Skip to main content

Privacy Policy

Last updated: March 11, 2026

This Privacy Policy describes how FerrLab ("we", "us", "our") collects, uses, and protects your personal data when you use the Airspace virtual airline management platform ("Platform"), in accordance with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados — LGPD, Lei nº 13.709/2018) and the European Union General Data Protection Regulation (EU GDPR, Regulation 2016/679).

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the GDPR provisions in this policy apply to you. If you are located in Brazil, the LGPD provisions apply. Where both frameworks apply, we follow the stricter standard.

1. Data Controller

FerrLab is the data controller responsible for the processing of personal data collected through the Platform.

Contact for data protection inquiries:

2. Personal Data We Collect

2.1. Data You Provide

  • Account data: Name, email address, password (stored hashed via bcrypt), and language preference.
  • Profile data: Current airport location, base (home) airport, and profile picture (optional).
  • Tenant onboarding data: Virtual airline name, subdomain, logo, banner image, and administrator credentials during self-service Tenant creation.
  • Spotter photos: Aircraft or airport photographs submitted for review.
  • Livery files: Simulator-specific aircraft livery archives (zip/rar/7z, up to 512 MB each) uploaded by staff, including the original filename, file size, and the identity of the uploader.
  • Career applications: Rank promotion requests, including eligibility data at the time of application.
  • Exam answers: Responses submitted during exams, including free-text answers, multiple-choice selections, and true/false answers, along with scores, grades, and completion timestamps.
  • Chat messages: Messages sent through the vOCC chat system during active flights.

2.2. Data Collected Automatically

  • Flight telemetry: Position (latitude, longitude), altitude (MSL and AGL), heading, pitch, bank, ground speed, indicated and true airspeed, vertical speed, gear and flap state, engine parameters (up to 4 engines: firing state, N1), fuel weight, G-force, transponder code, COM frequencies, wind data, QNH, simulator rate, paused/slew/crashed flags, landing rate, detected flight phase, and timestamps — transmitted by ACARS clients at regular intervals during active flights.
  • Flight records: Airline, flight number, departure and arrival airports, aircraft, block times, flight time, distance, landing rate, passenger count, cargo weight, network detection (VATSIM/IVAO), diversion status, and approval outcome.
  • Points transactions: Every Points award and deduction is recorded with type, amount, reason, source reference, and timestamp.
  • License history: License status changes (active, expired, suspended, revoked), issuance dates, renewal dates, and issuing staff identity.
  • Career history: Rank changes, promotion applications, reviewer decisions and notes, inactivity evaluations.
  • Usage data: Pages visited, features used, and interaction timestamps.
  • Analytics data: Page views, button clicks, form submissions, navigation events, and session replays collected by Amplitude for product analytics and user experience improvement. A composite user identifier (tenant_id:user_id) is sent to Amplitude to distinguish users across tenants.
  • Google Analytics data: Page views, session data, traffic sources, geographic region (country/city level), device type, browser type, and interaction events collected by Google Analytics (Google Tag Manager, measurement ID G-CP1QBFWEKQ) on the public landing page for website traffic analysis and marketing performance measurement. Google may use cookies (_ga, _ga_*) to distinguish unique visitors. Google Analytics (Google Tag Manager) collects aggregated page views, traffic sources, geographic region, device category, and session duration on the public landing page for website analytics and marketing insights.
  • Device data: Browser type, operating system, and screen resolution (via standard HTTP headers).
  • Error data: Application errors and performance metrics collected through Sentry.
  • CAPTCHA data: Cloudflare Turnstile collects browser challenge tokens and may process your IP address, browser characteristics, and interaction patterns to distinguish real users from bots on login, registration, and Tenant creation forms.

2.3. Data from Third Parties

  • Discord: User ID, username, avatar, and guild membership when you authorize the Discord integration via OAuth (identify and guilds.join scopes).
  • VATSIM/IVAO: Public network presence data (callsign, position) used for network detection during active flights.
  • SimBrief: Operational flight plan data (route, fuel, weather, payload) when you import a flight plan.

