← Back to Home

Privacy Policy

Last Updated: January 2025

PLAIN ENGLISH SUMMARY

How We Handle Your Data

This section explains, in simple terms, how your information is handled when you use the app. The detailed legal privacy policy follows below.

What data you can add

  • Airports and runways
  • Navigation aids (NAVAIDs)
  • Custom surfaces (your own shapes/areas)
  • Custom criteria
  • Obstacles you want to check
  • Reports created from your work

Who can see your data

  • By default, only you can see what you add.
  • You can choose to share specific items with your team (using groups).
  • You can also mark an item as public if you want others to see it.
  • We always check who you are and what you're allowed to see before showing any data.

How your data is protected

  • You must be signed in to access data.
  • We check your access on the server (not just in the browser), so it can't be bypassed.
  • We limit how much can be created to prevent abuse and keep the service reliable.
  • For sensitive features (like sign-up), we can rate limit requests to block spam.
  • Admin actions can be recorded in an audit log for accountability.

Calculations are done on the server

  • When you evaluate obstacles or surfaces, the heavy lifting happens on our servers.
  • The logic we use is not exposed in your browser, which helps protect both your data and our algorithms.
  • We also set sensible limits on the size of what you send so evaluations run reliably.

Imports and limits

There are admin-set limits that control how much can be imported at once (for example, how many obstacles). If an import is too large, we trim it or ask you to reduce the size.

Where data lives and how it travels

  • Data is stored in our database and protected by the security features of our hosting provider.
  • All communication between your browser and our servers uses HTTPS encryption.

Privacy by default

  • Nothing is shared unless you choose to share it with a group or mark it as public.
  • We always apply these rules when you list or open any item.

What this means for you

  • You stay in control of who sees your data.
  • We protect access on the server side.
  • We keep evaluations and important logic on the server.
  • We use limits and logging to keep the service stable and secure.

If you have stricter requirements (e.g., data residency, retention, or custom approvals), let us know and we'll discuss options that align with your policies.

1. Introduction

AOI Web Pro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our aviation obstacle evaluation platform.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Required: Email address, password (encrypted), name
  • Optional: Organization, country, city, phone number, address
  • Automatically generated: User ID, account creation date, email verification status

2.2 Aviation Data

When you use our services, we store:

  • Airport and runway data
  • Navigation aid (navaid) information
  • Obstacle data and evaluations
  • Custom surface definitions
  • Analysis reports and results
  • Criteria and regulatory data

2.3 Payment Information

Payment processing is handled by Stripe. We do NOT store your credit card information. We only store:

  • Stripe customer ID (encrypted reference)
  • Subscription status and tier
  • Payment history (amounts, dates, status)
  • Invoice records

2.4 Usage Information

We automatically collect:

  • IP address (for security and rate limiting)
  • Login/logout timestamps
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Error logs and performance data

2.5 Communications

We collect information when you:

  • Contact us via email or contact form
  • Respond to our emails
  • Participate in surveys or feedback requests

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your account
  • Process and validate email verification
  • Provide aviation analysis and evaluation tools
  • Store and retrieve your aviation data
  • Generate reports and analysis results

3.2 Billing and Payments

  • Process subscription payments via Stripe
  • Manage trial periods and subscription tiers
  • Send payment confirmations and invoices
  • Handle refunds and cancellations

3.3 Security and Fraud Prevention

  • Implement rate limiting to prevent abuse
  • Detect and prevent unauthorized access
  • Verify user identity and email addresses
  • Monitor for suspicious activity

3.4 Communications

  • Send email verification links
  • Send welcome emails after verification
  • Send password reset links when requested
  • Notify you of account or security issues
  • Provide customer support
  • Send service updates (you can opt-out of marketing emails)

3.5 Improvement and Analytics

  • Analyze usage patterns to improve features
  • Monitor performance and fix bugs
  • Understand user needs and preferences

4. Data Storage and Security

4.1 Data Storage

  • Database: PostgreSQL
  • Passwords: Encrypted using bcrypt with 12 rounds
  • Sessions: JWT tokens with 30-day expiration
  • Email tokens: Crypto-secure random tokens (256-bit) with 24-hour expiration

4.2 Security Measures

  • HTTPS encryption for all data transmission
  • Rate limiting to prevent brute force attacks
  • Input validation and sanitization to prevent XSS attacks
  • Email verification requirement before platform access
  • Secure password requirements (8+ characters, mixed case, numbers, special chars)
  • Regular security audits and updates

4.3 Data Retention

  • Active accounts: Data retained while account is active
  • Deleted accounts: Personal data anonymized within 30 days
  • Financial records: Retained for 7 years for legal/tax compliance
  • Backups: Automated daily backups retained for 30 days

5. Third-Party Services

5.1 Stripe (Payment Processing)

All payment processing is handled by Stripe. Please review Stripe's Privacy Policy.

5.2 Resend (Email Service)

Transactional emails (verification, welcome, password reset) are sent via Resend. Please review Resend's Privacy Policy.

5.3 EmailJS (Contact Form)

Contact form submissions are processed via EmailJS. Please review EmailJS Privacy Policy.

5.4 Upstash Redis (Rate Limiting)

IP addresses and email hashes are temporarily stored in Upstash Redis for rate limiting (data expires within 1 hour).

6. Data Sharing and Disclosure

We do NOT sell your personal information.

We may share your information only in these situations:

  • With your consent: When you explicitly authorize sharing
  • Service providers: Third parties that help us operate (Stripe, Resend, EmailJS, hosting providers)
  • Legal requirements: When required by law, court order, or government request
  • Business transfers: In case of merger, acquisition, or sale of assets
  • Protection of rights: To prevent fraud, enforce our Terms, or protect safety

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

  • Access your personal data through your account dashboard
  • Request a copy of your data in a portable format
  • Export your aviation data at any time

7.2 Correction and Updates

You can:

  • Update your profile information in account settings
  • Change your password at any time

7.3 Deletion (Right to be Forgotten)

You can request:

  • Account deletion through by contacting us
  • Data anonymization (personal info removed, financial records preserved for compliance)
  • Complete data erasure after legal retention periods

7.4 Marketing Communications

You can:

  • Opt-out of marketing emails via unsubscribe links
  • Continue to receive essential service emails (verification, security alerts, receipts)

8. Cookies and Tracking

We use essential cookies for:

  • Authentication: Maintaining your login session (JWT tokens)
  • Preferences: Remembering your theme (dark/light mode)
  • Security: CSRF protection and rate limiting

We do NOT use third-party advertising or tracking cookies.

9. International Data Transfers

Your data may be transferred to and processed in countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

10. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours via email
  • Describe the nature of the breach and data affected
  • Provide steps to protect yourself
  • Notify relevant authorities as required by law

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via:

  • Email notification
  • Notice on our website
  • In-app notification

Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, requests, or concerns:

  • Email: support@aoiweb.pro
  • Contact Form: Available on our website

We will respond to privacy requests within 30 days.

Your Consent

By using AOI Web Pro, you consent to this Privacy Policy and our data practices. You have the right to withdraw consent at any time by deleting your account.