Privacy Policy - PilotFiles

1. Introduction

This Privacy Policy explains how Pilot Files ("we," "us," or "our"), operated from British Columbia, Canada, collects, uses, discloses, and protects your personal information in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia's Personal Information Protection Act (PIPA), and other applicable privacy laws.

Our services are primarily intended for Canadian users but may be available to international users. Data is hosted on Digital Ocean servers located in the United States.

By using our Service or Flytimer, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy, including the transfer of data to the United States for hosting purposes.

2. Information We Collect

2.1 Information You Provide Directly

Company Account Information:

Company name
Company address
Company phone number
Company email address
Primary contact name

User Account Information:

Name of user who signed up
Email address
Phone number (optional)

Payment Information:

Processed and stored exclusively by Stripe, Inc.
We never receive or store complete credit card information
We receive only confirmation of payment status from Stripe

Flight Data (from Flytimer):

Flight times and dates
Aircraft registration and type
Flight duty periods
Pilot names (when connected to company accounts)
Flight routes and destinations (if entered)

Note: Flytimer can operate completely independently without sharing any data with Pilot Files. Data is only transmitted to Pilot Files when a pilot explicitly connects their Flytimer account to a company account.

2.2 Information Collected Automatically

Technical Information:

IP address
Browser type and version
Device information
Operating system
Access times and dates
Pages viewed
Referring website addresses

Usage Data:

Features used
Time spent on the Service
Interaction patterns
Error logs
Performance data

2.3 Information from Third Parties

Flytimer Integration: Flight data synced from the Flytimer mobile app, user account linkages
Third-Party Services: Payment processing information, accounting software data (when integrated)

3. How We Use Your Information

3.1 Service Provision

To create and manage your account
To provide flight duty time monitoring services
To facilitate data sharing between pilots and companies
To integrate with accounting software
To process payments
To provide customer support

3.2 Communication

To send service-related notifications
To respond to your inquiries
To send account updates and security alerts
To provide subscription and billing information

3.3 Service Improvement

To analyze usage patterns and improve the Service
To develop new features
To troubleshoot technical issues
To conduct research and analysis

3.4 Legal Compliance

To comply with applicable laws and regulations
To respond to legal requests and prevent fraud
To enforce our Terms of Service
To protect our rights and property

3.5 Marketing (With Consent)

To send promotional materials and updates (you may opt out at any time)
To inform you about new features or services

4. Legal Basis for Processing (PIPEDA Principles)

We process personal information based on:

Consent: You provide consent when creating an account and using the Service
Contractual Necessity: Processing is necessary to fulfill our service agreement
Legal Obligations: Processing required to comply with Canadian laws and aviation regulations
Legitimate Interests: Processing necessary for business operations, fraud prevention, and service improvement

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Within the Service

Company-Pilot Sharing: Pilots who connect to company accounts share flight data with their employers
Authorized Users: Information shared with authorized users within your company account

5.2 Service Providers

We share information with the following third-party service providers:

Payment Processing:

Stripe, Inc. processes all payment transactions
Stripe receives billing information and payment details
We never receive complete credit card information
Stripe's privacy policy applies: https://stripe.com/privacy

Hosting Services:

Digital Ocean hosts our infrastructure in the United States
All data stored in Pilot Files is hosted on Digital Ocean servers
Data is transferred from Canada to the United States for hosting

5.3 Legal Requirements

We may disclose information when required to:

Comply with law, regulation, or legal process
Respond to government requests
Enforce our Terms of Service
Protect our rights, privacy, safety, or property
Prevent fraud or security issues

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information:

Encryption in transit (HTTPS/TLS)
Encryption at rest for sensitive data
Secure authentication mechanisms
Regular security audits and updates
Access controls and authentication
Firewall protection
Intrusion detection systems

6.2 Payment Security

All payment processing is handled exclusively by Stripe, Inc., a PCI-DSS Level 1 certified payment processor
We never receive, process, or store complete credit card numbers, CVV codes, or other sensitive payment information
Stripe maintains PCI-DSS compliance and industry-standard security for all payment data
We receive only payment confirmation and basic billing information from Stripe

6.3 Your Responsibilities

Keep your account credentials confidential
Use strong passwords
Log out from shared devices
Notify us immediately of any unauthorized access

6.4 No Guarantee

While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of your information.

7. Data Retention

7.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide the Service.

