Privacy Policy - PilotPeak

1. Introduction

PilotPeak ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the PilotPeak mobile application (the "App") and related services (collectively, the "Service").

By using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

IMPORTANT: PilotPeak is designed with privacy as a core principle. The majority of data processing occurs on your device, and your health data never leaves your device unless you explicitly enable optional cloud synchronization features.

2. Information We Collect

2.1 Information You Provide

Account Information: If you create an account or subscribe to Pro features, we may collect email address, payment information (processed securely through Apple's payment systems), and subscription preferences.
Profile Information: Optional information such as pilot license number, certificate type, ratings, medical class, and company information that you choose to provide.
Flight Data: Flight logs, duty times, roster information, and other operational data that you manually enter or scan using the App.

2.2 Information from Apple HealthKit

With your explicit permission, the App accesses health and fitness data from Apple HealthKit, including but not limited to:

Heart rate and heart rate variability (HRV)
Sleep data and sleep analysis
Activity data and active energy
Mindful session data
Other health metrics you authorize

CRITICAL: All HealthKit data is processed entirely on your device using Core ML. This data is NEVER transmitted to our servers, third parties, or cloud services unless you explicitly enable optional CloudKit synchronization.

2.3 Automatically Collected Information

Device Information: Device type, operating system version, app version, and device identifiers (processed locally)
Usage Data: App features used, frequency of use, and crash reports (anonymized and aggregated)
Analytics Data: Anonymized usage statistics to improve app performance (no personal identification possible)

3. How We Use Your Information

We use the information we collect solely for the following purposes:

Service Provision: To provide, maintain, and improve the App's fatigue prediction and logbook features
On-Device Processing: To run Core ML algorithms locally on your device for fatigue prediction and risk assessment
Account Management: To manage your account, process subscriptions, and provide customer support
Legal Compliance: To comply with applicable laws, regulations, and legal processes
Service Improvement: To analyze anonymized, aggregated usage data to improve app functionality and user experience

WE DO NOT: Sell your personal data, use your data for advertising purposes, share your health data with third parties, or use your data for any purpose other than providing the Service.

4. Data Storage and Security

4.1 On-Device Storage

The majority of your data, including all HealthKit data and flight logs, is stored locally on your device using iOS secure storage mechanisms. This data is encrypted at rest using iOS's built-in encryption.

4.2 Optional CloudKit Synchronization

If you enable optional CloudKit synchronization (Pro feature), your data is synchronized across your devices using Apple's CloudKit service. CloudKit data is:

Encrypted in transit using TLS
Encrypted at rest on Apple's servers
Subject to Apple's Privacy Policy and Terms of Service
Accessible only by you through your Apple ID

We do not have access to your CloudKit data. Only you can access it through your authenticated Apple devices.

4.3 Security Measures

End-to-end encryption for all sensitive data
On-device processing for all health data analysis
Secure authentication through Apple's systems
Regular security audits and updates
Compliance with industry-standard security practices

5. Data Sharing and Disclosure

We are committed to protecting your privacy. We do NOT share, sell, rent, or disclose your personal information except in the following limited circumstances:

5.1 Service Providers

We may use third-party service providers to assist with:

Apple Inc.: Payment processing (App Store), CloudKit synchronization (if enabled), and analytics (anonymized only)
Analytics Providers: Anonymized, aggregated usage statistics only (no personal identification)

All service providers are contractually obligated to protect your data and use it solely for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights, property, or safety
Prevent fraud or security threats
Respond to government requests

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

NEVER SHARED: Your health data, biometric information, flight logs, and personal pilot information are NEVER shared with third parties for advertising, marketing, or commercial purposes.

6. Your Rights and Choices

6.1 Access and Correction

You can access, review, and correct your personal information directly within the App settings. You can also export your data in PDF or CSV format.

6.2 Data Deletion

You can delete your account and all associated data at any time through the App settings. Deletion is permanent and cannot be undone. We will delete your data within 30 days of your request, except where we are required to retain it by law.

6.3 HealthKit Permissions

You can revoke HealthKit access at any time through iOS Settings > Privacy & Security > Health > PilotPeak. Revoking access will disable fatigue prediction features that depend on health data.

6.4 CloudKit Synchronization

You can disable CloudKit synchronization at any time through the App settings. Disabling sync will stop data synchronization but will not delete data already stored in CloudKit.

6.5 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing of your data
Right to Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at the address provided in Section 10.

6.6 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your privacy rights

7. Children's Privacy

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will delete such information promptly.

8. International Data Transfers

If you use the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where we or our service providers operate. By using the Service, you consent to the transfer of your information to these jurisdictions.

We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws, including GDPR for EEA users.

9. Data Retention

We retain your personal information only for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Active Accounts: Data is retained while your account is active
Deleted Accounts: Data is deleted within 30 days of account deletion, except where retention is required by law
Legal Requirements: We may retain certain data to comply with legal obligations, resolve disputes, or enforce agreements

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting the updated Privacy Policy on this page with a new "Last Updated" date
Providing in-app notification for significant changes
Sending email notification to registered users (if applicable)

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using the Service and delete your account.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

PilotPeak Privacy Team
Email: privacy@pilotpeak.app
Website: pilotpeak.app

We will respond to your inquiry within 30 days.

12. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of [Jurisdiction], without regard to its conflict of law provisions. Any disputes arising from or relating to this Privacy Policy or the Service shall be subject to the exclusive jurisdiction of the courts of [Jurisdiction].

Notwithstanding the foregoing, if you are located in the EEA, you may also have the right to lodge a complaint with your local data protection authority.