We process your personal data under the following legal bases:

PurposeLGPD (Art. 7)GDPR (Art. 6(1))
Account creation, authentication, and email verificationPerformance of contract (II)Performance of contract (b)
Flight record storage and telemetry processingPerformance of contract (II)Performance of contract (b)
FDM analysis and flight approvalPerformance of contract (II)Performance of contract (b)
Points economy (awards, deductions, transactions)Performance of contract (II)Performance of contract (b)
Pilot performance ratings (5 categories + composite, percentile within airline)Performance of contract (II)Performance of contract (b)
Career progression and inactivity evaluationPerformance of contract (II)Performance of contract (b)
License management and renewalPerformance of contract (II)Performance of contract (b)
Exam administration, answer storage, and scoringPerformance of contract (II)Performance of contract (b)
AI-assisted exam grading (OpenRouter)Performance of contract (II)Performance of contract (b)
Booking management and expirationPerformance of contract (II)Performance of contract (b)
Repositioning bounties and ferry flight operationsPerformance of contract (II)Performance of contract (b)
Spotter photo submission and moderationPerformance of contract (II)Performance of contract (b)
Livery file storage and distributionPerformance of contract (II)Performance of contract (b)
vOCC AI dispatch (weather, arrival, chat, DCT)Performance of contract (II)Performance of contract (b)
Speech synthesis for cabin announcementsPerformance of contract (II)Performance of contract (b)
Error tracking and platform reliability (Sentry)Legitimate interest (IX)Legitimate interest (f)
Product analytics and session replay (Amplitude)Legitimate interest (IX)Legitimate interest (f)
Website traffic analysis (Google Analytics)Legitimate interest (IX)Legitimate interest (f)
Discord OAuth and guild integrationConsent (I)Consent (a)
VATSIM/IVAO network detectionConsent (I)Consent (a)
SimBrief flight plan importConsent (I)Consent (a)
CAPTCHA bot protection (Cloudflare Turnstile)Legitimate interest (IX)Legitimate interest (f)
Email and in-app notificationsConsent (I)Consent (a)
Legal complianceLegal obligation (II)Legal obligation (c)

Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.

4. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Platform's core functionality (account verification, bookings, flights, telemetry);
  • Process flight records, run FDM analysis, and determine flight approval status;
  • Manage the Points economy (awards, deductions, balance tracking);
  • Evaluate career progression eligibility, process rank applications, and enforce inactivity rules;
  • Manage license lifecycle (issuance, renewal evaluation, expiration);
  • Administer exams, record answers and scores, and determine pass/fail outcomes;
  • Send free-text exam answers to AI services (OpenRouter) for grading assistance when enabled by the Administrator;
  • Enforce restrictions on bookings and dispatch (license, rank, and parameter requirements);
  • Create and manage repositioning bounties and ferry flight operations;
  • Power the vOCC AI dispatch system (weather advisories, arrival information, direct-to suggestions, pilot chat);
  • Generate text-to-speech cabin announcements from flight context templates;
  • Enable third-party integrations you authorize (Discord, SimBrief, VATSIM, IVAO, Hoppie);
  • Moderate user-generated content (spotter photo review, livery management);
  • Display pilot information on the public roster and live flight tracker;
  • Send operational notifications (flight status, rank changes, booking updates, ferry assignments, license renewals);
  • Monitor and improve Platform performance and reliability;
  • Comply with legal obligations.

5. Automated Decision-Making

The Platform performs the following automated processing that may affect your experience:

Automated ProcessEffectFrequency
FDM flight analysisAwards/deducts Points; routes flights to approval or rejectionAfter each flight
Flight auto-approvalAccepts clean flights without staff review (when enabled)After each flight
Inactivity evaluationDemotes Pilots without recent accepted flights to a fallback rankDaily
License renewalEvaluates flight-based and Points-based renewal conditions; expires non-compliant licensesDaily
Booking expirationRemoves expired bookings and releases associated resourcesHourly
Repositioning bountiesCreates bounties for idle aircraft; relocates aircraft on expiryHourly
Ferry window cascadeReassigns ferry legs when assigned Pilot's time window expiresEvery 5 minutes
Exam auto-gradingScores multiple-choice and true/false questions automatically; sends free-text answers to AI for grading assistance (when enabled)Upon exam submission
vOCC triggersSends weather, arrival, and route advisories during active flightsEvery 2 minutes
Discord membership verificationRe-assigns missing roles; clears identifiers for members who left the guildHourly
Discord auto-kick (when enabled)Removes Discord guild members not enrolled in the TenantHourly

All automated decisions are configured by the Tenant Administrator. Under both LGPD (Art. 20) and GDPR (Art. 22), you have the right to request human review of automated decisions that significantly affect you. Contact your Tenant Administrator or email [email protected] to request a review.

6. Data Sharing

6.1. Within Tenants

Your profile, flight records, Points balance, career status, exam performance (answers, scores, and completion data), and activity within a Tenant are visible to that Tenant's Administrators and staff. Depending on Tenant configuration, other Pilots may see your roster profile, live flights, and rankings.

