We built Avilinkr for aviation professionals. This policy explains exactly what data we collect, why, and how you can control it.
Avilinkr ("we", "our", or "us") operates the Avilinkr platform, a business tool for aviation professionals to manage contacts, aircraft listings, and outreach campaigns. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.
By using Avilinkr you agree to the collection and use of information in accordance with this policy.
We collect the following categories of personal data:
Your name, email address, password (stored hashed), company name, and Air Operator Certificate number if applicable.
Names, email addresses, and phone numbers of your business contacts that you add to the platform.
Email content, subject lines, send history, open and click tracking data.
Aircraft registrations, specifications, images, and availability information you upload.
OAuth access tokens for LinkedIn and WhatsApp Business, stored encrypted, used solely to send content on your behalf.
IP addresses, browser type, pages visited, and timestamps collected automatically via server logs.
When you add contacts to Avilinkr, you are acting as the data controller for their personal data (name, email, phone number). You are responsible for ensuring you have a lawful basis to store and contact those individuals. Avilinkr processes this data solely as a data processor acting on your instructions.
Campaign emails include a tracking pixel and tracked links. Recipients may not be aware of this tracking — it is your responsibility to comply with applicable email marketing laws (e.g. GDPR, CAN-SPAM).
We use the following third-party services to operate the platform:
We retain your account data for as long as your account is active. Campaign and contact data is retained until you delete it or close your account. Integration tokens are deleted immediately when you disconnect an integration.
Upon account deletion, all your data — including contacts, campaigns, aircraft listings, and integration tokens — is permanently deleted within 30 days.
Passwords are stored using bcrypt hashing. OAuth access tokens are stored encrypted at rest. All data in transit is protected by TLS. Our database is hosted in a private network with access restricted by IP allowlisting.
Despite these measures, no system is perfectly secure. We encourage you to use a strong, unique password and to disconnect integrations you no longer use.
If you are located in the European Economic Area, you have the following rights:
Access
Request a copy of the personal data we hold about you.
Rectification
Correct inaccurate data via your profile settings or by contacting us.
Erasure
Request deletion of your account and all associated data.
Portability
Request your data in a machine-readable format.
Objection
Object to processing based on legitimate interests.
To exercise any of these rights, contact us at privacy@avilinkr.com. We will respond within 30 days.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes we will notify you by email.
If you have any questions about this Privacy Policy, please contact us at privacy@avilinkr.com.