Privacy Policy

Last updated: June 14, 2026

Draft pending review. Bracketed placeholders (legal entity, state, address) will be completed before public launch.

1. Introduction & Scope

SkyReady Aviator (“SkyReady,” “we,” “us,” or “our”) is a mobile application that helps pilots maintain a digital logbook, track currency and proficiency, assess flight readiness, and get answers from an AI flight assistant (“Copilot”). This Privacy Policy explains what information the SkyReady Aviator app and its supporting cloud services (together, the “Services”) collect, how we use and share it, and the choices and rights you have.

The Services are operated by [LLC LEGAL NAME], a limited liability company organized in [STATE], United States.

Who this policy is for. The Services are intended for users located in the United States. We do not target or market the Services to residents of the European Union, the United Kingdom, or other regions, and this policy is written to reflect U.S. privacy law. If you are located outside the United States, please do not use the Services.

This policy applies to the SkyReady Aviator mobile app on iOS and Android and the cloud services that support it. It does not apply to third-party services we integrate with (for example, the app store you downloaded the app from, or your payment provider), which have their own privacy policies.

By creating an account or using the Services, you agree to the practices described in this policy.

2. Information We Collect

We collect only what we need to operate the Services. Most of your flight data lives on your device first and is synced to our cloud only to back it up and make it available across your devices (see Section 5). The categories below describe everything we collect.

Account & Identity

When you create an account we collect your email address, a password (stored only in hashed form by our authentication provider, AWS Cognito — we never see your plain-text password), and your name. If you enable multi-factor authentication, we store your MFA configuration. We assign you an internal account identifier used throughout the Services.

Location Data (precise GPS)

The in-app weather advisory map can use your device’s precise GPS location to show your position on the map, center the map on you, and help you view weather near your current location.

Location is used only while you are actively using the app (foreground only). We do not access your location in the background.
Your GPS coordinates are used only on your device to display the map. They are never transmitted to our servers, never stored, never synced, and never shared with anyone.
You control this through your device’s standard location permission, which you can grant or deny at any time. If you deny it, the rest of the app works normally; the map simply won’t center on you.

Apart from this map feature, you enter the airports and routes you care about manually (as airport identifiers); we do not derive them from your location.

Pilot Credentials & FAA Verification

To tailor currency and eligibility calculations to you, we collect details about your airman credentials: your certificate type and ratings, certificate/license number, and — if you are a flight instructor — your instructor certificate type(s), number, and expiration, along with a flag indicating instructor status and an auto-generated invite code used to link you with students. To help confirm these details, we may match the information you provide against the public FAA Airmen Releasable Database and store the resulting verification status.

Medical & Health Information

Because medical currency is central to flight eligibility, we collect your medical certificate class and date (and BasicMed course/exam dates if applicable) and your date of birth. We treat this information as sensitive and use it only to calculate your medical currency and eligibility.

Flight Logbook & Aircraft Data

The core of the app. We store the logbook entries you create — including flight dates, aircraft tail number and route, flight-time categories (e.g., total, PIC, SIC, dual, night, cross-country, instrument), takeoffs and landings, Hobbs/Tach and block times, approaches and holds, your remarks and notes, instruction details, and any signatures captured on an entry. We also store the aircraft you fly (make/model, class/category, equipment attributes) and an optional prior-hours baseline you enter so totals carry over from a previous logbook.

Training Relationships (Instructor ↔ Student)

If you use SkyReady’s instructor/student features, we store the links between instructors and students, signature requests for dual-instruction flights, and limited profile details each party agrees to share (such as name and certificate type). For dual-instruction flights, an instructor may keep their own copy of the training record (see retention details in Section 8).

Flight-Readiness Data

To support pre-flight readiness checks, we store your personal minimums profiles, your planned missions and their route airports (entered as airport identifiers), the readiness assessments generated for them, and periodic proficiency snapshots computed from your logbook.

AI Copilot Conversations & Uploaded Documents

When you use Copilot, we store your conversations and messages so you can return to them. If you upload an aircraft document (such as a Pilot Operating Handbook), we store that document and its extracted text so Copilot can reference it. Section 4 explains exactly what is sent to our AI provider when you ask a question.

