Privacy Policy

Last updated: 1 February 2026

easyYAW ("we", "us", "our") operates the easyYAW platform at easyyaw.com and app.easyyaw.com. This policy explains what personal data we collect, why we collect it, and your rights under the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for personal data processed through the easyYAW platform is:

easyYAW s.r.o.
Registered in the Czech Republic
Email: privacy@easyyaw.com

If you have questions about this policy or your data, please contact us at the address above. We aim to respond to all privacy-related inquiries within 30 days.

2. Data We Collect

• Account data: email address, name, and password hash when you register.
• Flight data: logbook entries, GPX tracks, and flight details you enter.
• Training data: sign-offs, authorizations, and training progress records.
• PKI data: your X.509 certificate and ECDSA public key (your private key never leaves your device).
• Organization data: duty records, reservations, and documents if you belong to an organization.
• Technical data: IP address, browser type, and session data for security and fraud prevention.

3. Legal Basis for Processing

• Contract performance (Art. 6(1)(b) GDPR) — to provide the service you signed up for.
• Legitimate interests (Art. 6(1)(f) GDPR) — security monitoring, fraud prevention, and service improvement.
• Consent (Art. 6(1)(a) GDPR) — for optional cookies and marketing communications.
• Legal obligation (Art. 6(1)(c) GDPR) — where required by applicable law.

4. Data Storage and Transfers

All data is stored on servers located within the European Union. We do not transfer personal data outside the EEA without appropriate safeguards. We do not sell your data to third parties.

4a. Sub-Processors

We engage the following third-party sub-processors to help deliver the service. All sub-processors are bound by data processing agreements and operate within the scope of GDPR.

• Hetzner Online GmbH (Germany) — cloud infrastructure and data hosting. All easyYAW data is stored on servers in the EU.
• Plausible Analytics (Estonia) — cookieless, privacy-preserving website analytics. No cross-site tracking, no personal data collected.
• Cloudflare, Inc. (EU nodes) — CDN, DDoS protection, and TLS termination. Traffic-level data is processed in accordance with Cloudflare's GDPR commitments.

We periodically review sub-processor relationships. Material changes to this list will be communicated to affected users.

5. Data Retention

We retain account data for as long as your account is active. PKI-signed records (sign-offs, authorizations) are retained indefinitely to preserve their legal validity — even after account deletion. You may request deletion of all other personal data at any time.

6. Organization Data Access Controls

All organizations share the same secure infrastructure, with strict access controls enforced at the application level. Members of one school or aeroclub cannot access data belonging to another organization. Role-based access controls are enforced at every level of the application, ensuring your data is only accessible to authorized members of your organization.

7. Your Rights

Under GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your personal data (right to erasure)
• Object to or restrict certain processing
• Receive your data in a portable format
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with a supervisory authority

To exercise any of these rights, email us at privacy@easyyaw.com.

8. Cookies

We use strictly necessary session cookies required for the platform to function, and optional analytics cookies to understand how users interact with the site. You can accept or decline optional cookies via the cookie banner shown on your first visit.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The "last updated" date at the top of this page reflects the most recent revision.