Privacy Policy

1. Age Verification & Legal Compliance

18+ Only Platform

PilotDate is an exclusive dating platform for verified pilots and aviation professionals. In compliance with federal and state dating service regulations, including:

• Children's Online Privacy Protection Act (COPPA)
• Online Dating Safety Act (various state laws)
• Federal Trade Commission (FTC) guidelines for dating services

We require all users to be at least 18 years of age. During registration, you must:

1. Self-declare that you are 18 years or older
2. Verify your age through government-issued ID (Driver's License or Pilot's License)
3. Accept our Terms of Service confirming legal age

2. License Verification & Document Destruction Policy

How License Verification Works

1. Upload: You upload a photo of your Driver's License or Pilot's License during account verification
2. Manual Review: Admin reviews your documents to verify:
   • Document authenticity (security features, format)
   • Age verification (must be 18+)
   • Name matching (against your registration)
   • For Pilot's License: FAA certificate number validation
3. Immediate Destruction Upon Approval: The moment admin approves your account, the document images are:
   • Permanently deleted from our servers (filesystem)
   • Removed from our database (URLs set to NULL)
   • Destroyed from temporary processing storage
   • Zero trace remaining anywhere in our systems
4. Verification Status: We only store a simple boolean flag: verified = true/false

What We DO NOT Store

• ❌ License images or photos
• ❌ License numbers (Driver's License)
• ❌ Physical addresses from licenses
• ❌ Height, weight, or physical descriptors
• ❌ Any personally identifiable information (PII) from the license beyond name verification

What We DO Store (Pilot Verification Only)

• ✅ FAA Certificate Number (publicly searchable on FAA.gov anyway)
• ✅ Certificate type (Student, Private, Commercial, ATP, CFI, etc.)
• ✅ Verification timestamp
• ✅ Verification status (true/false)

3. Information We Collect

Profile Information (You Provide)

• Username and email address
• Full name and age (18+ verified)
• FAA certificate number (optional, for pilot verification)
• Home airport (ICAO code)
• Aviation certifications (Student, Private, Commercial, ATP, CFI, etc.)
• Aircraft endorsements (Complex, High Performance, Tailwheel, etc.)
• Profile photos
• Bio and profile details
• Flight hours and aviation milestones
• Virtual hangar (aircraft you fly)
• Aviation bucket list

Automatically Collected Information

• IP address (for security and fraud prevention)
• Browser type and device information
• Login timestamps and activity logs
• Feature usage analytics (which features you use)
• Approximate location (for nearby pilot matching - NEVER precise GPS)

Communication Data

• Messages sent through our platform (encrypted)
• Match interactions (likes, passes, super likes)
• Event RSVPs and participation
• Support tickets and feedback

4. How We Use Your Information

• Account Creation & Management: To create and maintain your account
• Matching Algorithm: To connect you with compatible pilots based on location, certifications, and preferences
• Safety & Security: To verify users are real pilots, prevent fraud, and maintain a safe community
• Communication: To enable messaging between matched users
• Feature Access: To provide premium features (Virtual Hangar, Halfway Meetup, Trivia, etc.)
• Platform Improvement: To analyze usage patterns and improve our services (anonymized data only)
• Legal Compliance: To comply with applicable laws and regulations
• Support: To respond to your questions and provide customer service

5. Enterprise-Grade Encryption & Security

End-to-End Encryption

• TLS 1.3 Encryption: All data transmitted between your device and our servers is encrypted using the latest TLS 1.3 protocol (same as banks)
• AES-256 Encryption: All data at rest (stored in our databases) is encrypted using AES-256 encryption
• Message Encryption: Private messages use end-to-end encryption - even we cannot read your messages
• Password Security: Passwords are hashed using bcrypt with salt (we never store plain-text passwords)

Security Certifications & Compliance

• ✅ SOC 2 Type II Compliant infrastructure
• ✅ GDPR Compliant (EU General Data Protection Regulation)
• ✅ CCPA Compliant (California Consumer Privacy Act)
• ✅ PCI DSS Level 1 for payment processing
• ✅ ISO 27001 information security management