Preferences & Settings

We store your app preferences — for example units, default airport, notification settings and alert thresholds, and saved airports.

Device, Technical & Analytics Data

To keep the app reliable and understand how it’s used, we and our analytics/diagnostics providers collect technical data such as app version, operating system, device type, a device/installation identifier, and crash reports and usage events (for example, which screens are viewed and which features are used). We configure these tools to filter out personal and sensitive content (such as your name, email, logbook remarks, signatures, and Copilot content) before it leaves your device. See Section 7 for the specific providers.

Support Communications

If you contact support or submit feedback, we collect the message you send and any screenshots or attachments you choose to include, so we can help you.

Subscription & Payment Data

SkyReady offers paid subscriptions. Purchases are processed by the app stores and our subscription provider, RevenueCat — we never receive or store your full payment card details. We do receive and store your subscription status and entitlements (for example, whether you have an active subscription or trial) and related purchase events.

What We Do NOT Collect or Do

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
We do not run third-party advertising or ad-tracking SDKs in the app.
We do not transmit, store, or track your GPS location (it stays on your device for the map, as described above).
We do not use your data — including Copilot conversations — to train AI models (see Section 4).

3. How We Use Your Information

We use the information described above to:

Provide and operate the Services — maintain your logbook, aircraft, and preferences; calculate currency, proficiency, and eligibility; generate flight-readiness assessments; and power the Copilot assistant.
Create and secure your account — authenticate you, enable multi-factor authentication, and protect against fraud and unauthorized access.
Sync and back up your data across your devices (see Section 5).
Verify pilot credentials by matching the details you provide against the public FAA Airmen Releasable Database.
Enable instructor/student features — link instructors and students, route signature requests, and share the limited profile details each party agrees to share.
Process your subscription — confirm your purchases and entitlements through the app stores and our subscription provider.
Communicate with you about the Services (transactional messages) — for example, email confirmations, password resets, account-deletion confirmations, instructor invitations, security notices, and responses to your support requests. You cannot opt out of these because they are necessary to operate your account.
Send marketing communications — with your consent where required, we may send promotional emails such as product news, tips, and feature announcements. You can opt out at any time using the unsubscribe link in those emails or by contacting us; opting out of marketing does not affect transactional messages. See Section 9. Our marketing emails may contain standard open- and click-tracking (small pixels and tagged links) that tell us whether an email was opened or a link was clicked, so we can measure and improve our communications. Unsubscribing stops these emails and their tracking.
Create aggregated and de-identified data — we may aggregate or de-identify information so it no longer identifies you and use it to understand usage, improve the Services, and for general analytics. We will maintain de-identified data in de-identified form and will not attempt to re-identify it except as permitted by law.
Provide customer support and respond to your feedback.
Maintain, improve, and debug the Services using analytics and crash-diagnostic data, which we configure to exclude personal and sensitive content (see Sections 2 and 7).
Comply with the law and protect rights and safety — to meet legal obligations, enforce our terms, and protect our users, the public, and our Services.

We do not use your information for purposes that are incompatible with those listed here without telling you first.

4. AI Features (Copilot)

Copilot is an optional, subscription-gated AI assistant that answers aviation and pilot-readiness questions. We want to be transparent about how it handles your data.

What is sent when you ask a question. To answer accurately, Copilot assembles a focused set of context for your question and sends it to our AI provider. This may include:

your question and the recent messages in that conversation;
a limited slice of your pilot profile (such as your home airport, certificate type and ratings, primary aircraft, medical certificate class/expiration, and instructor status);
a small, recent excerpt of your logbook and your computed currency, eligibility, and personal-minimums status, when relevant to the question;
your upcoming missions and relevant weather for the airports in your question; and
text extracted from an aircraft document (such as a Pilot Operating Handbook) only if you uploaded one.

Who processes it. This context is processed by Amazon Web Services (AWS) Bedrock using Anthropic’s Claude models, within our AWS environment.

No training, no provider retention. Your Copilot data is used only to generate a response to you. It is not used to train AI models, and it is not retained by the AI model provider after your request is processed. We do not sell or share Copilot content for advertising.

