Privacy Policy
Last updated: March 28, 2026
1. Introduction
This Privacy Policy describes how Aeris Studio (hereinafter "we," "our," or "Aeris Studio"), represented by Cameron GERARD, collects, uses, stores, and protects your personal data when you use the website aerislog.com (hereinafter the "Website") and the AerisLog mobile application (hereinafter the "Application").
AerisLog is an electronic pilot logbook designed to comply with EASA FCL.050 requirements, which justifies the nature and scope of the aviation data collected.
Data Controller: Aeris Studio - Cameron GERARD 200 Rue de la Croix Nivert, 75015 Paris, France Email: contact@aerislog.com
Aeris Studio has not appointed a Data Protection Officer (DPO). Any questions regarding data protection may be addressed directly to the data controller at the above address.
2. Data Collected
2.1 Data Provided by the User
| Category | Data | Nature |
|---|---|---|
| Account | Email address, last name, first name | Email required, name optional |
| Profile | Phone number, postal address, country, profile photo | Optional |
| Flights | Date, departure/arrival airports, aircraft, flight times (total, night, IFR, PIC, copilot, dual, instructor, MCC, FSTD, cloud flying), landings (day/night), flight rules, pilot function, crew, passengers, remarks | User-entered |
| Qualifications | Licenses, medical certificates, type ratings, issue and expiry dates, document photos | User-entered |
| Signatures | Electronic signature images | User-entered |
| Aircraft | Registration, manufacturer, model, type | User-entered |
| Contacts | Last name, first name, email, phone, notes | User-entered |
| Historical totals | Cumulative flight times from paper logbook migration | User-entered |
Camera and photo library access: The Application may access your device's camera and photo library to capture photos of validity documents (licenses, certificates). These photos are stored locally and synced to Firebase.
Fields not collected: The Application database contains fields for date of birth and pilot license number. These fields are not actively collected or processed at this time. If activated in a future version, this policy will be updated accordingly.
2.2 Data Collected Automatically
| Category | Data | Nature |
|---|---|---|
| Crash reports | Technical device information, error logs (Firebase Crashlytics) | Automatic |
| Usage analytics | Anonymized usage events (Firebase Analytics) | Automatic |
| Subscription | Subscription status, product ID, purchase and expiry dates (via RevenueCat) | Automatic |
3. Legal Bases for Processing
In accordance with Article 6 of the General Data Protection Regulation (GDPR), your data is processed on the following legal bases:
| Legal basis | Processing activities |
|---|---|
| Performance of a contract (Art. 6.1.b) | Account management, provision of the logbook service, cloud synchronization, subscription management |
| Legitimate interest (Art. 6.1.f) | Usage analytics (Firebase Analytics), crash detection and resolution (Firebase Crashlytics), service improvement and security |
Processing based on legitimate interest (analytics and crash reports) is enabled by default. You may disable these at any time in the Application settings.
4. Purposes of Processing
Your data is collected and processed for the following purposes:
- Providing the electronic pilot logbook service
- Synchronizing your data across devices via the cloud
- Managing your user account and profile
- Sending local notifications (validity expiry alerts)
- Managing subscriptions and payments
- Improving the service through anonymized usage analytics
- Detecting and resolving technical issues
- Validating promotional codes
5. Storage and Hosting
5.1 Local Storage
Your data is stored locally on your device in a SQLite database within the Application's private directory (inaccessible to other applications).
5.2 Cloud Storage
Your data is synchronized to Google Firebase servers located exclusively within the European Union:
- europe-west1 - Belgium (Saint-Ghislain)
- europe-west9 - France (Paris)
Your aviation data is stored exclusively within the European Union.
Certain service providers (RevenueCat for subscription management, Vercel for website hosting) may process limited data outside the EU under appropriate safeguards (Standard Contractual Clauses, in accordance with Article 46.2.c of the GDPR).
