Privacy Policy

1. Introduction

At ChordApp.io (“we,” “our,” or “us”), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our flight syndicate management platform.

2. Information We Collect

A. Information You Provide

We collect information you provide directly to us, such as when you create or update your profile, log a flight, manage bookings, or communicate with us. This includes your full name, email address, phone number, nationality, and aviation-related data (e.g., licence info, medical expiry).

B. Information from Third-Party Services (OAuth)

If you choose to register or log in using a third-party service such as Google, we may receive information from that service. This typically includes your name, email address, and profile picture. We use this information only to create and manage your account and to provide a personalised experience.

C. Aviation and Financial Data

As part of our core service, we process flight logs, aircraft registrations, engine hours, and transaction history related to your syndicate memberships. This data is essential for accurate billing and schedule management.

D. Payment and Banking Data

When you set up a Direct Debit mandate through our payment provider GoCardless, GoCardless collects and processes your bank account details (including account number and sort code), account holder name, and billing address directly via their secure payment pages. We do not store your full bank account details on our own systems. Please refer to Section 4 for more information about how GoCardless handles this data.

E. Phone Number and WhatsApp Message Content (Optional)

If you choose to enable WhatsApp notifications, we will use the phone number stored in your profile to send you notifications via Twilio and the WhatsApp platform. The content of those messages may include booking details, payment information, and group announcements. This processing occurs only where you have given your explicit consent by enabling the feature, and you may withdraw consent at any time by disabling it in your account settings.

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain our services, including flight logging and scheduling.
• To automate syndicate billing and financial transparency, including the collection of payments via Direct Debit.
• To send administrative information, such as booking confirmations, group announcements, and advance payment notifications as required under the Direct Debit scheme.
• To send WhatsApp notifications where you have opted in to that feature.
• To provide weather insights and flight briefings using AI technology (e.g., Google Gemini).
• To ensure the security and integrity of our platform.

4. Data Sharing and Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

• Within Your Syndicate: Your name, contact details, and flight data are shared with other members and administrators of the specific syndicate(s) you join.
• Service Providers: We use third-party vendors to facilitate our services, including:
  • Supabase: For database hosting and authentication services.
  • Resend: For transactional email delivery.
  • Google Cloud: For AI-driven weather analysis and infrastructure.
  • GoCardless Ltd: For payment processing and Direct Debit mandate management. GoCardless is authorised by the Financial Conduct Authority and acts as an independent data controller in respect of the personal and banking data you provide when setting up a Direct Debit mandate. This means GoCardless has its own obligations to you under UK data protection law. We recommend reviewing GoCardless's Privacy Policy to understand how they handle your data.
  • Twilio Inc.: Where you have enabled WhatsApp notifications, your phone number and notification content are transmitted via Twilio's communications infrastructure. Twilio acts as a data processor on our behalf. Messages are then delivered through the WhatsApp platform, which is operated by Meta Platforms, Inc. Meta acts as an independent data controller in respect of data processed through the WhatsApp platform and is subject to its own privacy policy. We recommend reviewing Twilio's Privacy Policy and Meta's Privacy Policy if you enable this feature.
• Legal Requirements: If required by law, we may disclose your information to comply with legal obligations or protect our rights.

5. Data Security

We implement industry-standard security measures, including encryption and secure authentication protocols, to protect your data. Payment and banking data is handled exclusively by GoCardless via their PCI-DSS compliant infrastructure and is never transmitted through or stored on our own servers. WhatsApp notifications are transmitted via Twilio's encrypted infrastructure. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, or delete your information. You can update your profile details directly within the Pilot Portal or contact us for assistance.

GoCardless: If you wish to cancel your Direct Debit mandate or exercise data rights in relation to information held by GoCardless, you should contact GoCardless directly at [email protected] or visit their Privacy Policy.

WhatsApp notifications:You may withdraw consent for WhatsApp notifications at any time by disabling the feature in your account settings. This will stop any further transmission of your data to Twilio for this purpose. For data already held by Meta in connection with your WhatsApp account, please refer to Meta's privacy controls within the WhatsApp application.

7. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please get in touch using our contact form.