Where your conversations live. Your Copilot conversations and any documents you upload are stored on your device and, if you are signed in, synced to your account so you can access them across devices (see Section 5). You can delete individual conversations, and deleting your account removes them (see Sections 8 and 9).

A note on accuracy. Copilot is an aid, not an authoritative source. It can make mistakes, and it does not replace official FAA materials, current weather briefings, approved aircraft documentation, or your own judgment and responsibilities as pilot in command. Always verify safety-critical information against authoritative sources.

5. How Your Data Is Stored & Synced

SkyReady is built offline-first. Your logbook and most of your data are created and stored on your device first, so the app works without a connection. When you are signed in and online, your data is synced to your SkyReady account in the cloud so it is backed up and available across your devices.

Where it’s stored. Our cloud services run on Amazon Web Services (AWS) in the United States. We do not store your data outside the United States.
On-device data. Data on your device (including your local logbook database, cached content, and Copilot conversations) stays under your control; removing the app from your device removes the local copy, though synced data remains in your account until deleted (see Section 8).
Encryption. Your data is encrypted in transit (TLS/HTTPS) between the app and our services, and at rest in our cloud storage.
What is not synced. Your device’s GPS location is never synced — it is used only locally for the map (see Section 2).

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only in the limited circumstances below.

Service providers. We share information with vendors who process it on our behalf to run the Services — for example cloud hosting, our AI provider, authentication, subscription management, analytics, crash diagnostics, and email delivery. They are permitted to use the information only to provide services to us. See Section 7 for the list.
Instructors and students you connect with. If you use the instructor/student features, we share the relevant information with the people you choose to connect with — for example, a student’s flight entry submitted to their instructor for signature, and the limited profile details each party agrees to share. You control these connections.
For legal reasons and safety. We may disclose information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is reasonably necessary to enforce our terms, prevent fraud or abuse, or protect the rights, property, or safety of our users, the public, or SkyReady.
Business transfers. If SkyReady is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
With your consent. We may share information for other purposes with your direction or consent.

We may also share aggregated or de-identified data that does not identify you.

7. Third-Party Services

We rely on the following third parties to provide the Services. Each receives only the data needed for its function, and we configure our analytics and diagnostics tools to exclude personal and sensitive content.

Provider	Role	Information involved
Amazon Web Services (AWS)	Cloud infrastructure (hosting, database, authentication, storage, email delivery)	All account and synced app data; account emails
AWS Bedrock + Anthropic (Claude)	AI model that powers Copilot	Your Copilot query and the limited context described in Section 4. Not used to train models; not retained by the provider
RevenueCat	Subscription / purchase management	Subscription status, entitlements, purchase events, a device/installation identifier. No full payment-card details
Apple App Store / Google Play	App distribution and payment processing	Your purchase transactions (handled under their own policies)
PostHog	Product analytics	Filtered usage events and a device/installation identifier (no name, email, logbook content, or location)
Sentry	Crash and error diagnostics	Filtered crash/error reports tied to an internal account identifier (no personal or sensitive content)
Apple Push Notification service / Firebase Cloud Messaging	Delivery capability for notifications	A push token used to enable notifications on your device

These providers act as our service providers/processors and are contractually limited to using your information to provide services to us. Their own handling of data is governed by their respective privacy policies.

We also retrieve public aviation data (such as weather from aviationweather.gov and FAA aircraft/airman records) to power features. We do not send your personal information to these public sources; we only download public data.

8. Data Retention

We keep your personal information for as long as your account is active and as needed to provide the Services. When you delete your account, or when information is no longer needed, we delete or de-identify it, subject to the following:

Account deletion grace period. When you request account deletion, we begin a staged process: your account is first deactivated and then permanently deleted after a grace period (approximately 30 days), during which you can cancel the request.
Residual copies. After deletion, limited copies may persist for a short time in routine encrypted backups and where we must retain information to comply with law, resolve disputes, or enforce our agreements. These copies are deleted or overwritten on our normal cycles.
Instructor training records. When an instructor provides dual instruction, the instructor retains their own copy of that training record. Because flight instructors are required by regulation to keep instruction and endorsement records (e.g., FAR 61.189), an instructor’s copy of a dual-instruction entry may be retained even if the student later deletes their account.
Limited-life data. Some items expire automatically — for example, generated data exports are deleted after about 7 days and support attachments after about 30 days.
Diagnostic/operational logs are retained for a limited period for security and reliability.
De-identified and aggregated data may be retained indefinitely.