Additional Security Measures

• Regular security audits and penetration testing
• 24/7 security monitoring and intrusion detection
• Automatic account lockout after failed login attempts
• Two-factor authentication (2FA) available
• Regular security patches and updates
• Employee background checks and security training
• Limited employee access to user data (need-to-know basis only)

6. Data Sharing & Third Parties

We Share Your Information With:

• Other Users: Only information you choose to display on your public profile (name, photos, bio, aviation credentials)
• Service Providers: Trusted third-party services that help us operate (hosting, analytics, email delivery, payment processing) - all under strict confidentiality agreements
• Law Enforcement: Only when legally required (subpoena, court order, or to prevent harm)
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to users)

We DO NOT Share Your Information With:

• ❌ Advertisers or marketing companies
• ❌ Data brokers
• ❌ Social media platforms (unless you explicitly connect accounts)
• ❌ Anyone for financial gain

Third-Party Services We Use

• Hosting: AWS (Amazon Web Services) - SOC 2 compliant, enterprise encryption
• Payment Processing: Stripe - PCI DSS Level 1 certified
• Email Delivery: SendGrid - GDPR compliant
• Analytics: Self-hosted analytics (NO Google Analytics or tracking pixels)
• Identity Verification: Jumio/Onfido - SOC 2 Type II, zero data retention for documents

7. Data Retention & Deletion

How Long We Keep Your Data

• Active Accounts: We retain your data as long as your account is active
• Inactive Accounts: After 2 years of inactivity, we may delete your account with 30 days notice
• License Documents: Deleted within 60 seconds of verification (NEVER stored)
• Messages: Retained until either user deletes the conversation
• Payment Records: Kept for 7 years (required by tax law)
• Legal Holds: Data subject to legal investigation may be retained longer as required by law

Account Deletion

You can delete your account at any time from Settings → Account Settings → Delete Account. When you delete your account:

1. Your profile becomes immediately inaccessible to other users
2. All your personal data is permanently deleted within 30 days
3. Messages you sent remain visible to recipients (but without your name/photo)
4. Payment history is retained for 7 years (tax compliance) but anonymized
5. You cannot recover your account once deletion is complete

8. Your Privacy Rights

Depending on your location, you may have the following rights:

All Users

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails (we send very few anyway)

California Residents (CCPA)

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we don't sell data)
• Right to non-discrimination for exercising privacy rights

EU Residents (GDPR)

• Right to access your data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

How to Exercise Your Rights

Email us at privacy@pilotdate.com or use the in-app settings. We will respond within 30 days (or sooner if required by law).

9. Cookies & Tracking

We use minimal cookies and tracking technologies to provide our service:

Essential Cookies (Required)

• Session Cookies: Keep you logged in as you navigate the site
• Security Cookies: Detect and prevent fraudulent activity
• Preference Cookies: Remember your settings (dark mode, notification preferences)

Analytics Cookies (Optional)

• Self-Hosted Analytics: We use our own analytics (NOT Google Analytics)
• Anonymized Data: We never track individual users, only aggregate trends
• No Third-Party Trackers: We don't use Facebook Pixel, Google Ads, or any ad tracking

You can disable cookies in your browser settings, but some features may not work properly.

10. Children's Privacy (COPPA Compliance)

If we discover that a user is under 18, we will:

1. Immediately terminate the account
2. Permanently delete all associated data
3. Block the email and IP address from future registration
4. Report to authorities if required by law

If you believe a minor has created an account, please report it immediately to safety@pilotdate.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• New features or services
• Legal or regulatory requirements
• User feedback and improvements

When we make significant changes, we will:

1. Update the "Last Updated" date at the top of this page
2. Notify you via email (if you have notifications enabled)
3. Display a prominent notice on the platform
4. Request your consent for material changes (if required by law)

Your continued use of PilotDate after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We will respond to your inquiry within 30 days (or sooner if required by applicable law).