This Privacy Policy describes how Prometheus One ("we", "us", or "our") collects, uses, and protects information when you use our aviation operations platform, including the Prometheus One web application and iOS crew mobile application (collectively, the "Service").

1. Information We Collect

Information you provide directly

Account information: Name, email address, and password when you create an account.
Crew and operational data: Flight schedules, crew assignments, licence details, duty times, training records, and safety reports that you enter into the platform.
Contact form submissions: Name, email, company name, and message when you request a demo.

Information collected automatically

Usage data: Pages visited, features used, and actions taken within the Service, collected via Plausible Analytics (privacy-friendly, no cookies, no personal tracking).
Device information: Device type, operating system version, and app version for the iOS app, used solely for troubleshooting and compatibility purposes.
Log data: IP address, browser type, and timestamps for security and fraud prevention purposes.

Information we do not collect

We do not collect precise geolocation data.
We do not access your device's contacts, camera, microphone, or photo library unless you explicitly grant permission for a specific feature.
We do not sell your personal information to third parties.
We do not use your data for advertising purposes.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the Service
Authenticate your identity and maintain account security
Process and display operational data you enter (flights, crew, safety reports)
Send transactional emails (account verification, password reset, system notifications)
Respond to support requests and demo inquiries
Monitor platform performance and fix technical issues
Comply with legal obligations

3. AI-Powered Features

Prometheus One uses artificial intelligence (powered by Anthropic Claude) for features including safety report classification, risk correlation, compliance gap analysis, and document extraction. When you use these features, relevant data (such as the text of a safety report) is processed by Anthropic's API to generate results.

Anthropic does not use data submitted via API to train their models. See Anthropic's Privacy Policy for details.

4. Data Storage and Security

Your data is stored securely in our database provided by Supabase, hosted on AWS infrastructure in the EU region. We implement industry-standard security measures including:

Encrypted data transmission (TLS/HTTPS)
Encrypted data at rest
Password hashing with salted SHA-256
Session-based authentication with 8-hour expiry
Role-based access controls limiting data access to authorised users

5. Data Sharing

We share your data only with the following categories of third-party service providers, solely to operate the Service:

Supabase — Database and file storage
Vercel — Web hosting and serverless functions
SendGrid — Transactional email delivery
Anthropic — AI processing for specific features
ForeFlight — Flight planning data sync (only if you connect your ForeFlight account)
Open-Meteo — Weather/wind data (anonymous API calls, no personal data shared)

We do not share your data with any other third parties without your explicit consent, except as required by law.

6. iOS App Specific Disclosures

The Prometheus One iOS crew application:

Offline storage: Flight schedule, crew calendar, training records and safety bulletins are cached locally on your device for offline access during flights. This data is stored in the app's private sandbox and is not accessible to other apps.
Background sync: The app synchronises data with our servers when an internet connection is available. Safety reports created offline are queued and submitted upon reconnection.
Push notifications: If you grant permission, we may send push notifications for schedule updates, safety bulletin publications, and training deadlines. You can disable these at any time in iOS Settings.
No tracking: The iOS app does not use Apple's advertising identifier (IDFA) and does not participate in cross-app tracking.

7. Data Retention

We retain your operational data for as long as your account is active. Safety records, crew licences and compliance documents may be retained for longer periods to meet regulatory requirements applicable to aviation operators (typically 5 years under EASA Part-ORO).

When you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it by law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data ("right to be forgotten")
Portability: Request your data in a machine-readable format
Objection: Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at privacy@prometheusone.app. We will respond within 30 days.

9. Children's Privacy

The Service is intended for use by aviation professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notification at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

Email: privacy@prometheusone.app
Website: prometheusone.app