Privacy Controls: You can manage how your information is displayed via Settings → Privacy:

  • Presence: Make your profile invisible to non-staff users. You will still be counted in aggregate statistics, but your profile will not appear in the roster, search results, staff lists, or any public-facing pages.
  • Name Display: Choose how your name appears to public visitors (unauthenticated) and to logged-in airline members separately. Options include full name, first name with last initial, or initials only.
  • Profile Picture: Control who can see your profile picture — everyone, logged-in members only, staff only, or remove it entirely.

Staff (Administrators and Operations Staff) always have access to your full name, email, and profile for operational purposes.

6.2. Third-Party Services

We share data with third parties only as necessary to provide Platform features:

ServiceData SharedPurpose
Cloudflare TurnstileBrowser challenge token, IP address, browser characteristicsBot protection on login, registration, and Tenant creation forms
AmplitudePage views, click events, navigation events, session replays, composite user identifier (tenant_id:user_id), tenant ID, user name, email, localeProduct analytics and user experience improvement
Google AnalyticsPage views, session data, traffic sources, geographic region, device and browser type, interaction eventsLanding page traffic analysis and marketing measurement
SentryError reports, performance tracesPlatform reliability monitoring
DiscordUser ID (via OAuth), guild member lists (for membership verification), Tenant announcements, flight notifications, ranking embeds, spotter photo embeds, staff alerts, contact form messagesGuild integration, bot-managed role assignment, membership verification, notifications
OpenRouterFlight context (position, weather, airport info, flight plan, ACARS message history); free-text exam answers and expected responses (when AI grading is enabled)AI-powered vOCC dispatch; AI-assisted exam grading
ElevenLabsAnnouncement text scripts (no personal data)Text-to-speech cabin announcements
HoppieACARS text messages (weather advisories, dispatch messages)Message relay to flight simulator clients
VATSIM/IVAOCallsign lookupNetwork presence detection
SimBriefFlight plan request parametersOperational flight plan import

6.3. Public API

The Platform's public API exposes the following data without authentication (rate-limited to 60 requests/minute):

  • Pilot roster: Name displayed according to each pilot's privacy settings (default: first name and last-name initial, e.g. "John D."). Pilots who have enabled invisible mode are excluded entirely. Full names and email addresses are never exposed.
  • Live flights: Pilot name displayed according to privacy settings, callsign, aircraft type and registration, route, and real-time position (latitude, longitude, altitude, heading, speed, phase). Invisible pilots are excluded.
  • Pilot performance ratings: When the Tenant has enabled public visibility, the public API exposes the pilot's overall composite score (0-10), per-category scores, tier badge, and percentile rank within the airline. Pilots who have enabled invisible mode OR opted out of performance visibility specifically (/settings/privacy → Performance Ratings) are excluded entirely. Aggregate percentile data (e.g. "top 15% of your airline") never identifies other pilots by name.
  • Operational data: Airlines, airports, and fleet information.

Tenant Administrators configure the availability of public API data.

6.4. Discord Channels

The Platform operates a Discord bot that, when authorized by the Administrator, joins the Tenant's Discord guild and performs the following:

  • Sends new Tenant creation announcements (airline name, domain, admin email);
  • Sends contact form submissions from the public landing page;
  • Sends flight start and completion notifications (pilot name, route, aircraft, flight number, landing rate);
  • Sends daily and monthly pilot rankings (top pilots by points, flights, and hours);
  • Sends approved spotter photo embeds (photo image, subject, photographer name);
  • Sends aircraft grounding staff alerts (registration, location, reason) and return-to-service notifications;
  • Sends alternate (diversion) staff alerts (pilot name, original route, diversion airport, aircraft, reason);
  • Assigns configured Discord roles to Pilots who join the guild via OAuth;
  • Verifies guild membership hourly — re-assigns missing roles for enrolled members and clears stored Discord identifiers for members who have left;
  • When enabled by the Administrator, removes ("auto-kicks") guild members who are not enrolled in the Tenant (bots and members with non-pilot roles are never removed).

We may disclose your data when required by law, court order, or to protect the rights and safety of our users and the Platform.

7. International Data Transfers

Some third-party services we use are based outside Brazil and the EEA. When personal data is transferred internationally, we ensure appropriate safeguards are in place as required by LGPD Art. 33 and GDPR Art. 44–49, including:

  • Standard contractual clauses (SCCs) approved by the European Commission;
  • Transfers to countries with adequate data protection levels as recognized by the ANPD or the European Commission;
  • Explicit consent where applicable.

