Privacy & Data Governance

We collect the following categories of personal information to provide our aviation training retention services:

We use the information we collect for the following purposes:

• Provide our services — Deliver flight training tools including AI-powered debrief analysis, study plans, flashcards, checkride preparation, and knowledge resources.
• AI processing — Process your content (text, audio) through third-party AI services to generate analysis, transcriptions, and recommendations. See AI Processing Disclosure below.
• Account management — Authenticate your identity, manage subscriptions, and process payments.
• Communications — Send transactional emails (account confirmations, password resets), training reminders, and coaching session notifications. You may opt out of non-essential communications at any time.
• Platform improvement — Monitor errors, analyze usage patterns, and improve features based on aggregate data.
• Anonymized research & analytics — We may anonymize and aggregate your data to analyze retention trends, improve our AI models, conduct educational research, and develop new features. See Anonymized & Aggregate Data below.
• Legal compliance — Comply with applicable laws, respond to legal requests, and protect the rights and safety of our users.

We share personal information with the following categories of service providers, solely for the purposes of delivering our services. We do NOT sell your personal data.

Each service provider is contractually obligated to process your data only as directed by VectoredOps and in accordance with this Privacy Policy.

VectoredOps uses artificial intelligence (AI) to enhance your flight training experience. We believe in transparency about how AI is used in our platform.

How We Use AI

• Post-flight debrief analysis — AI reviews your debrief notes and transcripts to identify areas of strength, improvement opportunities, and patterns across your training.
• Audio transcription — AI converts your audio recordings into text transcripts for debrief analysis.
• Study plan generation — AI creates personalized study plans based on your training progress and areas needing attention.
• Practice oral exams — AI simulates DPE oral examination questions aligned with FAA ACS standards.
• Knowledge hub — AI provides answers to aviation knowledge questions grounded in FAA publications.

Important Limitations

Your data is sent to third-party AI processing services solely for the purpose of generating the features described above. These providers process data under contract with VectoredOps and do not use your data for their own training purposes.

Our audio debrief feature allows you to record post-flight debrief sessions. This section addresses how we handle audio recordings, including compliance with biometric data laws such as the Illinois Biometric Information Privacy Act (BIPA).

Collection & Consent

• Audio recording is entirely voluntary — you initiate each recording through an explicit action (pressing the record button).
• By initiating a recording, you consent to the collection and processing of that audio for transcription and debrief analysis.
• If other individuals are present during the recording (e.g., your flight instructor), you are responsible for informing them that the session is being recorded.

Processing

• Audio recordings are transmitted securely (TLS 1.2+) to a third-party transcription service for conversion to text.
• The resulting text transcript is then analyzed by our AI features to generate debrief insights.

Biometric Data Statement

Retention & Deletion

Audio recordings are retained while your account is active. Upon account deletion, all audio recordings and associated transcripts are permanently deleted. You may also delete individual recordings at any time through your account.

We may create anonymized and aggregate datasets from information collected through our platform. Anonymized data has been stripped of all personally identifiable information and cannot be used to re-identify any individual user.

How We Use Anonymized Data

• Retention trend analysis — Understanding patterns in student pilot training progression and dropout risk factors.
• Product improvement — Identifying which features and study methods are most effective for flight training retention.
• Educational research — Contributing to the broader understanding of aviation training best practices.
• AI model improvement — Training and improving machine learning models to provide better analysis, recommendations, and educational outcomes.

We retain your personal information only as long as necessary to provide our services and fulfill the purposes described in this policy.

For users affiliated with University Part 141 aviation programs, VectoredOps operates under the “School Official” exception to consent under the Family Educational Rights and Privacy Act (FERPA), 34 CFR § 99.31(a)(1)(i)(B).

• We perform an institutional service or function for which the school would otherwise use its own employees.
• We constitute a “School Official” with a legitimate educational interest in the student's retention and performance data.
• We are under the direct control of the educational agency or institution with respect to the use and maintenance of education records.
• We are subject to the requirements of 34 CFR § 99.33(a) governing the use and redisclosure of personally identifiable information (PII) from education records.

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

Your California Privacy Rights

To exercise these rights, contact us at [email protected]. We will respond within 45 days (extendable to 90 days with notice).

The Texas Data Privacy and Security Act (TDPSA) provides Texas residents with specific rights regarding their personal data. VectoredOps is committed to complying with these requirements.

Your Rights Under TDPSA

How to Exercise Your Rights

To exercise any of your TDPSA rights, please submit a request to [email protected]. We will respond to your request within 45 days. If we need additional time (up to 45 more days), we will notify you of the extension and the reason.

