Privacy Policy

Last updated: 7 April 2026

1. Who We Are

Airworthiness Limited ("we", "us", "our") operates the website airworthiness.org.uk. We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: contact@airworthiness.org.uk

2. Data We Collect

We collect the following categories of personal data:

  • Identity data: first name, middle name(s), last name.
  • Contact data: email address.
  • Licence data: UK CAA Aircraft Maintenance Licence reference number, licence categories held, aircraft type endorsements and dates, photographs of your licence document.
  • Professional data: maintenance logbook entries (task descriptions, dates, aircraft details, verification records), module exam progress, continuation training certificates.
  • Technical data: IP address, browser type, device information, pages visited, collected automatically via cookies and similar technologies.
  • Account data: authentication credentials (encrypted), account preferences.
  • Public profile data (optional): if you choose to enable a public profile, we process the following data for the purpose of displaying it: a public handle of your choice, your display name, an optional public profile photo (separate from your licence photo), the type ratings and licence categories you hold, and any optional sections you choose to enable (employment status label, years in industry, apprenticeship completion, continuation training currency status). You may disable your public profile at any time, and the page will become inaccessible immediately.

3. How We Use Your Data

  • To create and manage your account.
  • To provide licence tracking, digital logbook, and training management services.
  • To verify licence holder status for trust privileges on the platform (consent-based).
  • To enable licence-verified professionals to interact with other users.
  • To display your public professional profile to other users and to the public, only if you have explicitly enabled this feature. The public profile is opt-in and disabled by default. You may opt out at any time.
  • To analyse website usage and improve our services.
  • To comply with legal obligations.

4. Lawful Basis for Processing

  • Consent: for licence verification, interactions with other users, marketing communications, and non-essential cookies.
  • Consent (specific to social features): processing of your data for the public profile, follower relationships, and feed (each enabled separately) is based on explicit, granular consent. You can withdraw consent for any social feature at any time, and your data will be removed from public view immediately. The core licence tracking, logbook, and training services do not require any social consent.
  • Contract: processing necessary to provide our services to you as a registered user.
  • Legitimate interests: website security, fraud prevention, service improvement, and analytics.
  • Legal obligation: where required by UK law.

5. How We Store Your Data

Your data is stored securely using Supabase, hosted in Ireland (eu-west-1), with encryption at rest and in transit. File uploads (licence photographs, certificates) are stored in Supabase Storage in the same region with row-level security policies. The website is served via Vercel.

We retain your personal data for as long as your account is active. When you delete your account, your data is removed from our live systems immediately. Encrypted backups of the database are retained for 7 days as part of our disaster recovery process; your data may persist in these backups until they are rotated out, after which it is permanently deleted. Backups are stored within the EU and are not accessed except in the event of a database recovery.

6. Third-Party Services

  • Supabase: database hosting, authentication, and file storage.
  • Vercel: website hosting and content delivery.
  • Social login providers: Google, Apple, and Facebook (when used for authentication).

We do not sell your personal data to third parties.

7. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten"); you can delete your account from your profile page.
  • Restrict processing of your data.
  • Data portability, receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where consent is the lawful basis.

To exercise any of these rights, contact us at contact@airworthiness.org.uk.

8. Social Features

Airworthiness offers optional social features that allow you to share your professional achievements with other engineers. These features are entirely opt-in and disabled by default. The core platform — licence tracking, digital logbook, training management — works fully without enabling any social feature.

What is shared when you enable a public profile: your name, optional profile photo, type ratings, licence categories, and any optional sections you choose to enable. Your profile becomes viewable at toolbox.airworthiness.org.uk/profile/[your-id], where [your-id] is a randomly assigned 8-digit number that uniquely identifies your profile.

What is never shared, even with a public profile: your licence number, date of birth, employer, customer or operator names, logbook entries, exam scores, contact details, and your private licence photograph.

You are in control:

  • You choose whether to enable a public profile.
  • You choose which optional sections to display.
  • You can disable your public profile at any time, with immediate effect.
  • You can delete your account at any time, which removes all data including any public profile.

Consent and withdrawal: Enabling a public profile is an explicit, separate consent action. You will be shown exactly what will be shared before you confirm. You can withdraw consent at any time from the Settings page. Withdrawal takes effect immediately on our live systems; backups will rotate out within 7 days.

9. Cookies

We use cookies and similar technologies. For full details, see our Cookie Policy.

10. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date.