The following services process data outside Brazil and the EEA: Amplitude (United States), Cloudflare (United States/Global), Google Analytics (United States), Sentry (United States), Discord (United States), OpenRouter (United States), ElevenLabs (United States/Europe), Hoppie (Europe).

8. Data Retention

Data TypeRetention Period
Active account dataDuration of account existence
Flight records and telemetryDuration of Tenant existence
Points transaction ledgerDuration of Tenant existence
Career history and rank applicationsDuration of Tenant existence
Exam attempts, answers, and scoresDuration of Tenant existence
License issuance and renewal historyDuration of Tenant existence
Spotter photos (approved)Duration of Tenant existence
Livery files (up to 512 MB each)Duration of Tenant existence (deleted when the associated aircraft is removed)
Speech audio fragments (cached)Duration of Tenant existence
vOCC message logsDuration of Tenant existence
Error logs (Sentry)90 days
Deleted account dataPermanently erased upon deletion
Deleted Tenant data30 days after termination, then permanently erased

When a user account is deleted, the following data is permanently removed: flights, Points transactions, license associations, career logs, exam attempts and answers, authentication tokens, and profile picture. Active bookings are cancelled.

9. Your Rights

9.1. Under the LGPD (Art. 18) — Brazil

As a data subject under the LGPD, you have the right to:

  1. Confirmation — Confirm whether we process your personal data.
  2. Access — Obtain a copy of your personal data.
  3. Correction — Request correction of incomplete, inaccurate, or outdated data.
  4. Anonymization, blocking, or deletion — Request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD.
  5. Portability — Request portability of your data to another service provider, in accordance with ANPD regulations.
  6. Deletion — Request deletion of personal data processed with your consent.
  7. Information about sharing — Be informed about public and private entities with which we share your data.
  8. Consent withdrawal — Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
  9. Opposition — Object to processing carried out under legal bases other than consent when there is non-compliance with the LGPD.
  10. Review of automated decisions — Request review of decisions made solely through automated processing that affect your interests.

9.2. Under the GDPR (Art. 15–22) — EEA, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have the following additional or equivalent rights:

  1. Right of access (Art. 15) — Obtain confirmation and a copy of your personal data, including information about processing purposes, categories, recipients, and retention periods.
  2. Right to rectification (Art. 16) — Request correction of inaccurate personal data without undue delay.
  3. Right to erasure ("right to be forgotten") (Art. 17) — Request deletion of your personal data when it is no longer necessary, you withdraw consent, or you object to processing.
  4. Right to restriction of processing (Art. 18) — Request restriction of processing while we verify the accuracy of your data, the lawfulness of processing, or your objection.
  5. Right to data portability (Art. 20) — Receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) and transmit it to another controller.
  6. Right to object (Art. 21) — Object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
  7. Rights related to automated decision-making (Art. 22) — Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects, and to obtain human intervention, express your point of view, and contest the decision.

To exercise any of these rights, email us at [email protected]. We will respond within 15 days (LGPD) or 30 days (GDPR).

10. Data Security

We implement technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS);
  • Hashed passwords (bcrypt);
  • Role-based access control (RBAC) via Bouncer for backoffice operations;
  • Multi-tenant data isolation — each Tenant operates on a separate database;
  • Secure, encrypted storage of third-party OAuth tokens and Discord user IDs;
  • Content-addressed storage for speech fragments (SHA-256 hash deduplication);
  • Audit logging for staff actions (flight approvals, license assignments, rank changes, Points awards);
  • Regular security monitoring and error tracking via Sentry.

11. Cookies

The Platform uses essential cookies for session management and authentication. These are strictly necessary for the Platform to function and do not require consent under the LGPD or GDPR.

Cloudflare Turnstile may set cookies or use local storage as part of its bot detection mechanism. These are strictly necessary for security and do not require consent.

Amplitude may use cookies or local storage to maintain session identity and track usage across page views. These are used for product analytics and are not used for advertising.

Google Analytics sets cookies (e.g., _ga, _ga_*) on the public landing page to distinguish unique visitors, track session duration, and measure traffic sources. These cookies are used for website analytics and are not used for advertising.

The Platform does not use advertising cookies.

12. Children's Data

The Platform is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without appropriate consent, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or by email. The "Last updated" date at the top indicates the most recent revision.

14. Data Protection Authorities

If you believe your data protection rights have been violated, you have the right to file a complaint with the relevant supervisory authority:

  • Brazil (LGPD): Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd
  • EU/EEA (GDPR): Your local Data Protection Authority. A list is available at edpb.europa.eu.

15. Contact

For questions about this Privacy Policy or to exercise your data protection rights, contact us at: