← Back to home

Privacy Policy (Pilot Logbook Pro)

Effective date: 2026-06-10

Applies to: Pilot Logbook Pro mobile apps (iOS/Android) and web app (collectively, the “App”)

This Privacy Policy explains how Pilot Logbook Pro (“we”, “us”, “our”) collects, uses, shares, and protects information when you use the App and related services (the “Services”).

If you do not agree with this Privacy Policy, do not use the Services.

1) Summary of what we collect

We collect: (a) account info for sign-in; (b) logbook and profile data you provide; (c) imports and connected sources you choose (files and calendar events); (d) operational data needed to run the Services (including local caches); (e) subscription and billing metadata if you subscribe (we do not store full payment card numbers); and (f) optional daily app-open counts per platform.

We do not sell your personal information.

2) Information we collect (detail)

A. Account and authentication

  • Email address
  • Authentication data via our auth provider (we do not store plaintext passwords)
  • When you create an account: a terms acceptance record (server timestamp, terms effective date/version, platform, and optional app version; on web, truncated browser user agent). If our backend audit endpoint is used, we may also store a server audit timestamp and the IP address observed at that time.

B. Profile information (optional/you control what you enter)

  • Name, airline, rank, licence nationality
  • Licences/ratings (issue/expiry dates), medical type/dates
  • Employers and dates, birthdate (optional)
  • Home base airport code (optional), avatar selection, profile photo (optional)

C. Logbook data

  • Flight details (date, aircraft, registration/tail, airports, times)
  • Crew fields and remarks you enter
  • Time categories, takeoffs/landings, instrument time and approaches
  • Mapping fields where available (e.g., airport coordinates)
  • Import/source metadata used for deduplication

D. Calendar data (only if you connect it)

  • Calendar list metadata and event fields needed for schedule import (summary/title, description/notes, location, start/end, time zone)
  • For Google Calendar, we may also retrieve your Google account email to show which account is connected

E. Files you choose to import

  • PDF/CSV/Excel contents you provide for import, processed to extract flight data

F. Contact/support messages (only if you send them)

  • Name, email, subject, and message contents

G. Location data

  • If you grant location permission, the App may access your approximate device location while map features are in use

H. Local storage and caches

  • Preferences and caches stored on-device (or in-browser on web) to improve performance and UX

I. Product usage telemetry (app opens)

  • A count of how many times per calendar day the App is opened, with platform (web, iOS, or Android), stored under your account for reliability and engagement insights

J. PQRM import diagnostics (block time check)

  • When importing an Air Canada PQRM logbook, minimal mismatch records (flight date, airport codes, timing delta) may be stored for administrator debugging—not full logbook rows

K. Subscriptions and billing

  • Stripe (web): Stripe collects payment card and billing details. We receive subscription status, customer/subscription IDs, plan IDs, trial flags, and renewal metadata—not full card numbers.
  • Apple / Google (mobile): In-app purchases are processed by the platform; we receive receipts/tokens and entitlement status after server validation.
  • We store tier, status, expiry, platform, product ID, and verification timestamps to provide paid features.

3) How we use information

  • Provide, operate, and maintain the Services (sign-in, sync, import/export)
  • Store/display your logbook and generate calculations you request
  • Import calendars you connect to generate draft flights when you initiate sync
  • Provide maps and route visualization
  • Respond to support requests you initiate
  • Improve reliability and security and prevent abuse
  • Process subscriptions, validate entitlements, and manage billing-related account status
  • Comply with legal obligations

4) Legal bases (where applicable)

Contract, consent (permissions), legitimate interests, and legal obligations, depending on jurisdiction

5) How we share information

  • With service providers/processors needed to run the Services (hosting, auth, database, storage, email delivery for contact, and Stripe for web subscription payments)
  • With third-party platforms you connect (e.g., Google Calendar) to retrieve data you request
  • With mobile app stores (Apple, Google) when you purchase subscriptions through in-app purchase

We do not sell personal information or share it for cross-context behavioral advertising.

6) Google API Services User Data Policy (Google Calendar “Limited Use”)

  • We request read-only calendar access (calendar.readonly) for schedule import.
  • We use Google Calendar data only to provide user-facing schedule import and draft-flight creation features.
  • We do not use Google Calendar data for advertising, profiling, or sale.
  • We store Google OAuth refresh tokens encrypted on our backend until you disconnect; disconnect deletes stored tokens.

