Aviomentor
LoginRegister
Language
PrivacyTermsCookiesLegal

Privacy Policy

This Policy is provided in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • Spanish Organic Law 3/2018 (LOPDGDD)
  • Law 34/2002 (LSSI-CE), where applicable

1. Data Controller

The data controller responsible for processing your personal data is:

AVIO MENTOR SL

Av. Maisonnave, 41, n° 3

03003 Alicante (Alacant), Alicante

Spain

Email: support@aviomentor.com

We have not appointed a Data Protection Officer, as this is not legally required for our current activities.

2. Categories of Personal Data Collected

Depending on how you use the Service (B2C or B2B), we may collect the following categories of personal data:

2.1 Account and Identification Data

  • Email address
  • Name and surname
  • Country and preferred language
  • License type or training category
  • School affiliation (if applicable)
  • Authentication credentials (via Firebase Authentication)
  • OAuth data if signing in via Google

2.2 Educational and Usage Data

  • Training progress
  • Exam simulation results
  • Answer history and performance metrics
  • Question interaction data
  • Time spent on modules
  • AI chat inputs and generated responses

This data is used exclusively to provide and improve educational services.

2.3 Technical and Device Data

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Log data
  • Cookies and analytics identifiers

This data may be collected automatically through analytics and security systems.

2.4 B2B School-Related Data

If access is provided through a flight school, DTO, or ATO:

  • Student name and email
  • Instructor/administrator contact details
  • School name
  • Billing information (including VAT number where applicable)

Authorized school administrators may access student progress data within their organization.

2.5 Payment and Subscription Data

Payments are processed exclusively through Stripe.

AvioMentor does not store credit card or payment card details.

We may store:

  • Stripe customer ID
  • Subscription status
  • Billing metadata necessary to manage service access

Stripe acts as an independent data controller for payment processing.

3. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

3.1 Performance of a Contract (Art. 6(1)(b) GDPR)

To:

  • Provide access to the platform
  • Manage subscriptions
  • Deliver educational content
  • Provide customer support
  • Maintain user accounts

3.2 Legitimate Interests (Art. 6(1)(f) GDPR)

To:

  • Ensure platform security
  • Prevent fraud and account sharing
  • Detect abuse or unauthorized access
  • Improve system performance

We ensure that our legitimate interests do not override your fundamental rights.

3.3 Consent (Art. 6(1)(a) GDPR)

For:

  • Analytics cookies
  • Microsoft Clarity session analysis
  • Non-essential tracking technologies

Consent can be withdrawn at any time through cookie settings.

3.4 Legal Obligations (Art. 6(1)(c) GDPR)

To comply with:

  • Tax obligations
  • Accounting rules
  • Regulatory requirements

4. Purpose of Processing

We use personal data to:

  • Provide educational and training services
  • Enable exam simulation and progress tracking
  • Manage subscriptions and billing
  • Provide AI-assisted educational support
  • Improve the quality and usability of the Service
  • Maintain security and prevent fraud
  • Comply with legal obligations

We do not use personal data for automated decisions that produce legal or similarly significant effects.

5. AI Processing

If you use AI-based features (such as chat assistance), the data you provide may be processed automatically to generate responses.

AI processing:

  • Is limited to educational assistance
  • Does not replace official regulatory guidance
  • Does not produce legally binding decisions

Users should not submit confidential, sensitive, or proprietary exam materials.

6. Cookies and Analytics

We use:

  • Firebase Analytics
  • Google Analytics
  • Microsoft Clarity
  • Cookiebot (consent management platform)

Analytics tools collect usage and technical data to improve service performance.

Non-essential cookies are activated only upon user consent.

More details are available in our Cookie Policy.

7. International Data Transfers

We use infrastructure and service providers that may process data outside the European Economic Area (EEA), including:

  • Google (Firebase, Analytics, OAuth)
  • Stripe
  • Microsoft (Clarity)
  • Cloudflare
  • Netlify

Where data is transferred outside the EEA, we rely on:

  • European Commission adequacy decisions, or
  • Standard Contractual Clauses (SCCs), or
  • Other lawful transfer mechanisms under GDPR

8. Data Retention

We retain personal data only as long as necessary for the purposes described above.

If a user deletes their account, associated personal data is deleted from active systems without undue delay.

Subscription and invoicing data may be retained as required by tax and accounting law.

Security logs may be retained temporarily for fraud prevention.

9. Account Deletion

Users may delete their account at any time.

Upon deletion:

  • Access to the Service is revoked
  • Personal data stored in active systems is removed
  • Subscription access is terminated

Deletion does not affect data retained under legal obligations (e.g., invoices).

10. Data Sharing

We do not sell personal data.

We may share personal data only with service providers necessary to operate the Service:

  • Google Cloud / Firebase
  • Stripe
  • Microsoft (Clarity)
  • Cloudflare
  • Netlify

If the user is affiliated with a school, performance data may be accessible to authorized school administrators.

11. Security Measures

We implement appropriate technical and organizational measures, including:

  • HTTPS encryption
  • Secure cloud infrastructure
  • Role-based access controls
  • Authentication safeguards
  • API access controls

While we strive to protect personal data, no system can guarantee absolute security.

12. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion
  • Restrict processing
  • Request data portability
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

Requests may be submitted to: support@aviomentor.com

You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

13. Minimum Age

The Service is intended for users aged 16 years or older.

We do not knowingly collect personal data from individuals under 16.

If we become aware that such data has been collected, we will delete it without undue delay.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.

Material changes will be communicated via the website or platform.