Privacy Policy

1. Introduction

This Privacy Policy explains how AFRA and Causal Ventures FlexCo collect, process, store, protect, use, disclose, and transfer personal information when you access or use AFRA.

This Privacy Policy applies to AFRA web applications, mobile applications, websites, flight school portals, club portals, APIs, document management systems, assessment systems, and AI services. By using AFRA, you acknowledge the processing of your personal data as described in this Privacy Policy.

2. Data Controller

Data Controller: Causal Ventures FlexCo, Eigenhofen 4c, 6170 Zirl, Austria. Company Registration: FN 668045w. Email: info@causal.cc.

3. Personal Data We Collect

AFRA may collect and process the following categories of personal data:

A. Account Information: name, email address, phone number, username, password credentials, organization affiliation, flight school affiliation, and club affiliation.

B. Pilot Information: pilot licence number, licensing authority, ratings, endorsements, flight experience, currency information, instructor information, and qualification records.

C. Aircraft Information: registration number, aircraft type, aircraft model, aircraft ownership information, and aircraft documentation.

D. Uploaded Documents: pilot licences, medical certificates, radio licences, insurance certificates, aircraft records, maintenance records, operational documents, club documents, and flight school documents.

E. Assessment Information: risk assessments, readiness assessments, safety assessments, flight planning information, user inputs, and assessment results.

F. Technical Information: IP addresses, device information, browser information, operating system information, usage logs, session information, and security logs.

4. Special Category Data

Certain uploaded documents may contain special category personal data under Article 9 GDPR, such as medical certificates, medical limitations, fitness information, and health-related licence restrictions.

AFRA processes such information only with explicit user consent, where uploaded voluntarily by the user, and for the purpose of providing requested services. Users are not required to upload medical information and remain responsible for determining what information they upload.

5. Purposes of Processing

AFRA processes personal data to provide the Service; create user accounts; authenticate users; manage subscriptions; manage pilot, aircraft, flight school, and club profiles; store documents; perform OCR processing; perform AI analysis; generate assessments, reminders, and renewal tracking; improve safety analytics; provide customer support; detect fraud; improve security; and comply with legal obligations.

6. Legal Basis for Processing

AFRA processes personal data under one or more of the following GDPR legal bases: Article 6(1)(a) GDPR (consent); Article 6(1)(b) GDPR (performance of a contract); Article 6(1)(c) GDPR (legal obligation); and Article 6(1)(f) GDPR (legitimate interests). Where special category data is processed, Article 9(2)(a) GDPR (explicit consent) applies.

7. AI Processing

AFRA may use artificial intelligence systems to classify documents, extract information, analyze assessments, and generate recommendations, risk indicators, and operational insights. AI-generated outputs may be inaccurate, and users remain responsible for verifying all outputs.

AFRA does not make automated decisions with legal effect within the meaning of Article 22 GDPR. AFRA provides decision-support functionality only.

8. Third-Party Service Providers

AFRA may use third-party providers including cloud hosting providers, database providers, AI providers, OCR providers, analytics providers, payment processors, security providers, and infrastructure providers. Such providers may process personal data solely for legitimate business purposes related to operation of AFRA.

9. International Data Transfers

AFRA may transfer personal data outside the European Economic Area. Where such transfers occur, AFRA shall implement appropriate safeguards, including where applicable Standard Contractual Clauses, adequacy decisions, contractual safeguards, and technical safeguards.

10. Data Retention

AFRA retains personal data only for as long as necessary to provide services, fulfill contractual obligations, comply with legal requirements, resolve disputes, enforce agreements, and improve services. Retention periods may vary depending on data category. AFRA may permanently delete inactive accounts and associated data after reasonable retention periods.

11. Security Measures

AFRA implements commercially reasonable technical and organizational measures designed to protect personal data, which may include encryption, access controls, authentication controls, audit logging, backup procedures, and monitoring systems. No system can be guaranteed to be completely secure, and users acknowledge the inherent risks of internet-based systems.

12. Data Breaches

AFRA maintains procedures for responding to suspected security incidents. Where legally required, AFRA will notify affected users and competent supervisory authorities in accordance with applicable law.

13. User Rights Under GDPR

Users may have the right to access personal data; correct personal data; delete personal data; restrict processing; object to processing; withdraw consent; data portability; and lodge a complaint with a supervisory authority. Requests may be submitted to info@causal.cc.

14. Anonymized and Aggregated Data

AFRA may create anonymized, aggregated, statistical, and de-identified datasets for analytics, benchmarking, safety research, trend analysis, machine learning, AI model improvement, publications, commercial reporting, investor reporting, and product development. Such data shall not intentionally identify individual users.

15. Flight Schools and Clubs

Where AFRA is used by a flight school, club, operator, or organization, administrators may have access to user information, assessment information, compliance information, and renewal information. Users acknowledge such organizational access when joining an organization within AFRA.

16. Children

AFRA is not intended for individuals under the age of 18. AFRA does not knowingly collect personal information from children.

17. Cookies and Tracking

AFRA may use cookies, analytics technologies, authentication technologies, and similar technologies. Additional information is available in the AFRA Cookie Policy.

18. Changes to This Privacy Policy

AFRA may modify this Privacy Policy from time to time. Updated versions may be published through the Service. Continued use of AFRA constitutes acceptance of such changes.

19. Contact

Causal Ventures FlexCo, Eigenhofen 4c, 6170 Zirl, Austria. FN 668045w. Email: info@causal.cc.