Google user data: specific disclosures

If you connect Google Calendar, we process Google user data under the Google API Services User Data Policy, including Limited Use requirements.

What Google data we access: calendar read data required for schedule import (read-only scope) and your Google account email used to display connected account identity.

How we use Google data: only to provide and improve user-facing features in Pilot Logbook Pro (for example, schedule import and draft-flight generation).

What we do not do with Google data:

  • no sale of Google user data;
  • no use for advertising (including targeted, personalized, retargeted, or interest-based ads);
  • no transfer to data brokers or information resellers;
  • no use for credit-worthiness or lending decisions;
  • no use of Google user data to train generalized AI/ML models.

Human access restrictions: we do not allow human review of Google user data except when necessary for security, legal compliance, or when you explicitly ask us to investigate a support issue involving your data.

Scope minimization: we request only the minimum scopes needed for implemented features.

7) Data retention

We retain data while your account is active, and may retain limited information longer for security, compliance (including terms/privacy acceptance records where appropriate), and backups.

We retain data only as long as needed for the purposes described in this policy, unless a longer period is required by law:

  • Google OAuth refresh tokens: retained while your Google Calendar connection is active; deleted when you disconnect.
  • OAuth state/callback and security troubleshooting artifacts: retained up to 30 days.
  • Support/contact records: retained up to 24 months.
  • Backup/disaster-recovery copies: retained up to 35 days before overwrite/deletion.
  • Account/logbook/profile data: retained while your account remains active, unless you request deletion earlier.

Deletion requests:

Contact support@pilotlogbook-pro.com (identity verification may be required). After verification of account ownership, we process deletion requests within a reasonable operational window and remove data from active systems, then from backups on their normal backup lifecycle (up to 35 days).

8) Security

We use reasonable safeguards, but no system is perfectly secure. Keep your password confidential.

Data protection mechanisms for sensitive data

We implement administrative, technical, and organizational safeguards designed to protect sensitive data, including Google user data obtained through Google APIs.

  • Encryption in transit: All data transmitted between the app, users, and our backend services is encrypted using HTTPS/TLS.
  • Encryption at rest: Data stored in our managed cloud infrastructure is protected using industry-standard encryption-at-rest mechanisms provided by our cloud providers.
  • Token protection: Google OAuth tokens (including refresh tokens) are encrypted using Google Cloud Key Management Service (KMS) before storage. Tokens are decrypted only when required to perform authorized operations on behalf of the user.
  • Access controls: We enforce strict authentication and per-user authorization rules to ensure that users can only access their own data. Access to sensitive data is restricted to authorized services and personnel only.
  • Least privilege principle: System components and services are granted the minimum level of access required to perform their functions. Sensitive credentials and secrets are securely stored and never exposed in client-side code or source control.
  • Security monitoring and abuse prevention: We use logging, monitoring, and rate-limiting mechanisms to detect, prevent, and respond to unauthorized access attempts and abuse.
  • Connection lifecycle controls: When a user disconnects their Google Calendar account, all associated OAuth tokens and connection data are securely deleted.
  • Data retention and deletion: Sensitive data is retained only as long as necessary to provide the service. Users may request deletion of their data, and we process deletion requests within a reasonable timeframe. Backup data is retained only for operational recovery purposes and is automatically deleted after its retention period.
  • Incident response: In the event of a security incident, we take immediate steps to investigate, contain, and remediate the issue, and we provide notifications where required by applicable law.

While we take reasonable measures to protect data, no system can be guaranteed to be completely secure.

9) Your rights and choices

Depending on location, you may request access/correction/deletion and manage permissions in device settings. Contact support@pilotlogbook-pro.com.

10) Children’s privacy

Not directed to children under 13 (or the minimum age required by local law). If you believe a child has provided info, contact us to request deletion.

11) International transfers

Data may be processed in other countries where service providers operate, with safeguards where required.

12) Third-party links and services

Third-party services are governed by their own policies.

13) Changes

We may update this policy and will update the effective date. Where required, we will provide additional notice. If we materially change how we use Google user data, we will update disclosures and obtain any required consent before new use.

14) Contact

Email: support@pilotlogbook-pro.com
Support page: https://www.pilotlogbook-pro.com/support