Privacy Policy
Effective date: July 17, 2026 · Volwright LLC
This Privacy Policy explains how Volwright LLC ("Volwright," "we") collects, uses, and shares information when you use the Volwright service (the "Service"). By using the Service you agree to this Policy.
1. Information we collect
- Account information — your name and email address, your group, and your role.
- Aircraft information — tail number, make/model, equipment, and configuration your group enters.
- Operational data — flight reports (including hours, fuel, and notes), squawks, maintenance items and status, and reservations.
- Cost-allocation data — dues, rates, charges, and member balances. We do not store full payment-card numbers; card payments are handled by our payment processor (Stripe).
- Communications — messages you send to or through the Service (including email sent to a plane's address), and the resulting archive.
- Technical data — log data, IP address, device/browser information, and an essential session cookie used to keep you signed in.
2. How we use information
To provide, maintain, and improve the Service; to authenticate you; to process the automated parsing of your messages; to send you transactional and notification emails; to process subscriptions and billing; to provide support; to keep the Service secure; and to comply with law.
3. The "email the plane" feature and automated processing
When you email an aircraft's address, we receive and store the message and use an automated (AI) text-processing service provider to interpret it (for example, to extract hours, fuel, and squawks). Message content is transmitted to that provider solely to perform this parsing. We select providers that do not use your content to train their models by default, but you should not include information you don't want processed this way.
4. How information is shared
- With your group. Volwright is inherently shared: data about an aircraft (schedule, squawks, maintenance, hours, balances, messages) is visible to the members of that aircraft's group. Manage what you share accordingly.
- Service providers (sub-processors) who process data on our behalf to run the Service: payment processing (Stripe); email delivery and receipt (Mailgun); application hosting and database (Hetzner); file and object storage (Cloudflare R2); and automated text processing (Anthropic). Our marketing website is hosted by Netlify. We may update this list as our providers change.
- Legal and safety. When required by law, legal process, or to protect rights, safety, and the integrity of the Service.
- Business transfers. In connection with a merger, acquisition, or sale of assets, subject to this Policy.
We do not sell your personal information.
5. Cookies
We use a strictly necessary session cookie to keep you signed in (sign-in is passwordless — a magic link and one-time code). We do not use advertising or analytics cookies.
6. Data retention
We keep your information while your account is active. If your group cancels, we retain your data for 365 days (one year) so you can reactivate or export it — appropriate for a seasonal customer base — after which we delete or anonymize it. You may request deletion sooner (see Your rights).
Volwright is not your official aircraft or maintenance record system. You and your mechanic or Inspection Authorization remain responsible for keeping the logbooks and records the law requires. We provide a data export so you can retain your own copy — do not rely on Volwright as your system of record.
Some information is kept on its own schedule: billing and tax records are retained as required by tax and accounting law (typically up to seven years); encrypted backups are purged as backups rotate (about 30–90 days), so deleted data clears backups within that window; and technical logs are retained about 30–90 days. Waitlist sign-ups are kept until launch or until you unsubscribe.
7. Security
We use reasonable technical and organizational measures to protect information, including hashed sign-in tokens and access controls scoped to your group. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your rights
You may request to access, correct, delete, or export your personal information, or to object to or restrict certain processing; contact us at the address below and we will respond as required by applicable law. California residents have rights under the CCPA/CPRA — including to know, delete, and correct their personal information, and not to be discriminated against for exercising those rights — and, as noted above, we do not sell your personal information. Volwright currently serves customers in the United States; if we begin serving the EU or UK, we will update this Policy with the applicable GDPR / UK-GDPR disclosures before doing so.
9. Children
The Service is not directed to children and is intended for users who are at least 18. We do not knowingly collect personal information from children.
10. International processing
Volwright operates in the United States, and we process and store information in the United States. The Service is intended for U.S. customers; if you access it from outside the U.S., you consent to processing in the United States.
11. Changes to this Policy
We may update this Policy. If changes are material, we will provide reasonable notice. The "Effective date" above shows when it was last updated.
12. Contact
Privacy questions or requests: support@volwright.com · Volwright LLC.