Privacy Policy

Last updated: March 2026

This Privacy Policy explains how operated by Giordano Corradini (“we”, “us”, “our”), trading as VolaLog, collects, uses, and protects your personal data when you use the VolaLog service (“the Service”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable EU and Italian data protection law.

The data controller for the purposes of this policy is VolaLog, contactable at privacy@volalog.app.

1. Data We Collect

Account data — When you register, we collect your email address and any display name you choose to provide. We do not require your real name.

Flight and logbook data — All flight records, aircraft entries, and logbook data you create or import within the Service. This data is provided voluntarily by you.

Usage data — Basic technical data about how you interact with the Service, including browser type, device type, and general usage patterns. This is used solely to maintain and improve the Service.

Payment data — Payments are processed entirely by Paddle (paddle.com), our Merchant of Record. We do not collect or store your payment card details. Paddle provides us with basic transaction information (subscription status, renewal dates, transaction IDs) necessary to manage your account.

Preferences and settings — Your in-app preferences (such as default flight mode, display settings, and UI state) stored as part of your account profile.

2. How We Use Your Data

We use your data to:

  • Provide and maintain the Service
  • Manage your account and subscription status
  • Enforce free tier usage limits
  • Send transactional communications (account confirmation, subscription receipts, renewal reminders)
  • Respond to support requests
  • Improve the Service based on aggregated, anonymised usage patterns

We do not use your data for advertising, and we do not sell your data to third parties.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Performance of a contract — Processing necessary to provide you with the Service under these Terms (Art. 6(1)(b) GDPR)
  • Legitimate interests — Maintaining the security and integrity of the Service, fraud prevention, and improving service quality (Art. 6(1)(f) GDPR)
  • Compliance with legal obligations — Where required by applicable law (Art. 6(1)(c) GDPR)

4. Data Processors and Third Parties

We use the following third-party services to operate the Service. Each acts as a data processor under our instruction:

Supabase (supabase.com) — Database, authentication, and file storage infrastructure. Your account data, flight records, and preferences are stored on Supabase infrastructure hosted within the European Union. Supabase is GDPR-compliant and processes data under a Data Processing Agreement.

Paddle(paddle.com) — Payment processing and subscription management. Paddle acts as the Merchant of Record for all transactions, meaning they are an independent data controller for payment data. Paddle's own Privacy Policy applies to payment-related data.

Vercel (vercel.com) — Hosting and delivery of the VolaLog web application. Vercel may process limited technical request data (IP addresses, request logs) as part of serving the application.

We do not share your personal data with any other third parties except where required by law.

5. Data Retention

We retain your account and flight data for as long as your account is active. If you delete your account, all associated personal data is permanently deleted within 30 days, except where we are required to retain certain records for legal or financial compliance purposes (e.g. transaction records retained for tax purposes for up to 10 years as required by Italian law).

6. Data Transfers

Our primary data infrastructure is hosted within the European Union. Where data is processed outside the EU (for example, by Vercel's global CDN), appropriate safeguards are in place including Standard Contractual Clauses (SCCs) as required by GDPR.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access — You may request a copy of the personal data we hold about you
  • Right to rectification — You may correct inaccurate or incomplete data
  • Right to erasure— You may request deletion of your personal data (“right to be forgotten”)
  • Right to data portability — You may request your data in a machine-readable format. VolaLog provides CSV export functionality for your flight data directly within the Service
  • Right to restriction — You may request that we restrict processing of your data in certain circumstances
  • Right to object — You may object to processing based on legitimate interests
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@volalog.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali, www.garanteprivacy.it) or the supervisory authority in your EU member state.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS), access controls, and secure infrastructure provided by Supabase.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Children

The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@volalog.app and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or in-app notice at least 14 days before they take effect. The current version is always available within the Service.

11. Contact

For any privacy-related questions, requests, or complaints:

Email: privacy@volalog.app

We aim to respond to all requests within 30 days.