AVchat

Privacy Policy

Effective Date: May 9, 2026

1. Introduction

AVchat LLC ("AVchat," "we," "us," or "our") operates the AVchat mobile application and related services (the "Service"), a marketplace for charter aircraft operators, brokers, and aviation professionals. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Who We Are

The data controller responsible for your personal information is:

AVchat LLC
5360 NW 20 Terrace, Fort Lauderdale, FL 33309, USA
Email: admin@avchat.app

3. Information We Collect

3.1 Information You Provide

  • Account information: name, email address, password stored hashed, role (operator, broker, pilot, etc.), and company affiliation.
  • Profile information: profile photo, company logo, biographical details, and aircraft listings (including tail numbers, aircraft type, photos, and operational details).
  • Content you post: messages in the Lounge and direct messages, marketplace posts (NEED/HAVE), comments, mentions, and any photos or files you upload.
  • Communications: messages you send to us for support, feedback, or other inquiries.
  • Early access requests: name, company, work email, role, preferred platform, and any note you submit through the public website launch form.

3.2 Information Collected Automatically

  • Device and usage information: device type, operating system, app version, IP address, crash logs, and session activity.
  • Analytics: aggregated, pseudonymous usage data (screens viewed, features used) to help us improve the Service. We use PostHog for product analytics.
  • First-party website analytics: anonymous visitor/session IDs, page views, download-button clicks, referral source, approximate country/city from hosting headers, device type, browser, and operating system for our public website.
  • Error reports: when the app crashes or encounters an error, we collect technical diagnostic information via Sentry to help us fix bugs.

3.3 Information We Do Not Collect

  • We do not collect payment or financial account information. The Service does not process payments.
  • We do not collect precise location data (GPS coordinates) unless you explicitly grant permission for a feature that requires it.
  • We do not collect biometric data.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and operate the Service, including authenticating you, displaying your profile and listings, and delivering messages.
  • To enable communication and connections between users (Lounge, direct messages, mentions, marketplace activity).
  • To send you transactional notifications (for example, new messages, mentions, and account-related alerts).
  • To prevent fraud, abuse, spam, and unauthorized access through security controls and rate limiting.
  • To improve the Service through analytics, crash reports, and user feedback.
  • To respond to early access requests and send launch-related updates if you ask to join the launch list.
  • To comply with legal obligations and enforce our Terms of Service.

5. Third-Party Service Providers

We share information with trusted service providers who process data on our behalf. Each is bound by contract to use the data only for the purposes we specify.

5.1 Authentication & Database (Supabase)

We use Supabase to store account data, profile information, messages, and listings. Supabase acts as our data processor and hosts data in the United States.

5.2 Error Monitoring (Sentry)

We use Sentry to collect crash reports and error diagnostics so we can fix bugs. Sentry receives technical data such as stack traces, device type, and app state at the time of an error. It does not receive your messages, listings, or profile content.

5.3 Product Analytics (PostHog)

We use PostHog to understand how users interact with the Service in aggregate. PostHog receives pseudonymous event data (for example, "user opened Lounge"). We do not send your messages or listing content to PostHog.

5.4 Subprocessors Summary

  • Supabase, Inc. - authentication, database, storage - United States
  • Functional Software, Inc. (Sentry) - error monitoring - United States
  • PostHog Inc. - product analytics - United States

6. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information on the following legal bases:

  • Contract: to provide the Service you have requested (Article 6(1)(b) GDPR).
  • Legitimate interests: to prevent fraud and abuse, to secure the Service, and to improve the product (Article 6(1)(f) GDPR).
  • Consent: where required by law, such as for certain analytics cookies or marketing (Article 6(1)(a) GDPR). You can withdraw consent at any time.
  • Legal obligation: to comply with applicable laws (Article 6(1)(c) GDPR).

7. How We Share Your Information

We share information in the following circumstances:

  • With other users: your profile, listings, messages, and any content you post in shared channels (such as the Lounge or marketplace) are visible to other users of the Service as you intend.
  • With service providers: as described in Section 5, only as needed to operate the Service.
  • For legal reasons: if required by law, court order, or governmental request, or to protect the rights, property, or safety of AVchat, our users, or others.
  • Business transfers: if AVchat is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

We do not sell your personal information to third parties. We do not share your personal information with advertisers.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After you delete your account, we may retain certain information for legal, security, or fraud-prevention purposes for up to 90 days, after which it is deleted or anonymized.

Aggregated, anonymized data may be retained indefinitely for analytics and product improvement.

9. Data Security

We use industry-standard security measures to protect your information, including:

  • Encryption in transit (HTTPS/TLS) for all data sent between your device and our servers.
  • Encryption at rest for stored data.
  • Row-level security policies on our database to ensure users can only access data they are authorized to see.
  • Rate limiting and abuse-prevention controls to protect user accounts.
  • Bcrypt password hashing with a minimum 8-character password requirement.

No system is perfectly secure. If we become aware of a data breach affecting your information, we will notify you and the relevant authorities as required by law.

10. Your Rights

10.1 All Users

  • Access: you can view and update your profile information at any time within the app.
  • Deletion: you can delete your account from within the app, or by emailing us at the address below.
  • Correction: you can correct inaccurate information through your account settings.

10.2 EEA / UK / Swiss Residents (GDPR)

In addition to the rights above, you have the right to:

  • Request a copy of the personal data we hold about you (right of access).
  • Request that we restrict or object to certain processing.
  • Request that we transfer your data to another service (data portability).
  • Lodge a complaint with your local data protection authority.

10.3 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Request deletion of your personal information.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. Note: we do not sell or share personal information for cross-context behavioral advertising.
  • Limit the use of sensitive personal information. Note: we do not use sensitive personal information for purposes beyond providing the Service.
  • Non-discrimination: we will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, contact us at admin@avchat.app. We will respond within 45 days.

11. Children's Privacy

The Service is intended for aviation professionals and is not directed to children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at admin@avchat.app.

12. International Data Transfers

AVchat is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission for transfers of personal data to the United States, where required.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email before the changes take effect. The "Effective Date" at the top of this policy reflects the most recent version.

Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or need to report a concern, contact us at:

AVchat LLC
5360 NW 20 Terrace, Fort Lauderdale, FL 33309, USA
Email: admin@avchat.app