You can request a copy of your data or deletion at any time (see Section 9).

9. Your Rights & Choices

You have choices about your information, and we honor the privacy rights described below for all U.S. users.

Access, export, correction, and deletion

Export / access. You can request and download a copy of your data from within the app.
Correction. You can edit most of your information directly in the app, or ask us to correct it.
Deletion. You can delete your account (and the data associated with it) from within the app, subject to the retention exceptions in Section 8.

Communications choices

Marketing email. You can unsubscribe from promotional emails at any time using the link in those emails or by contacting us. This does not stop transactional account emails.
Push notifications. You can turn notifications on or off in your device settings and in the app’s settings.

How to exercise your rights

You can use the in-app tools above, or contact us at privacy@skyready.app. We may need to verify your identity before acting on a request, and you may use an authorized agent to submit a request on your behalf. We will respond within the time required by law (generally 45 days, extendable where permitted). We will not discriminate against you for exercising your privacy rights.

We do not sell your personal information and we do not share it for cross-context behavioral advertising — so there is nothing to opt out of in that respect. We also honor recognized opt-out preference signals, such as the Global Privacy Control (GPC), where applicable.

Sensitive personal information

Some information we handle is considered “sensitive personal information” under California law — specifically your account log-in credentials, health/medical information (medical certificate details and date of birth), and precise geolocation (which, as described in Section 2, stays on your device and is not collected by us). We use sensitive personal information only for purposes permitted by law — to provide and secure the Services and to perform the calculations you ask for. We do not use or disclose it to infer characteristics about you, so the right to limit the use of sensitive personal information does not apply; nonetheless, you may contact us with any questions.

California “Shine the Light”

California residents may request information about disclosures of personal information to third parties for those parties’ direct marketing purposes. We do not share personal information with third parties for their own direct marketing, so there is nothing to disclose.

Categories of personal information (CCPA notice)

In the past 12 months we have collected the following categories of personal information. We do not sell or “share” any of these categories.

CCPA category	Examples we collect	Sources	Business purpose	Disclosed to
Identifiers	Name, email, account ID, device/installation ID	You; your device	Create/operate account; security	Service providers
Customer records	Name, contact details	You	Account, support, communications	Service providers
Commercial information	Subscription status, purchase/entitlement records	You; RevenueCat; app stores	Process and manage subscriptions	Service providers
Internet/network activity	App usage events, crash/diagnostic data	Your device	Improve, secure, and debug the Services	Analytics/diagnostics providers
Geolocation	Precise location used on-device only; not collected or stored by us	Your device	Display the in-app map (local only)	No one (stays on device)
Professional information	Pilot/instructor certificates, ratings, verification status	You; public FAA databases	Currency/eligibility features	Service providers
Audio/visual	Support screenshots/attachments; entry signatures	You	Support; logbook records	Service providers
Health information (sensitive)	Medical certificate class/date, BasicMed dates, date of birth	You	Medical-currency/eligibility calculations	Service providers
Account credentials (sensitive)	Password (hashed), MFA settings	You	Authentication and security	Service providers
Inferences	Currency, proficiency, and readiness calculations	Derived from your data	Provide the core features	Service providers

10. Data Security

We use technical and organizational measures designed to protect your information, including encryption in transit and at rest, hashed passwords, optional multi-factor authentication, and access controls that limit who can access data. If we become aware of a data breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Please help protect your account by using a strong, unique password and keeping it confidential.

11. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, please contact us at privacy@skyready.app and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date above and, for material changes, provide a more prominent notice (such as an in-app or email notice) as required by law. Your continued use of the Services after an update means you accept the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or your information, contact us at:

[LLC LEGAL NAME] Email: privacy@skyready.app [MAILING ADDRESS]