1. Introduction
Airbit ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our aircraft maintenance management platform and website (the "Service").
This policy applies to all information collected through the Service, our website at airbit.biz, and any related communications. We process personal data as a Data Controller for account and billing purposes and as a Data Processor for the aviation maintenance data you store in our platform.
2. Data We Collect
Account & Identity Data
- Full name, email address, and job title
- Organisation name, address, and aviation authority reference numbers
- Login credentials (passwords stored as salted hashes)
- Single Sign-On (SSO) identifiers when enabled
Usage & Technical Data
- IP address, browser type, operating system, and device identifiers
- Pages visited, features used, and interaction timestamps
- Error logs and performance diagnostics
- Cookie data (see Section 5 below)
Aviation Maintenance Data
- Aircraft records, work orders, airworthiness directives, and compliance documentation entered by authorised users into the platform
- This data is processed solely on your behalf as a Data Processor under a Data Processing Agreement (DPA)
Billing & Payment Data
- Company billing details and VAT/tax identification numbers
- Payment information is processed by our third-party payment processor; we do not store full card numbers on our servers
3. How We Use Your Data
We use the personal data we collect for the following purposes:
- Service delivery: Providing, maintaining, and improving the Airbit platform
- Account management: Creating and managing your account, processing subscriptions
- Communication: Sending service notifications, security alerts, and (with your consent) product updates
- Support: Responding to your inquiries and providing technical support
- Compliance: Meeting legal obligations including aviation regulatory requirements
- Security: Detecting, preventing, and addressing fraud, abuse, and technical issues
- Analytics: Understanding usage patterns to improve our services (using anonymised data)
Our legal bases for processing include: contractual necessity, legitimate business interests, consent, and legal obligation.
4. Data Storage & Cloud Backups
All personal data and aviation maintenance data is stored on secure servers. We maintain daily cloud-based backups with geographic redundancy - your data is backed up every day and stored across multiple locations so that even in the unlikely event of a major outage, your records are safe and fully recoverable.
Our guarantee: Your data is never transferred to any third party by us. We do not sell, share, or transmit your personal or operational data to external entities. Cloud backups are managed by Airbit and remain solely under our control.
5. Cookies
We use cookies and similar tracking technologies to enhance your experience:
- Essential cookies: Required for authentication, security, and basic functionality. These cannot be disabled.
- Functional cookies: Remember your preferences such as language, time zone, and display settings.
- Analytics cookies: Help us understand how the Service is used (e.g., page views, session duration). Data is aggregated and anonymised.
You can manage your cookie preferences through your browser settings. Disabling non-essential cookies will not affect core platform functionality. We do not use advertising cookies or sell your data to third parties.
6. Third-Party Services
We do not share your data with any third party without your explicit, prior consent. This is a fundamental principle of how we operate.
We work with a limited number of trusted infrastructure providers who help us operate the Service. These providers only process data on our behalf under strict contractual obligations:
- Cloud hosting: Secure data centre providers for server infrastructure
- Payment processing: PCI-DSS compliant payment processors for subscription billing (they only receive the minimum data required to process your payment)
- Email delivery: Transactional email services for sending service notifications to you
- Identity providers: SSO/SAML integration partners (only when explicitly enabled by your organisation)
All third-party processors are bound by Data Processing Agreements (DPAs) and are required to maintain appropriate technical and organisational security measures. We will never sell, rent, or trade your data.
7. Your Data Rights
Regardless of where you are located, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing
Depending on your jurisdiction (e.g., GDPR in Europe, CCPA in California, ILPA in Israel, LGPD in Brazil, or other local data protection laws), you may have additional rights under applicable legislation.
To exercise any of these rights, contact us at privacy@airbit.biz. We will respond within 30 days. You may also have the right to lodge a complaint with your local data protection authority.
8. Data Retention
We retain personal data only as long as necessary to fulfil the purposes described in this policy:
- Account data: Retained for the duration of your subscription plus 30 days after termination for backup purposes
- Aviation maintenance records: Retained according to your organisation's retention policy and EASA regulatory requirements (typically 3-10 years for airworthiness records)
- Billing data: Retained for 7 years as required by applicable tax and accounting regulations
- Security logs: Retained for 12 months for incident detection and forensic purposes
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will notify you via email and/or a prominent notice within the Service at least 30 days before changes take effect
- The "Effective Date" at the top of this page will be updated
- Continued use of the Service after the effective date constitutes acceptance of the revised policy
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
10. Contact Us
If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:
Airbit
Registered in Israel