Privacy Policy

We may collect information about you in a variety of ways. The information we may collect via the Application includes:

Information You Provide or Generate

• Personal Data: Personally identifiable information, such as your name and email address, that you voluntarily give to us when you register for an account with the Application.
• Account and Authentication Data:When you create an account, we collect your email address or mobile phone number for authentication purposes. We support passwordless authentication (email verification code, SMS verification code) and third-party login (via social platforms and Apple/Google sign-in). When you use third-party login, we receive a unique identifier, display name, and profile picture from the third-party service. We do not receive or store your third-party account password.
• Flight and User Data:All flight-related data you create within the Application, such as flight plans, flight logs, aircraft profiles, weight and balance calculations, and checklist data, is stored locally on your device by default. We do not collect or upload this information unless you actively choose to use our cloud sync or backup features. When cloud sync is enabled, the following data types may be synchronized to our servers: flight logs, flight tracks (including GPS coordinates, altitude, speed, and timestamps), checklists, aircraft profiles, and user settings.
• Device Registration Data:When you enable cloud synchronization, we record device identifiers, device name, operating system type and version, and application version for the purpose of multi-device management, sync coordination, and conflict resolution. You can view and manage your registered devices within the Application.

Information We Collect Automatically

• Device Data: To ensure security, identify improper behavior, prevent fraud, and ensure the proper functioning of our services, we may collect device information such as your mobile device model, manufacturer, unique device identifiers (e.g., IMEI, Android ID, OAID), MAC address, and SIM card information (e.g., IMSI).
• Analytics and Performance Data: We use third-party analytics services to collect anonymous data about your interaction with the Application. This includes usage patterns, feature popularity, and crash reports. This information is used solely for the purpose of improving our product and services and does not personally identify you.
• Derivative Data: Information our servers automatically collect when you access the Application, such as your native actions that are integral to the Application, as well as other interactions with the Application and other users via server log files.

Device Permissions We May Request

To provide our services, we may request access to certain features on your device. You may change our access at any time in your device's settings.

• Location Permissions (Precise, Coarse, and Background):Location information is fundamental to the Application's core services. We request access to your device's precise and coarse location to enable features like track logging, moving map navigation, and the PFD display. If you choose to enable the "Background Track Logging" feature in settings, we will request permission to access your location while the app is in the background to ensure your flight track is recorded completely. When background location is active, we will display a persistent notification in your device's status bar to clearly inform you. You can disable this feature at any time in the Application's settings.
• Storage Permission (Read/Write External Storage):To enable features like exporting and saving your flight records and statistics, we will request permission to read from and write to your device's external storage when you initiate an export.
• Wi-Fi and Bluetooth Permissions:To improve the speed and accuracy of location services, especially in areas with weak GPS signals or indoors, we may request permission to view Wi-Fi state and use Bluetooth for assisted location.
• Sensor Information:To provide accurate attitude indication and navigation on the PFD (Primary Flight Display), we access your device's gravity, accelerometer, and gyroscope sensors.
• Clipboard Access:To help you report issues to us, we provide a feature that allows you to copy error log information to your clipboard. This is only initiated by you (e.g., by tapping a "Copy Log" button). We do not read any other information from your clipboard.

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to:

• Create and manage your account.
• Authenticate your identity and manage account security.
• Provide the core functionality of the Application, such as flight planning, PFD display, and track logging.
• Enable cloud synchronization of your data across your devices.
• Manage multi-device access and resolve data conflicts.
• Process payments and manage subscription services.
• Anonymously analyze usage and trends to improve your experience with the Application.
• Monitor and analyze usage and trends to improve the Application's stability and performance.
• Respond to product and customer service requests.

We believe in giving you control over your data. Your data is stored in the following ways:

Local Device Storage

All of your user-generated data, such as flight plans and logs, is always stored locally on your device. The Application follows an offline-first architecture, meaning core functionality remains available without an internet connection. Local data is encrypted using industry-standard database encryption.

User-Managed Cloud Backup (e.g., iCloud)

You may use your device's native cloud backup services (like Apple's iCloud) to back up your Application data. This process is managed by you and is governed by the terms and privacy policy of your cloud service provider.

Cloud Synchronization and Server-Side Storage

If you choose to enable our cloud synchronization feature, your data will be processed as follows:

• Encryption: Your data is encrypted using AES-256-GCM encryption before transmission and at rest on our servers. Encryption keys are derived using PBKDF2 key derivation (100,000 iterations). All data in transit is protected by TLS 1.3.
• Regional Data Storage: Your data is stored in data centers located in the region corresponding to your account: China, European Union, or United States. Data is stored exclusively within your designated region and is not replicated across regions.
• Offline-First Principle: Cloud sync is designed to complement, not replace, local storage. All data remains on your device regardless of sync status.
• Real-Time Notifications: We use WebSocket connections to deliver real-time sync notifications to your devices. These notifications contain only signal metadata (e.g., "new data available") and do not transmit actual data content.
• Conflict Resolution: When data conflicts occur between devices, we use an optimistic locking mechanism with version control. In cases where automatic resolution is not possible, you will be prompted to choose which version to keep.
• Disabling Sync: If you disable cloud synchronization, your data will remain on our servers and on any devices that have already synced. No new changes will be synchronized until you re-enable the feature.
• Account Deletion: If you delete your account, your data will be retained on our servers for a 31-day cooling-off period to allow for recovery, after which it will be permanently deleted from our servers. Data already synced to your local devices will not be affected.

Cloud Backup

Cloud backup functionality is available depending on your subscription plan. Backups are stored in the same regional data centers as your synchronized data and are subject to the same encryption standards. You may manage and delete your backups at any time within the Application.

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

Third-Party Service Providers
We engage reputable third-party service providers to support the operation of our services. These providers process your data only on our behalf and in accordance with our instructions. The categories of service providers we use include:

• (a) Cloud Infrastructure Providers: For hosting, data storage, and server operations in each regional data center.
• (b) Payment Processors: For processing subscription payments through app stores and direct payment channels. Payment processors handle your payment information directly; we do not store your full payment card details.
• (c) Authentication Service Providers: For facilitating third-party login (e.g., social platform login, Apple/Google sign-in).
• (d) Communication Service Providers: For sending verification codes via SMS and email.
• (e) Analytics Providers: For collecting anonymous usage data and crash reports to improve the Application.

You may contact us at any time to request a detailed list of the specific service providers currently in use.

Business Transfers
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Specific retention periods are as follows:

• Account Data: Retained for the duration of your account's existence, plus 31 days after account deletion to allow for recovery.
• Synchronized Data: Retained on our servers while your account exists. If you delete your account, synchronized data will be permanently deleted after a 31-day cooling-off period.
• Cloud Backups: Retained until manually deleted by you, or until account deletion (subject to the 31-day cooling-off period).
• Server Logs: Automatically deleted after 14 days.
• Audit Logs: Retained for 30 days for security monitoring purposes.
• Payment Records: Retained as required by applicable tax and financial regulations.

By default, your data does not leave the region in which it is stored (China, EU, or US). However, limited cross-border data processing may occur in the following circumstances:

• When you contact our customer support team, support personnel in a different region may access your account information to assist you.
• Certain third-party analytics services may process anonymized data in jurisdictions outside your region.

For users in the European Economic Area (EEA): Where cross-border transfers occur, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection.

For users in China: We comply with the requirements of the Personal Information Protection Law (PIPL) regarding cross-border transfers. Your personal information is stored and processed within China by default and is not transferred outside of China unless legally required.

We implement comprehensive technical and organizational security measures to protect your personal information. These measures include:

• (a) Encryption at Rest: AES-256-GCM encryption for server-side data storage, and industry-standard database encryption for local device storage.
• (b) Encryption in Transit: TLS 1.3 for all data transmitted between your device and our servers.
• (c) End-to-End Encryption: Encryption keys derived from your credentials using PBKDF2 key derivation, ensuring that your synchronized data cannot be accessed by unauthorized parties, including our own staff.
• (d) Secure Token Storage: Authentication tokens are stored in platform-native secure storage (iOS Keychain / Android Keystore).
• (e) Database Security: Row-level security policies and strict access controls to prevent unauthorized data access.
• (f) Infrastructure Security: Our cloud infrastructure providers maintain industry-standard security certifications and compliance programs.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right of Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.
• Right to Erasure: You have the right to request deletion of your personal information. When you delete your account, we initiate a 31-day cooling-off period during which you can recover your account. After this period, all your data is permanently deleted from our servers.
• Right to Data Portability: You can export your data in standard formats including CSV, PDF, GPX, and KML through the Application's export features.
• Right to Withdraw Consent: You may withdraw your consent to data processing at any time by disabling specific features (e.g., cloud sync, analytics) in the Application's settings.
• Right to Object: You have the right to object to the processing of your personal information in certain circumstances.

For EU/EEA users, these rights are provided under the General Data Protection Regulation (GDPR). To exercise any of these rights, please contact us at [email protected] or use the relevant features within the Application.

If you have questions or comments about this Privacy Policy, please contact us at:

Bra, LLC.
[email protected]