Appeal Process

If we decline to take action on your request, you may appeal our decision by contacting us at [email protected] within 45 days of receiving our response. We will inform you in writing of any action taken or not taken in response to your appeal within 60 days.

Sensitive Data

Under TDPSA, we will not process sensitive data (including precise geolocation, racial/ethnic origin, religious beliefs, health diagnosis, sexual orientation, citizenship status, genetic or biometric data) without obtaining your consent. We do not collect sensitive data categories beyond what is necessary to provide our aviation training retention services.

Non-Discrimination

We will not discriminate against you for exercising your TDPSA rights.

In addition to California and Texas, residents of the following states have privacy rights under their respective state laws: Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Oregon, Montana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Indiana, Kentucky, Rhode Island, Nebraska, Iowa, Tennessee, and Utah.

Common Rights Across State Laws

While specific provisions vary by state, the following rights are generally available to residents of states with comprehensive privacy laws:

• Access — Confirm whether we process your personal data and obtain a copy.
• Correction — Request correction of inaccurate personal data.
• Deletion — Request deletion of your personal data.
• Data Portability — Obtain your data in a portable format.
• Opt-Out — Opt out of targeted advertising, sale of personal data (we do not sell data), and profiling for decisions with legal or similar effects.

Universal Opt-Out Mechanism (Global Privacy Control)

We honor the Global Privacy Control (GPC) signal as a valid universal opt-out mechanism, as required by California, Colorado, Connecticut, Oregon, Montana, Delaware, Maryland, Minnesota, New Jersey, New Hampshire, and Texas. If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of personal information.

Appeal Process

If we deny your privacy request, you have the right to appeal. Submit your appeal to [email protected] within 45 days of our response. We will respond to your appeal within 60 days.

VectoredOps is designed for student pilots and flight instructors. The FAA requires a minimum age of 16 to obtain a student pilot certificate and 17 for a private pilot certificate. Our services are not directed to children under the age of 13.

We do not knowingly collect personal information from children under 13 years of age. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as promptly as possible. If you believe that a child under 13 has provided us with personal information, please contact us at [email protected].

We send the following types of emails:

• Transactional — Account confirmations, password resets, payment receipts, and subscription changes. These cannot be opted out of while your account is active.
• Training notifications — Study reminders, coaching session alerts, and training gap notifications. You may opt out of these in your account settings.
• Product updates — New features and platform announcements. You may opt out of these via the unsubscribe link in each email.

All marketing and non-essential emails include a one-click unsubscribe option. We honor opt-out requests within 10 business days in compliance with the CAN-SPAM Act.

VectoredOps offers Google Sign-In as a convenient and secure authentication option. When you choose to sign in with Google, we access only the minimum information necessary to create and manage your account.

Data We Receive from Google

• Email address — Used as your unique account identifier and for account-related communications.
• Display name — Used to personalize your profile within VectoredOps.
• Profile photo URL — Used to display your avatar within the application (if available).

What We Do NOT Access

• We do not access your Google Drive, Gmail, Calendar, Contacts, or any other Google services.
• We do not post to or modify any of your Google accounts or data.
• We do not share your Google account information with any third parties.
• We do not use your Google data for advertising or marketing purposes.

Revoking Access

You may revoke VectoredOps' access to your Google account at any time through your Google Account Permissions page. Revoking access will prevent future sign-ins via Google but will not delete your existing VectoredOps account or data. To request account deletion, contact [email protected].

VectoredOps is based in the United States, and your data is primarily processed and stored in the United States. Our third-party service providers may process data in various locations worldwide.

By using our services, you acknowledge that your data may be transferred to and processed in the United States or other jurisdictions. We ensure that appropriate security measures are in place regardless of where data is processed, including encryption in transit and at rest.

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data transfer regulations, your use of our services constitutes consent to the transfer of your data to the United States. We apply the same level of data protection to all users regardless of location.

We share personal information only with service providers who process data on our behalf to deliver our services (see Third-Party Service Providers above). This does not constitute a “sale” or “sharing” under the CCPA/CPRA or any state privacy law.

If our practices change in the future, we will update this policy and provide notice before any sale or sharing of personal information occurs. You will have the opportunity to opt out before any such change takes effect.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

• Material changes will be communicated via email notification and/or a prominent notice on our website at least 30 days before the changes take effect.
• Non-material changes (such as formatting or clarifications) may be made without prior notice but will be reflected in the “Last Updated” date at the top of this page.
• If we expand the use of previously collected data in ways not described in this policy, we will seek your affirmative consent before doing so.

We encourage you to review this page periodically. Your continued use of VectoredOps after the effective date of any changes constitutes your acceptance of the updated policy.