Effective Date: October 24th, 2025

Entity: SofloWorks (“SofloWorks,” “we,” “us,” “our”)

Scope: MasterPilot iOS app and the MasterPilot Portal at masterpilot.aero, plus related services.

Contact: privacy@masterpilot.aero

Postal: 18117 Biscayne Blvd #1675, Miami, FL 33160, USA

How to make a privacy request: Email privacy@masterpilot.aero with the subject “Privacy Request” and state your request (access, delete, correct, etc.).

1) What this policy covers

This policy explains what we collect, why we collect it, how we use and share it, and your choices. If you do not agree, do not use the Services.

Key definitions

“User Data”: the data you provide, primarily consisting of Flight Data and Aircraft Data as defined below.

“Flight Data”: files and telemetry you upload or generate (e.g., GPS coordinates, position/attitude, speed/altitude, engine/instrument data, avionics log files, timestamps, annotations, scoring/metrics, and any optional audio/video you upload).

“Aircraft Data”: aircraft make, model/series, equipment configuration, tail number/registration, aircraft photo(s), nicknames/notes, and the association between an aircraft and specific flights.

“Portal”: the MasterPilot web interface (masterpilot.aero).

“Organization”: a flight school, operator, or business that provisions accounts.

Primary data used to operate MasterPilot. The main information we process to operate the Service is recorded or imported Flight Data that you or your Organization upload or connect.

2) Personal information we collect — California Notice at Collection

We collect the categories of personal information described below and retain them for the periods described in §7.

A) Information you provide

• Account details (name, email, password), profile info, role/organization.
• Flight Data, notes/annotations, instructor feedback.
• Support messages and attachments.
• Payment details go to our payment processor; SofloWorks does not store full card numbers.

B) Information collected automatically

• Device/app/browser identifiers, IP address, app version, crash logs, usage metrics.
• Precise device location if you enable it (for flight mapping/debrief).
• Cookies/SDKs on the Portal/App (see §8).

C) Information from others

• Organization administrators (managed accounts) may provide roster/role info to administer access.
• Third-party services you connect (e.g., EFBs) may send data with your authorization.

D) Aircraft profile data

• Aircraft Data: make, model/series, equipment configuration, tail number/registration, aircraft photo(s), nicknames/notes, and the association between an aircraft and specific flights.
• Sources: you (manual entry/upload), your Organization (managed fleets), and—only if you enable it—public sources (e.g., registry lookups) to prefill non-sensitive fields.

3) How we use information

• Provide and maintain the Services (account/auth, debrief features, linking flights to specific airframes, syncing, troubleshooting).
• Analyze and improve quality, safety research, features, and security/fraud prevention.
• Communications about the Services and material changes to this policy or our Terms.
• Legal/compliance (obligations, lawful requests, enforcement).

De-identified & aggregated data. We create de-identified and/or aggregated datasets for analytics, benchmarking, and safety initiatives. We do not attempt to re-identify individuals, and recipients must not re-identify.

Advertising and sale/share. We do not sell personal information. If we ever “share” personal information for cross-context behavioral advertising on the Portal, we will provide a Do Not Sell or Share My Personal Information link and honor opt-outs. If we engage in “sale” or “sharing” under California law, we will also honor Global Privacy Control (GPC) signals as an opt-out preference.

4) Legal bases (EEA/UK)

• Contract (provide core features, including processing Flight Data and Aircraft Data).
• Legitimate interests (improve security/quality; perform safety/quality analytics on de-identified data; prevent fraud/abuse).
• Consent (optional features like precise location, push notifications, marketing, or publicly displayed aircraft photos if introduced).
• Legal obligations (tax, accounting, compliance).

5) Organization accounts

If your account is provisioned by an Organization:

• Designated admins may see certain information (e.g., flight summaries, analytics, relevant Aircraft Data) per Organization settings.
• Admins may manage/suspend accounts and retain data per Organization policy and law.
• Sharing outside the Organization is off by default and user-controlled when enabled.

