DaPilot

Legal

Privacy Policy

Last updated April 28, 2026.

This Privacy Policy explains what data DaPilot collects, why we collect it, where it lives, and what choices you have. This policy covers the DaPilot iOS app and the dapilot.pro website.

1. What we collect

We collect three categories of data.

1.1 Account data

  • Apple Sign in with Apple identifier: a unique user identifier issued by Apple. We use this to sign you in.
  • Email address:from Apple Sign in with Apple. You may choose Apple’s private-relay email, in which case we never see your real email.
  • Name: from Apple Sign in with Apple, if you choose to share it.

1.2 Logbook data

  • Flights: every field you log (date, route, aircraft, times, landings, approaches, holds, remarks, and so on).
  • Aircraft: tail numbers and types you add to your fleet.
  • Flight Duty Periods and rest periods: if you use Airline Mode.
  • Voice transcripts and OCR images: processed in transit by a third-party AI provider (see Section 2). The audio and the image content are not retained server-side after the response is returned.

1.3 Usage data

  • Voice and OCR counters: we count how many voice entries and OCR scans your account has made for free-tier metering.
  • Subscription status: active, expired, or none. Provided by RevenueCat from the App Store receipt.
  • IP address: read from request headers for rate limiting on the AI endpoints. Not stored in long-term logs beyond the rate-limit window.
  • Push notification tokens: if you enable currency or medical reminders.
  • Website analytics: page views and aggregate web vitals captured by Vercel Analytics and Plausible. No cookies, no cross-site tracking, no personal identifiers.

2. The AI data path

Voice transcripts and OCR images are sent to OpenRouter for routing to Google Gemini 2.5 Flash Lite, which performs the extraction. The audio or image is held only in transit. After the model returns the structured JSON, the audio or image is discarded by the upstream provider. Neither DaPilot nor the upstream provider retains the original audio or image after the response. The structured output (the parsed flight fields) is returned to your device, where you review and confirm before it is saved to your logbook.

3. Where data lives

Logbook data is stored in Supabase (Postgres) in the United States. Row-level security policies enforce that you can only access your own data. A local cache of your data also lives on your iPhone in SwiftData for offline reading and writing.

Subscription state is held by RevenueCat (entitlement record only) and synced into your DaPilot profile via webhook.

4. What we use it for

  • To provide the logbook, currency, medical, and Airline Mode features.
  • To meter free-tier voice and OCR usage.
  • To run the AI extraction you initiate.
  • To send push reminders you opt into.
  • To respond to your support requests.
  • To detect and prevent abuse of the AI endpoints.

We do not sell your data. We do not run cross-site tracking. We do not show ads.

5. Cookies and tracking

The dapilot.pro website uses cookieless analytics: Vercel Analytics and Plausible. No tracking cookies, no third-party social pixels, no cross-site identifiers. The only cookies set by the website are first-party cookies needed for the email signup form (Buttondown). The iOS app does not use cookies.

Because the website does not set tracking cookies and does not collect personal data through analytics, we do not display a cookie banner. The full data path is documented above.

6. Sharing

We share data only with:

  • Service providers we depend on to operate the Service: Supabase (database and auth), RevenueCat (subscription state), Apple (Sign in with Apple, App Store, push notifications), OpenRouter and Google (AI processing), Vercel (web hosting), Buttondown (email list), Plausible (analytics), and Cloudflare (DNS).
  • Authorities, when required by law or to protect rights, safety, or property.
  • A successor entity in the event of a merger, acquisition, or sale of assets.

7. Your rights

7.1 Access and export

The full export of your logbook is available any time from inside the iOS app: Settings, Export. You receive a CSV file you can take anywhere.

7.2 Deletion

You can delete your account from inside the iOS app: Settings, Account, Delete account. Deletion is immediate and removes your profile, all flights, all aircraft, FDPs, rest periods, and your authentication record. There is no undo path.

7.3 GDPR

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights of access, rectification, erasure, restriction, objection, and portability under GDPR. Email legal@dapilot.pro to exercise them. The lawful bases we rely on are: consent (for the email list), contract (for the Service itself), and legitimate interest (for rate-limiting and abuse prevention on the AI endpoints).

7.4 CCPA / CPRA

California residents have the right to know what personal information we collect, the right to delete it, and the right to opt out of any sale or sharing. We do not sell or share personal information. Requests can be sent to legal@dapilot.pro.

8. Security

All connections between the app, the website, and our servers use TLS. Logbook data is protected by row-level security policies in Postgres scoped to your account ID. We use industry-standard measures to protect data in transit and at rest, but no system is perfectly secure. Notify us at legal@dapilot.pro if you believe your account has been compromised.

9. Children

DaPilot is not directed to children under 17 (App Store age rating 17+). We do not knowingly collect personal information from anyone under 17. If you believe a minor has created an account, contact us and we will delete it.

10. Changes

We may update this Privacy Policy when our practices change. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated in-app or by email when feasible.

11. Contact

Questions about this Privacy Policy can be sent to legal@dapilot.pro.

See also: Terms of Service and Regulatory Disclaimer.