7.2 Closed Accounts

After account closure:

We retain certain information for 90 days to allow for account recovery
We retain information as required by law or for legitimate business purposes (e.g., dispute resolution, tax compliance)
Aviation-related records may be retained for 7 years to comply with regulatory requirements

7.3 Deletion

Upon request or after retention periods expire, we will delete or anonymize your personal information unless:

Legal obligations require retention
Information is needed for ongoing disputes
You have outstanding debt obligations

8. Your Privacy Rights

Under PIPEDA and applicable provincial privacy laws, you have the following rights:

8.1 Access

Request access to your personal information
Receive information about how we use and share your data

8.2 Correction

Request correction of inaccurate or incomplete information
Update your account information directly through the Service

8.3 Deletion

Request deletion of your personal information through your account settings or by contacting us
We will process deletion requests within 30 days
Some information may be retained where required by law (e.g., aviation records for regulatory compliance)
After deletion, data cannot be recovered

8.4 Data Portability and Export

Download all of your data at any time through your account settings
Data is provided in commonly used formats (CSV, JSON, or PDF)
We send monthly email reminders encouraging you to download and backup your data
You have 90 days after account closure to request a final data export

8.5 Withdrawal of Consent

Withdraw consent for marketing communications
Object to certain processing activities
Note: Withdrawing consent may limit your ability to use the Service

8.6 Complaints

File a complaint with the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

8.7 How to Exercise Your Rights

9. Cookies and Tracking Technologies

9.1 What We Use

Essential Cookies: Required for the Service to function (authentication, security)
Analytics Cookies: Help us understand how users interact with the Service
Preference Cookies: Remember your settings and preferences

9.2 Your Choices

Most browsers allow you to control cookies through settings
Blocking essential cookies may prevent you from using certain features

9.3 Do Not Track

We do not currently respond to Do Not Track (DNT) signals.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

12. International Data Transfers

12.1 United States Hosting

All data is hosted on Digital Ocean servers located in the United States
By using the Service, you explicitly consent to your information being transferred to, stored, and processed in the United States
The United States may have different data protection laws than Canada

12.2 Cross-Border Transfer Safeguards

Digital Ocean maintains security standards and practices to protect your data
We implement contractual safeguards with our hosting provider
Data in transit is encrypted using industry-standard protocols (TLS/HTTPS)

12.3 International Users

While the Service primarily targets Canadian companies, it may be accessible internationally
If you access the Service from outside Canada, your data will be transferred to and processed in the United States
You are responsible for compliance with local laws regarding data transfers

13. Changes to This Privacy Policy

13.1 Modifications

We may update this Privacy Policy from time to time
Material changes will be communicated via email or through the Service
Continued use after changes constitutes acceptance

13.2 Review

We encourage you to review this Privacy Policy periodically.

13.3 Version History

Previous versions are available upon request.

14. Aviation-Specific Privacy Considerations

14.1 Flytimer Independence

Flytimer is a free iOS application available through the Apple App Store
Flytimer can be used completely independently without creating a Pilot Files account
When used independently, Flytimer data remains on your device and in your personal iCloud account (if you use iCloud sync)
No flight data is transmitted to Pilot Files unless you explicitly connect your Flytimer account to a company's Pilot Files account

14.2 Pilot-Company Data Sharing

Pilot flight time data is only shared with companies when pilots explicitly connect their Flytimer account using a company connection code
Companies have access to pilot data only when pilots authorize the connection
Pilots can disconnect from company accounts at any time through Flytimer or Pilot Files
Upon disconnection, no new data is shared, but previously shared data remains in the company's Pilot Files account

14.3 Regulatory Compliance

Certain flight data may need to be retained for regulatory compliance under Canadian Aviation Regulations (CARs)
Aviation records may be subject to inspection by Transport Canada or other regulatory authorities
We may be legally required to preserve certain records for up to 7 years

14.4 Data Accuracy Disclaimer

Pilot Files and Flytimer are tools for guidance only
We do not guarantee the accuracy of any flight data, calculations, or duty time tracking
Users are responsible for verifying all information for regulatory compliance

15. Contact Information

15.1 Privacy Questions

Privacy Officer

Email: support@pilotfiles.com

Address: Surrey, British Columbia, Canada

15.2 Privacy Complaints

If you believe we have violated your privacy rights:

Contact us at support@pilotfiles.com
We will investigate and respond within 30 days
If unsatisfied, you may file a complaint with:

Office of the Privacy Commissioner of Canada

30 Victoria Street
Gatineau, Quebec K1A 1H3

Toll-free: 1-800-282-1376

Website: www.priv.gc.ca

Office of the Information and Privacy Commissioner for British Columbia

PO Box 9038, Stn. Prov. Govt.
Victoria, BC V8W 9A4

Toll-free (BC only): 1-800-663-7867

Website: www.oipc.bc.ca

16. Consent

By using Pilot Files or Flytimer, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein, including:

Transfer of data to Digital Ocean servers in the United States
Processing by Stripe for payment services
Sharing of Flytimer data with Pilot Files (only when you explicitly connect accounts)

For company accounts, you confirm that you have authority to provide consent on behalf of your organization and its employees/pilots using the Service.

Effective Date: January 16, 2026

This Privacy Policy is compliant with PIPEDA, British Columbia's Personal Information Protection Act (PIPA), and applicable Canadian federal and provincial privacy legislation.