6) How we share information

We share personal information with:

• Service providers (cloud hosting, analytics, customer support, payments) under contract and confidentiality.
• Your Organization administrators as described in §5.
• Partners you authorize (integrations you connect); you can revoke access.
• Legal/safety recipients to comply with lawful requests and protect rights, security, and safety.
• Business transfers (merger, acquisition, asset sale) as permitted by law/contract.

We may also share aggregated or de-identified information that does not identify individuals.

Exports & sharing you initiate. If you export or share a debrief/report, Aircraft Data included in that export (e.g., tail number, aircraft photo) will be visible to recipients.

7) Data retention

We retain personal information only as long as necessary for the purposes described or as required by law. Typical periods:

• Account & profile: while your account is active.
• Flight Data: while your account is active; if you delete a flight, we remove it from active systems within ~30 days and from backups within ~90 days (non-searchable until purged).
• Aircraft profiles/photos: while your account (or Organization account) is active; if you delete an aircraft profile or photo, we remove it from active systems within ~30 days and from backups within ~90 days (non-searchable until purged). Flights historically linked to that aircraft may continue to appear in de-identified analytics.
• Billing/transactions: 7 years (tax/accounting).
• Logs & security: 12–24 months.

We honor deletion requests (see §11).

8) Cookies, SDKs, and push notifications

We use cookies and similar technologies on the Portal and SDKs in the App to keep you signed in, measure performance, and improve features. Manage cookies in your browser and control app permissions (e.g., location, Bluetooth, camera) and push notifications in device settings. We currently do not respond to “Do Not Track” signals; we honor consent/opt-out requirements applicable to your region.

9) Security

We use administrative, technical, and organizational measures to protect data (e.g., encryption in transit and at rest, least-privilege access, monitoring). No system is 100% secure. If we become aware of a breach, we will notify you as required by law.

10) International data transfers

Where we transfer EEA/UK personal data to the U.S. or other countries, we use appropriate safeguards (e.g., Standard Contractual Clauses) and supplementary measures as needed.

11) Your rights and choices

• Access, correction, deletion, portability, restriction, objection (EEA/UK and similar regimes).
• Marketing controls: use unsubscribe links; you may still receive transactional messages.
• California (CPRA): right to know, delete, correct, opt-out of sale/share, and limit use of sensitive personal information; non-discrimination.
• Authorized agent (CPRA): you may use an authorized agent to submit a request; we will require proof of authorization and may ask you to verify your identity directly.
• Tail number display. Where available, you can choose whether to include tail numbers on exports/reports.
• Edit/delete aircraft. You can edit or delete Aircraft Data in settings or by emailing privacy@masterpilot.aero with the subject “Privacy Request.”

Sensitive Personal Information (CPRA). We collect precise geolocation as part of Flight Data to provide the core debriefing service you request. This use is a permitted business purpose, and we do not use sensitive personal information to infer characteristics. Accordingly, we do not offer a separate “Limit the Use of My Sensitive Personal Information” link. If our practices change, we will update this Policy and provide any required controls.

Appeals. If we deny your privacy request, you may appeal by replying to our decision or emailing privacy@masterpilot.aero with subject “Privacy Appeal.” We will review and respond with our final decision and, where applicable, explain how to contact your state attorney general.

To exercise rights, email privacy@masterpilot.aero with the subject “Privacy Request.” We will verify and respond as the law requires.

12) Children’s privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we collected such information without verifiable parental consent, we will delete it. (Use may still be limited by the age rules in our Terms.)

13) Third-party services and links

If you connect third-party services or follow external links, their privacy practices govern those interactions.

14) Changes to this policy

We may update this policy. For material changes, we will provide reasonable advance notice via the App/Portal or email when practicable. Continued use after the effective date means you accept the changes.

15) How to contact us

• Email: privacy@masterpilot.aero
• Postal: SofloWorks, 18117 Biscayne Blvd #1675, Miami, FL 33160, USA