Privacy Policy

Last updated: July 1st, 2025

This Privacy Policy describes how Skylo ("Skylo", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our website (flyskylo.com), mobile application, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with the terms, please do not access or use the Service.

If you have any questions or requests regarding this Privacy Policy, please contact us at support@flyskylo.com.

1. INFORMATION WE COLLECT

We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("Personal Data"). The categories of Personal Data we collect include:

A. Account & Identity Information

Required Information:

  • Full name (first name, last name)
  • Email address for login and communications
  • Password (stored securely using industry-standard hashing)
  • Date of birth (for age verification and KYC compliance)
  • Phone number (for account security, verification, and notifications)
  • Legal role (Pilot or Aircraft Owner)
  • Social Security Number (SSN) or Tax ID number (for aircraft owners and payment processors)
  • Profile photo/avatar (for account identification)

Optional Information:

  • Additional account photos
  • User preferences regarding emails and push notifications

B. Device & Technical Information

Mobile Application Data:

  • Device type, model, and operating system version
  • Mobile device identifiers (advertising ID, device ID)
  • App version and installation information
  • Expo Push Notification tokens (when notifications are enabled)
  • Device language and locale settings
  • Network information (IP address, connection type)
  • App crash reports and error logs
  • App usage patterns and feature interactions

Web Application Data:

  • Browser type, version, and user agent string
  • IP address and approximate location
  • Screen resolution and display preferences
  • Website usage patterns and page views
  • Session duration and interaction data
  • Referrer URLs and search terms

C. Location Information

Precise Location:

  • GPS coordinates when using location-based features
  • Real-time location for finding nearby airports and aircraft
  • Location data for safety and emergency purposes
  • Flight tracking and aircraft positioning (when applicable)

Approximate Location:

  • Country and region derived from IP address
  • Timezone information for scheduling
  • General area for compliance with local regulations

D. Camera & Media Access

Camera Usage:

  • Document photography for identity verification
  • HOBBS meter readings for flight billing
  • Aircraft listing photos
  • Profile photos and avatars
  • Support ticket attachments

Photo Library Access:

  • Uploading existing verification documents
  • Selecting aircraft photos from gallery
  • Profile picture selection
  • Document uploads for KYC compliance

E. Verification & Compliance Data

Pilot Verification:

  • FAA license information and images
  • VFR/IFR/Night qualifications and expiry dates
  • Government-issued ID images (passport, driver's license)
  • Selfie photo (for identity verification)
  • Logbook entries and flight history documentation

Owner Verification:

  • Business type (individual, company)
  • Business name (if applicable)
  • Tax ID information
  • Banking verification documents
  • Government-issued ID images (front and back)

F. Payment & Financial Information

For Aircraft Owners:

  • Bank account details (routing number, account number, account holder name)
  • Bank name and account type
  • Banking country and currency
  • IBAN or Sort Code (for non-US users)
  • SWIFT/BIC code for international transfers
  • Stripe Connect account information
  • Payout schedule preferences
  • Transaction history and payouts

For Renters/Pilots:

  • Payment method information (through Stripe)
  • Balance and transaction history
  • Billing address information
  • Deposit and payment history
  • Outstanding balance information

G. Address & Location Data

Personal Address:

  • Street address and house/apartment number
  • City, state/province, postal/ZIP code
  • Country

Billing Address (if different from personal address)

Aircraft Location:

  • Home airport identifier
  • Geographic coordinates of aircraft location
  • Airport data (ICAO, IATA codes, name, location)

H. Aircraft & Booking Information

Aircraft Details (for owners):

  • Aircraft make and model
  • Registration information
  • Specifications (seats, range, baggage capacity, etc.)
  • Hourly rate and availability settings
  • Aircraft category and type
  • Aircraft images and descriptions
  • Maintenance records (when applicable)

Booking Information:

  • Start and end times for rentals
  • HOBBS meter readings (start and end)
  • Flight duration
  • Booking status and history
  • Payment records associated with bookings

I. Communications & Support Data

Messages:

  • Direct message content between users
  • Timestamps of communications
  • Images shared in messages
  • Support ticket content and history
  • Thread subjects and status information

Support Threads:

  • Support case details and resolution information
  • AI agent interactions for automated support

J. Technical & Usage Data

Usage Data:

  • IP address
  • Session tokens and authentication data
  • Access timestamps and session duration
  • App feature usage patterns
  • Aircraft listing view history
  • User actions (logins, bookings, profile updates)
  • Language preferences

Analytics Data:

  • Booking creation metrics
  • Aircraft view counts
  • Message frequency statistics
  • Revenue data (for platform operation)
  • Feature usage patterns

K. Third-Party Integration Data

OAuth Authentication Data (when signing in with Google or Apple):

  • Service provider tokens (never stored permanently)
  • Provider user identifier
  • Email and basic profile data from the provider

Financial Processing Data:

  • Stripe Connect account information
  • Stripe Customer ID and payment identifiers
  • Stripe Webhook events for transaction processing
  • Payment Intent and Transfer IDs
  • Stripe Identity verification sessions for KYC
  • Bank account verification status and metadata

AI Processing Data:

  • Document images sent to OpenRouter AI for HOBBS meter reading extraction
  • Support chat messages processed by Google Gemini AI for automated responses
  • User context data (anonymized) sent to AI for personalized support
  • Aircraft and booking data for AI-powered customer service
  • Images and text processed for document verification automation

Database & Infrastructure:

  • Supabase PostgreSQL database hosting and management
  • Supabase Authentication service integration
  • Supabase Storage for secure file and image hosting
  • Real-time database subscriptions for live updates

Communication Services:

  • Expo Push Notification service for mobile notifications
  • Email service providers for transactional and marketing emails
  • SMS services for account verification (when applicable)

Analytics & Monitoring:

  • Internal analytics system for user behavior tracking
  • Aircraft view tracking and popularity metrics
  • Performance monitoring and error tracking
  • Revenue and booking analytics for business intelligence
  • User engagement and feature usage statistics

L. Notifications & Preferences

Notification Settings:

  • Email notification preferences (bookings, messages, marketing, account)
  • Push notification preferences (bookings, messages, promotions)
  • Expo push notification tokens
  • Communication language preference (English, German)

We may also collect information you voluntarily provide to us, such as when you contact support or participate in surveys.

In some cases, you may have the option to use our services without providing certain Personal Data, but this may limit your ability to use specific features of the Service, particularly those related to aircraft rental and verification processes.

2. HOW WE USE YOUR INFORMATION

We use your Personal Data for the following specific purposes:

  1. Account Administration & Verification: User authentication, identity verification, role-based access, profile management, and legal compliance.
  2. Aircraft Rental & Booking Services: Listing management, availability calculation, booking processing, HOBBS meter verification, location-based services, analytics, and insights.
  3. Automated Processing Services:
    • HOBBS meter reading extraction from photos using computer vision technology
    • Fuel receipt processing and verification for wet rental reimbursements
    • Aircraft maintenance tracking and automatic safety blocking when overdue
    • Document verification and processing automation for licenses and maintenance records
    • Intelligent customer support responses and chat assistance
    • Fraud detection and risk assessment algorithms for platform security
    • Personalized aircraft recommendations based on user behavior and preferences
  4. Payments & Financial Processing: Payment processing, balance management, owner payouts, transaction history, fee calculation, tax compliance, and fraud prevention.
  5. Location-Based Services:
    • Finding nearby airports and aircraft based on your location
    • Providing accurate distance calculations and flight planning
    • Emergency services coordination and safety monitoring
    • Compliance with regional aviation regulations
  6. Communication & Notifications: Direct messaging, support ticket management, automated notifications, marketing communications, flight reminders, push notifications, and language personalization.
  7. Analytics & Business Intelligence:
    • User behavior analysis to improve app functionality
    • Aircraft listing performance and popularity tracking
    • Revenue optimization and pricing insights
    • Feature usage statistics and user engagement metrics
    • Market trend analysis and demand forecasting
  8. Platform Improvement & Operations: Error monitoring, crash reporting, performance optimization, quality assurance, feature development, and user experience enhancement.
  9. Security & Safety: Account security, fraud detection, dispute resolution, safety monitoring, data backup & recovery, and threat prevention.
  10. Legal & Compliance: Regulatory compliance, legal proceedings, terms enforcement, audit trails, and geographic restrictions.
  11. Third-Party Integrations: Payment processing (Stripe), database & storage (Supabase), OAuth authentication, email delivery, push notifications, and AI services (OpenRouter, Google Gemini).

3. HOW WE SHARE YOUR INFORMATION

We may share your Personal Data as described below. In each case, we ensure appropriate contractual provisions are in place to protect your information and only share what is necessary for the specified purpose.

  • Infrastructure & Core Service Providers: Supabase (database, storage, auth), Stripe (payments, payouts, KYC).
  • Notifications & Communications: Expo push notification service, email service providers.
  • Other Platform Users: Pilot-to-owner communications, aircraft listings, public profile information.
  • Analytics & Business Operations: Internal analytics, admin & support access.
  • Legal & Compliance: Regulatory requirements, safety & security, legal processes.
  • Corporate Transactions: Business transfers (merger, acquisition, sale).

We do not sell your Personal Data, share with data brokers, or use for advertising unless you have explicitly consented.

4. COOKIES & TRACKING TECHNOLOGIES

We use cookies, local storage, and similar technologies to enhance your experience. This includes authentication/session management, user preferences, app state, analytics, error logging, device information, push notifications, and third-party integrations (Stripe, OAuth). You can control cookies and storage via browser or in-app settings. Disabling may impact functionality.

5. DATA SECURITY

We implement reasonable security measures including multi-layer JWT token security, role-based access control, row-level security, session verification, IP logging, in-transit and at-rest encryption, secure document handling, Stripe integration security, server security, logging & monitoring, and error handling security. No method is 100% secure; contact support@flyskylo.com if you have concerns.

6. INTERNATIONAL DATA TRANSFERS

Your data may be processed in the US, EU, Australia, and other regions where our providers operate. We use legal mechanisms such as Standard Contractual Clauses, adequacy decisions, and explicit consent for international transfers. Technical and organizational safeguards are in place. Contact support@flyskylo.com for details.

7. YOUR RIGHTS AND CHOICES

  • Access, update, or export your data via your account or by contacting support.
  • Request deletion (with password/OAuth verification and 30-day grace period).
  • Restrict processing, data portability, object to processing, or withdraw consent.
  • Control communication preferences and payment/banking info.
  • Technical choices: cookies, location, data usage.
  • Parental rights for minors.

To exercise your rights, contact support@flyskylo.com. We may require identity verification.

8. ADDITIONAL INFORMATION FOR EEA, UK, AND SWISS USERS (GDPR)

  • Skylo is the data controller. For EU-specific inquiries, contact support@flyskylo.com.
  • Legal bases: contract performance, legitimate interests, legal obligations, consent.
  • Enhanced rights: lodge a complaint, contest automated decisions, request safeguard info.
  • Contact: support@flyskylo.com for all privacy-related requests.
  • Complaint authorities: UK ICO, Swiss FDPIC, or your local data protection authority.

9. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS (CCPA)

  • Categories collected: identifiers, protected classifications, commercial info, biometrics, internet activity, geolocation, audio/visual, professional, education, inferences, sensitive info.
  • Rights: know, delete, correct, limit use, opt-out of sale/sharing, non-discrimination.
  • Request: Contact support@flyskylo.com for all California privacy rights requests.
  • No financial incentives, no direct marketing sharing.

10. CHILDREN'S PRIVACY

The Service is not intended for children under 18. We do not knowingly collect data from children under 18. If we learn we have, we will delete it as soon as possible. Parents or guardians who believe their child has provided us with personal information should contact support@flyskylo.com immediately.

11. DATA RETENTION

  • Active accounts: data retained as long as account is active.
  • Inactive: flagged after 24 months of inactivity.
  • Account deletion: 30-day grace period, backup, permanent deletion after 30 days, immediate removal from Supabase Auth.
  • Deletion restrictions: outstanding balance, active bookings/listings, disputes, legal holds.
  • Retention: transactions (7 years), messages (3 years), verification docs (account + 2 years), bookings (7 years), backups (90 days).
  • Minimization/anonymization after retention periods.

12. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to perform our services, including account creation, aircraft rentals, payments, and customer support.
  • Legitimate Interests: Fraud prevention, security monitoring, service improvement, analytics, and business operations, balanced against your privacy rights.
  • Legal Obligations: Compliance with aviation regulations, financial reporting, tax obligations, and law enforcement requests.
  • Consent: Marketing communications, optional features, and certain data sharing activities where explicit consent is obtained.
  • Vital Interests: Emergency situations involving safety or security of individuals.

13. AUTOMATED DECISION-MAKING AND PROFILING

We may use automated systems for:

  • Fraud Detection: Automated analysis of booking patterns and payment behavior to identify potentially fraudulent activity.
  • Risk Assessment: Evaluation of pilot qualifications and aircraft owner verification status for safety purposes.
  • Pricing Optimization: Dynamic pricing suggestions based on market conditions and demand patterns.
  • Content Moderation: Automated screening of messages and listings for prohibited content.

You have the right to request human review of any automated decision that significantly affects you. Contact support@flyskylo.com to exercise this right.

14. THIRD-PARTY SERVICES AND INTEGRATIONS

Our Service integrates with various third-party providers. Each has their own privacy practices:

  • Supabase (Database & Infrastructure): Database hosting, authentication, and storage services. Data processed under their privacy policy and data processing agreements. Real-time data synchronization and secure file storage.
  • Stripe (Payment Processing): Payment processing, KYC verification, and payout services. Subject to Stripe's privacy policy and PCI DSS compliance. Includes Stripe Connect for owner payouts and Stripe Identity for document verification.
  • OpenRouter AI (Computer Vision): AI-powered HOBBS meter reading extraction from uploaded images. Document images are processed to extract numerical readings for billing accuracy. Data is processed temporarily and not stored by the AI service.
  • Google Gemini AI (Customer Support): Automated customer support responses and intelligent chat assistance. User messages and context are processed to provide relevant support. Conversations may be analyzed to improve service quality.
  • Expo (Mobile Infrastructure): Push notification delivery for mobile applications. Minimal data sharing limited to device tokens and message content. Crash reporting and performance analytics for mobile app optimization.
  • OAuth Providers (Google, Apple): Authentication services that may collect additional data according to their respective privacy policies. Used for simplified login and account creation processes.
  • Email Service Providers: For transactional and marketing email delivery, subject to their privacy practices. Includes booking confirmations, verification emails, and account notifications.
  • Internal Analytics Platform: Custom analytics system for tracking aircraft views, user engagement, booking patterns, and platform performance. Data is processed internally and not shared with third-party analytics providers.
  • Error Monitoring & Logging: Internal systems for tracking application errors, performance issues, and system monitoring. Helps ensure platform reliability and quick issue resolution.

We recommend reviewing the privacy policies of these third-party services. We are not responsible for their privacy practices but ensure contractual protections where applicable. All integrations are designed to minimize data sharing and protect your privacy.

15. MOBILE APP PERMISSIONS AND DISCLOSURES

Our mobile application requests specific permissions to provide core functionality. Here are the permissions we request and why:

App Store Privacy Label Information

Data Types Collected:

  • ✓ Contact Info (Name, Email, Phone)
  • ✓ Health & Fitness (Pilot medical certificates)
  • ✓ Financial Info (Payment details, Banking info)
  • ✓ Location (Precise and Coarse)
  • ✓ Identifiers (Device ID, User ID)
  • ✓ User Content (Photos, Messages, Documents)
  • ✓ Usage Data (App interactions, Feature usage)
  • ✓ Diagnostics (Crash reports, Performance data)

Required Permissions

📷 Camera Access

Purpose: Taking photos for identity verification, HOBBS meter readings, aircraft listings, and profile pictures.

Usage Description: "Skylo needs camera access to capture verification documents, HOBBS meter readings, and aircraft photos for listings."

📍 Location Access

Purpose: Finding nearby airports and aircraft, providing location-based search results, and emergency services coordination.

Usage Description: "Skylo uses your location to help you find nearby airports and aircraft for rental. This helps you discover relevant aircraft listings in your area."

🖼️ Photo Library Access

Purpose: Selecting existing photos for verification documents, aircraft listings, and profile pictures.

Usage Description: "This app needs access to your photo library so you can select images for your listings and verification documents."

🔔 Notification Permissions

Purpose: Sending booking confirmations, flight reminders, messages from other users, and important account updates.

Usage Description: "Skylo sends notifications to keep you informed about your aircraft bookings, flight confirmations, payment updates, messages from other users, and important account verification status changes."

Data Sharing and Tracking

No Third-Party Tracking:

  • • We do not sell your personal data to third parties
  • • We do not use your data for cross-app tracking
  • • We do not share data with data brokers
  • • Analytics are processed internally, not shared with external analytics companies
  • • AI processing is done securely with minimal data sharing

Google Play Data Safety

For Android users downloading from Google Play, here's our Data Safety disclosure:

Data Collection:

Personal info, Financial info, Location, Photos and videos, App activity, Device identifiers

Data Sharing:

Limited sharing with service providers only (Stripe for payments, Supabase for infrastructure, OpenRouter for AI processing)

Data Security:

Data is encrypted in transit and at rest using industry-standard security measures

Data Deletion:

Users can request account and data deletion through the app or by contacting support

16. AI PROCESSING AND DATA RETENTION

AI Processing Details

Computer Vision for HOBBS Meter Reading:

  • • Images of HOBBS meters are sent to OpenRouter AI for optical character recognition
  • • AI extracts numerical readings to automate billing calculations
  • • Images are processed temporarily and not permanently stored by the AI service
  • • Processing occurs over encrypted connections with minimal data exposure
  • • Only the extracted numerical data is retained in our systems

Customer Support AI (Google Gemini):

  • • Support messages are processed by Google Gemini for intelligent responses
  • • User context (booking history, account status) may be provided for relevant assistance
  • • Conversations are analyzed to improve support quality and response accuracy
  • • All data processing follows Google's AI privacy and security standards
  • • Users can opt for human support instead of AI assistance

Data Retention Periods

Account & Profile Data:

Retained while account is active, plus 7 years after account closure for legal compliance

Financial & Payment Data:

Retained for 7 years for tax and accounting purposes, as required by law

Verification Documents:

Retained for duration of account plus additional time as required for compliance verification

Booking & Flight Data:

Retained for 7 years for safety records and regulatory compliance

Communication Data:

Messages retained for 3 years, support tickets for 5 years

Analytics & Usage Data:

Aggregated usage data retained indefinitely, individual activity data for 2 years

Error Logs & Diagnostics:

Retained for 1 year for debugging and system improvement purposes

International Data Transfers

Your data may be processed in countries other than your own, including:

  • United States: Supabase infrastructure, OpenRouter AI processing, Stripe payment processing
  • European Union: Potential data replication and backup locations
  • Cloud Infrastructure: AWS, Google Cloud, or other cloud providers used by our service partners

All international transfers are protected by appropriate safeguards, including standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms as required by applicable data protection laws.

17. DATA BREACH NOTIFICATION

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant supervisory authorities within 72 hours of becoming aware of the breach (where required by law).
  • Inform affected users without undue delay if the breach is likely to result in high risk to their rights and freedoms.
  • Provide clear information about the nature of the breach, potential consequences, and measures taken to address it.
  • Offer guidance on steps users can take to protect themselves.
  • Implement immediate containment and remediation measures.

If you suspect a security incident involving your account, contact support@flyskylo.com immediately.

18. CHANGES TO THIS PRIVACY POLICY

  • Material changes: 30 days notice via app, email, push, or banner.
  • Non-material: update date, summary, or changelog.
  • Prior versions available on request.
  • Continued use = acceptance. You may close your account if you disagree.

We will maintain an archive of previous versions of this Privacy Policy. To request access to previous versions, contact support@flyskylo.com.

19. GOVERNING LAW AND JURISDICTION

This Privacy Policy and any disputes arising from it shall be governed by and construed in accordance with the laws of the jurisdiction where Skylo is incorporated, without regard to conflict of law principles. Any legal action or proceeding arising under this Privacy Policy will be brought exclusively in the courts of competent jurisdiction in that location, and the parties hereby consent to personal jurisdiction and venue therein.

For users in the European Union, this does not affect your rights under local data protection laws or your right to bring proceedings in your local courts.

20. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

AURA MANAGEMENT LLC

Operating Platform: Skylo

Email: support@flyskylo.com

Website: flyskylo.com

Business Address:
1018 Collier Blvd
St. Augustine, FL 32084
United States

We aim to respond to all privacy-related inquiries within 30 days. For urgent security matters, please mark your email as "URGENT - SECURITY" in the subject line.

Effective Date: This Privacy Policy is effective as of the "Last updated" date shown at the top of this document. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of such changes.

Language: This Privacy Policy is written in English. In case of any discrepancy between this English version and any translated version, the English version shall prevail.