Privacy Policy

We collect information you provide directly and information generated through your use of the FleetIQ platform. The categories of information we collect include:

Account Information

• —Name, email address, and password (stored as a secure hash)
• —Role within your organization (owner, admin, chief pilot, instructor, etc.)
• —Account creation date and last login time

Organization Information

• —Organization name, type (flight school, flying club, charter, corporate), and ICAO location
• —Timezone, contact email, and phone number
• —Team member names, email addresses, and assigned roles

Operational Data

• —Aircraft records: tail numbers, make, model, year, airframe time, and current Hobbs
• —Flight logs: dates, durations, pilot and instructor names, origin/destination, and flight type
• —Maintenance events: type, status, cost, vendor, labor hours, and notes
• —Squawks: descriptions, severity, category, status, and resolution notes
• —Inspections: type, due dates, due Hobbs, and status
• —Fuel entries: gallons, cost per gallon, total cost, and fuel type
• —Work orders: stage history, comments, attachments, and assigned personnel

Financial Data

• —Economics settings: cost assumptions such as insurance, hangar, engine reserve, and fuel estimates
• —Revenue and margin estimates derived from your operational data
• —Aircraft-level cost overrides and performance targets

Usage and Audit Data

• —Login and logout times
• —Features and pages accessed within the platform
• —Actions taken: records created, updated, deleted, or exported
• —Audit log entries for sensitive operations (economics views, settings changes)

Technical Data

• —IP address at time of login and API requests
• —Browser type and version
• —Device type and operating system
• —Session duration and request timestamps

We use the information we collect only to operate and improve FleetIQ. Specifically:

• —To create and manage your account and organization
• —To provide the FleetIQ platform, including fleet analytics, maintenance tracking, and financial insights
• —To calculate utilization metrics, revenue leakage estimates, and economics reports from your operational data
• —To send operational alerts and notifications relevant to your fleet (inspection due dates, squawk status changes, etc.)
• —To respond to support requests and troubleshoot issues
• —To detect and prevent fraud, abuse, and security incidents
• —To improve the platform, fix bugs, and develop new features
• —To comply with applicable legal obligations

FleetIQ is a multi-tenant platform built with data isolation as a core architectural principle, not an afterthought.

• —Each organization's data is stored with an organization_id and scoped exclusively to that organization
• —Row-level security (RLS) is enforced at the database level via Supabase PostgreSQL policies — even if the application layer had a bug, cross-organization data access would be blocked by the database itself
• —API requests require authentication via JSON Web Token (JWT) issued by Supabase Auth
• —Sensitive endpoints (economics settings, organization data, data exports) require elevated role permissions (owner or admin)
• —All data in transit is encrypted using TLS 1.2 or higher
• —All data at rest is encrypted by our cloud infrastructure provider
• —We maintain an audit log of all sensitive actions including data views, settings changes, and record deletions
• —Rate limiting is enforced on all API endpoints to prevent abuse and brute-force attacks

We retain your data for as long as your organization has an active FleetIQ account. If you close your account:

• —You may request a full export of your organization's data at any time by contacting privacy@fleetiqapp.com
• —Upon account closure, your data will be deleted from our production systems within 30 days
• —Encrypted backups containing your data may persist for up to 90 days before being purged
• —We may retain anonymized, aggregated data that cannot be linked to your organization or users
• —We will retain records required to comply with applicable legal or financial obligations for the periods required by law

FleetIQ uses a limited set of trusted third-party services to operate the platform. Each service is governed by its own privacy policy.

• —Supabase (database and authentication) — stores your organization's data in encrypted PostgreSQL databases hosted on AWS
• —Railway (API infrastructure) — hosts the FleetIQ backend API on isolated containers
• —Vercel (frontend hosting) — serves the FleetIQ web application
• —SendGrid (transactional email) — used to deliver import confirmation emails and account notifications
• —Redis (rate limiting) — stores temporary request counters; no personal data is persisted

We do not use analytics trackers, advertising networks, or social media pixels on the FleetIQ platform.

Depending on where you are located, you may have rights under applicable privacy laws including GDPR, CCPA, or similar regulations. These rights may include:

• —The right to access a copy of your personal data
• —The right to correct inaccurate personal data
• —The right to request deletion of your personal data ("right to be forgotten")
• —The right to data portability — receiving your data in a machine-readable format
• —The right to object to or restrict certain processing of your data
• —The right to withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@fleetiqapp.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If your organization is located in the European Economic Area, you also have the right to lodge a complaint with your local data protection supervisory authority.

FleetIQ uses only functional cookies necessary to operate the platform. These cookies are used to:

• —Maintain your authenticated session (set by Supabase Auth)
• —Store UI preferences such as view settings (stored in your browser's localStorage, never sent to our servers)

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies. You can clear cookies at any time through your browser settings; doing so will log you out of FleetIQ.

FleetIQ is a business-to-business platform intended for use by aviation organizations and their authorized personnel. We do not knowingly collect personal information from individuals under the age of 16. If you believe a minor has provided us with personal information, please contact us at privacy@fleetiqapp.com and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• —Update the effective date at the top of this page
• —Notify account owners via email at least 14 days before the changes take effect
• —Post a notice on the FleetIQ dashboard

Your continued use of FleetIQ after the effective date of an updated policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you may close your account and request deletion of your data.

If you have questions about this Privacy Policy, your data, or our privacy practices, please reach out: