFC tag IDs (RFID) from mobile app, equipment status, inspection results, answers to inspection questions
• Flight Operations: Commercial operation and flight data is collected when a pilot or mechanic enters log data
• Notes and Reports: Free-form text notes you add to inspections, daily logs, pilot status reports, and hazard reports
• Time Card Data: Clock-in/clock-out times, work duration, and associated project information
• Scheduling Information: Flight schedules, assignments, and project details
• Aircraft Information: Aircraft identifiers and related flight operation data

Technical and Usage Data

We automatically collect certain information when you use our Services:

• Device Information: Device model, operating system version, unique device identifiers (mobile app only)
• Login Activity: The last date and time you logged in, the last date and time you logged out, the date and time of your last activity (creating, editing, deleting records)
• App Usage Data: Features accessed, app performance metrics, error logs
• Crash Reports: Diagnostic data when the mobile app crashes or encounters errors (collected via Sentry)
• Network Information: API request data, response times, and connection status
• Analytics: We use Google Analytics for traffic and usage statistics, but this data does not include your specific uses/history

NFC Data (Mobile App Only)

When you use NFC functionality to scan or program equipment tags:

• RFID Tag IDs: Unique identifiers stored on NFC tags attached to equipment
• Tag Programming Data: Information written to NFC tags for equipment identification

What We DON'T Collect

• IP Addresses: We do not track your IP address
• Behavioral Tracking: We do not allow third-party behavioral tracking

How We Use Your Information

Operational Purposes

• Equipment Management: Track equipment status, inspections, and maintenance history
• Work Tracking: Manage time cards, schedules, and work assignments
• Flight Operations: Support daily logs, pilot reports, and operational documentation
• Safety Compliance: Maintain records required for aviation safety and regulatory compliance
• Credential Verification: Track pilot qualifications, document expiration, and eligibility status

Service Delivery

• Authentication: Verify your identity and maintain secure access to your account
• Data Synchronization: Sync your data between your device and our servers
• Offline Functionality: Store data locally on mobile devices when you're offline and sync when connectivity is restored
• Location Verification: Associate equipment checks with geographical locations
• Personalization: To personalize your experience based on your preferences and permissions

Communication

• Notifications: Send you important updates about equipment status, schedules, and assignments
• Periodic Emails: Send periodic emails pertaining to (but not limited to) user status, document expiration, progress, scheduling, payroll, etc.
• Support: Respond to your inquiries and provide customer support
• Updates: Inform you about application updates, new features, and policy changes

App Improvement

• Performance Monitoring: Track app performance and identify technical issues
• Crash Reporting: Diagnose and fix app crashes and errors (mobile app)
• Analytics: Understand how users interact with our Services to improve functionality
• Feature Development: Guide development of new features based on usage patterns

Data Storage and Security

Server Storage

• Data is contained within a secure database stored on 3rd party servers. We do not maintain our own servers.
• Your data is transmitted securely to our servers using HTTPS/TLS encryption (SSL technology)
• Documents and images are stored on secure Amazon S3 servers
• Server-side data is stored in secure, access-controlled databases
• We implement industry-standard security measures including firewalls, encryption, and access controls
• Data backups are encrypted and stored securely
• Data is stored on secured servers and is only accessible by a limited number of qualified people who are required to keep information confidential

Local Storage (Mobile App Only)

• Data is stored locally on your device using SwiftData (Apple's encrypted database)
• Authentication tokens and credentials are stored securely in the iOS Keychain
• The Keychain uses hardware-level encryption and is protected by your device passcode/biometrics
• Local data is automatically encrypted by iOS when your device is locked

Access Controls

• Information displayed on pages is protected by permissions that prevent users who are not authorized from viewing certain information
• These permissions are designed under FlightRecord's discretion (influenced by user feedback when applicable)
• Permissions are unique for each user determined by their user roles
• Permissions decide who can add, edit, view, or delete specific records
• Permissions can also limit access to certain pages or even parts of pages

Data Retention

• We retain your personal information for as long as your account is active
• Equipment inspection records are retained according to aviation industry standards and regulatory requirements
• After account deletion, we retain certain data as required by law or legitimate business purposes
• Crash reports and anonymized analytics may be retained for technical improvement purposes

Cookies and Tracking

• Cookies: We do use cookies to persist certain information about you to improve your user experience. Cookies are small files stored locally on your computer used to save information that can be used later. Saving locally allows your browser quick access to this information without having to interact with an external service, making page data/interaction immediate. A good example of a cookie is storing your username so a login form is pre-filled on page load.
• Third-Party Tracking: We do not allow third-party behavioral tracking
• Google Analytics: We do use Google Analytics for traffic and usage stats, but this data does not include your specific uses/history
• Vulnerability Scanning: We do not use vulnerability scanning and/or scanning to PCI standards

Data Sharing and Disclosure

Within Your Organization

• Data is shared with other users in your company as necessary for operational purposes
• Your company administrator may have access to data related to company operations
• Equipment checks, time cards, reports, and credentials may be visible to authorized personnel in your organization based on role-based permissions

Third-Party Services

We use the following third-party services that may have access to your data:

• Amazon S3: Secure storage for documents and images you upload
• Google Analytics: Traffic and usage statistics (does not include personally identifiable information)
• Sentry: Crash reporting and error monitoring for the mobile app that collects diagnostic data including device information, app state, and error logs. Sentry Privacy Policy

Important: We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. We do not include or offer third-party products or services on our website. We have not enabled Google AdSense on our site but may do so in the future.

Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Protection of our rights, property, or safety
• Investigation of fraud or security issues
• Enforcement of our Terms of Service
• Compliance with aviation safety regulations

Business Transfers

If Pink Bear Industries is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

Your Rights and Choices

Access and Correction

• You can access and update your account information through the Settings page (web) or App Settings (mobile)
• You can request a copy of your personal data by contacting us
• You can request correction of inaccurate or incomplete data

Location Permissions (Mobile App)

• You can enable or disable location access in your device Settings > Privacy > Location Services > FlightRecordApp
• Disabling location may limit certain features that require location data

NFC Permissions (Mobile App)

• You can control NFC access through your device settings
• NFC functionality is required for equipment tag scanning and programming features

Account Deletion

• You can request deletion of your account by contacting your company administrator or our support team
• Upon deletion, we will remove or anonymize your personal information, subject to legal retention requirements
• Some data may be retained in backups for a limited period

Marketing Communications

• You can opt out of promotional communications by adjusting your notification settings
• Operational communications (e.g., service announcements) cannot be opted out while maintaining an active account

Children's Privacy

FlightRecord is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it removed.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using our Services, you consent to the transfer of your information to our servers and third-party service providers, wherever located.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about the personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us using the information provided below.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

• Right to Access: Obtain confirmation of data processing and access to your personal data
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Restrict processing of your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

Our legal basis for processing your data includes:

• Contract Performance: Processing necessary to provide the service you requested
• Consent: Processing based on your explicit consent (e.g., location data, document uploads)
• Legitimate Interests: Processing necessary for our legitimate business interests
• Legal Obligation: Processing required by law (e.g., aviation safety regulations)

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted in the application and on our website. The "Last Updated" date at the top will be revised. We encourage you to review this Privacy Policy periodically.

For material changes that significantly affect your rights, we will provide prominent notice in the application or via email.

---

By using FlightRecord, you acknowledge that you have read and understood this Privacy Policy.