6. Third-Party Services
We use the following third-party service providers to operate the service:
| Service | Provider | Purpose | Data processed | Location |
|---|---|---|---|---|
| Firebase Authentication | Google Ireland Ltd | Authentication | Email, name, password hash | EU |
| Cloud Firestore | Google Ireland Ltd | Data synchronization | User aviation data | EU (ew1/ew9) |
| Firebase Storage | Google Ireland Ltd | File storage | Aircraft registry databases, document photos | EU |
| Firebase Crashlytics | Google Ireland Ltd | Crash reporting | Device info, error logs | EU |
| Firebase Analytics | Google Ireland Ltd | Usage analytics | Anonymized events | EU |
| Firebase Remote Config | Google Ireland Ltd | Remote configuration | No personal data | EU |
| Cloud Functions | Google Ireland Ltd | Promo code validation | Submitted promotional code | EU (ew1) |
| RevenueCat | RevenueCat Inc. (US) | Subscription management | User ID, purchase data | US (*) |
| Google Sign-In | Google Ireland Ltd | Authentication | Google ID token | EU |
(*) RevenueCat Inc. is based in the United States. Data transfers are governed by Standard Contractual Clauses (SCCs) in accordance with Article 46.2.c of the GDPR.
7. Data Retention
| Data | Retention period |
|---|---|
| Account and aviation data | As long as the account is active. Immediate deletion upon request. |
| Deleted data (trash) | Retained locally until the next synchronization, then permanently deleted |
| Crash reports (Crashlytics) | 90 days (Google default) |
| Usage analytics (Analytics) | 14 months (Google default) |
8. User Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- Right of access (Art. 15) - obtain confirmation that your data is being processed and receive a copy
- Right to rectification (Art. 16) - correct inaccurate or incomplete data
- Right to erasure (Art. 17) - request the deletion of your data
- Right to data portability (Art. 20) - retrieve your data in a structured format (PDF export available in the Application)
- Right to object (Art. 21) - object to processing based on legitimate interest (analytics and crash reports can be disabled in the Application settings)
- Right to restriction of processing (Art. 18) - request restriction of processing in certain circumstances
No automated decision-making within the meaning of Article 22 of the GDPR is carried out based on your data.
To exercise your rights: send an email to contact@aerislog.com. We will respond within 30 days.
Complaint: You also have the right to lodge a complaint with the French data protection authority (CNIL): www.cnil.fr
9. Account Deletion
You may delete your account at any time from the Application settings. Deletion results in:
- Permanent deletion of all your data from Firebase servers (Firestore and Storage)
- Deletion of all your local data on your device
- Deletion of your Firebase Authentication account
This operation is irreversible. We recommend performing a PDF export of your data before proceeding with deletion.
10. Data Breach Notification
In the event of a personal data breach, Aeris Studio will notify the CNIL within 72 hours in accordance with Article 33 of the GDPR. If the breach is likely to result in a high risk to your rights and freedoms, you will also be informed without undue delay.
11. Cookies and Trackers
The website aerislog.com is a marketing website that does not use tracking cookies or third-party analytics tools. Only strictly necessary cookies for the technical operation of the site may be used.
If analytics tools are added in the future, a consent mechanism compliant with applicable regulations will be implemented beforehand.
12. Minors
The Application is open to users of all ages. In accordance with Article 8 of the GDPR and French legislation, users under 15 years of age must obtain authorization from their parent or legal guardian to create an account and use the service.
13. Security
We implement the following security measures to protect your data:
- Encryption of data in transit (HTTPS/TLS)
- Local storage in the Application's private directory (OS-level sandboxing)
- Secure authentication via Firebase Authentication (no plaintext password storage)
- Server-side security rules (Firestore Security Rules)
- Servers hosted within the European Union
14. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time. In the event of a material change, users will be notified via the Application or by email. The last updated date is shown at the top of this document.
15. Contact
For any questions regarding this Privacy Policy or your personal data:
Aeris Studio Cameron GERARD 200 Rue de la Croix Nivert, 75015 Paris, France Email: contact@aerislog.com