Pilot Logbook
Start free
Legal

Privacy Policy

Last updated: 17 April 2026

Summary in plain English: We store your flight data so you can use the service. We host it in the UK. We never train AI on it. We never sell it. You can export everything at any time, for any reason, for free. When you delete your account, we delete your data.

Who we are

Pilot Logbook is operated by Pilot Logbook Ltd (the "Controller"). You can reach us at privacy@pilotlogbook.app.

What personal data we process

  • Account data: email address, hashed password, email verification status.
  • Logbook data: flights, simulator entries, aircraft, licences, endorsements, currency status, and anything else you choose to log.
  • Technical data: IP addresses and request logs kept for 30 days for security and abuse prevention. Your IP address and browser user-agent at account registration may also be retained for abuse investigation purposes.
  • Operator access log: a record of every action taken on your account by the service operator (for example, if your account is reviewed, suspended, or deleted by us). This log is retained for 12 months and is never used for any purpose other than accountability and security.

Lawful basis for processing (UK and EU GDPR)

  • Performance of a contract (Art. 6(1)(b)): we process your account and logbook data to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): we process the following data on the basis of legitimate interests:
    • Request logs (30 days): to detect abuse, debug errors, and protect the service.
    • Operator access to aggregate account statistics (total flights, hours, and similar counts — never individual logbook entries): to monitor service health, respond to support requests, and investigate potential abuse. We have conducted a Legitimate Interests Assessment confirming this is the minimum necessary for these purposes and does not override your rights.
    • Operator access log: to maintain accountability for any actions taken on your account by the service operator, and to demonstrate compliance with UK GDPR Art. 5(2).

Special category data (health information)

If you choose to record medical certificate details (class, expiry date), this is health data under UK GDPR Art. 9 — a special category requiring additional protection. We process it only:

  • On the basis of your explicit consent (Art. 9(2)(a)): you must actively tick a consent checkbox before we store any medical information. You can withdraw this consent at any time by removing your medical data from the medical section of your profile. Withdrawing consent does not affect the lawfulness of processing before withdrawal, and does not affect your account or other logbook data.

How long we keep data

For as long as your account is active. When you delete your account — whether by your own action or initiated by the service operator — your personal data and logbook entries are deleted from our production database within 14 days of the deletion request. Backups expire on a rolling 30-day window. The operator access log for your account is retained for 12 months regardless of account deletion, as it is an accountability record rather than your personal logbook data.

Where your data is stored

Your logbook data and account information are stored in the United Kingdom on AWS infrastructure (eu-west-2, London region). Transactional email (account verification, password reset) is sent via Amazon SES; delivery routing is subject to AWS's Data Processing Agreement and may traverse infrastructure outside the UK, though your stored data remains in the UK.

Sub-processors

We use a small number of sub-processors to operate the service:

  • Amazon Web Services (AWS): cloud hosting, database, backups — UK region (eu-west-2).
  • Amazon SES: transactional email delivery — subject to AWS Data Processing Agreement.
  • Google Analytics 4 (Google LLC): website analytics — page views and feature engagement only. Data is transferred to Google's servers (US) under the EU–US Data Privacy Framework and Google's Data Processing Agreement. We use GA4 Consent Mode v2; no analytics data is collected until you accept cookies. We do not enable advertising features, remarketing, or User-ID linking.

We do not use advertising networks, AI-training services, or any tracking beyond Google Analytics.

Cookies

The authenticated application sets a single HTTP-only, secure, SameSite=Strict cookie (logbook_access) containing a JWT session token. This cookie is strictly necessary to provide the service and does not require prior consent under PECR.

Google Analytics sets cookies (_ga, _ga_*) only if you accept our cookie notice. You can change your choice at any time by clearing your browser cookies or by contacting us.

Your rights

Under UK and EU GDPR you have the right to:

  • Access your personal data and receive a copy of it — including any entry in the operator access log that relates to your account
  • Correct inaccurate data
  • Delete your account and all associated data (self-service, or you may request deletion by emailing us)
  • Restrict or object to processing based on legitimate interests
  • Portable export in a common format (CSV and PDF)
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email privacy@pilotlogbook.app. We will acknowledge your request within 30 days.

Changes to this policy

If we change this policy, we will email every account holder at least 30 days before the change takes effect.

Note for launch: this policy is a draft and must be reviewed by a qualified legal professional before going live in production.