Privacy Policy

Effective Date: May 18, 2026 Last Updated: May 19, 2026

Plain-English summary (the numbered sections below control if anything conflicts):

• We collect what we need to run the Service for you (your account info, your school's records, payment metadata).
• We do not sell your personal information.
• Card payments are handled by Stripe (Summit's subscription billing) and Square (your school's customer payments). We never see or store full card numbers.
• When your school's admin invites you, your school controls your data — they decide what to collect about you, and we process it on their behalf.
• You have rights to access, correct, and delete your information. Contact privacy@summitflightops.com.

1. Who We Are

Summit Flight Ops LLC ("Summit," "we," "us," "our") provides flight-operations software at summitflightops.com (the "Service"). This Privacy Policy explains how we collect, use, and disclose personal information from people who use the Service or visit our public website.

By using the Service, you agree to the collection, use, and disclosure of personal information as described here. Your use of the Service is also governed by the Terms of Service.

"Personal Information" means information that identifies, relates to, describes, or could reasonably be linked to an individual or household, as defined by applicable law (including the CCPA, GDPR, and other state and international privacy laws).

2. Controller vs. Processor

Summit's role depends on whose data we are handling:

• As a controller. When you sign up for a Summit account on your own behalf (e.g., as a flight-school owner subscribing to the Service), and for our own marketing, analytics, billing, and platform-operations activities, we are the controller of your personal information.
• As a processor. When a Flight Operation (e.g., a flight school, club, or independent CFI) using Summit submits personal information about its users — students, renters, instructors, staff — the Flight Operation is the controller and Summit acts as a processor on its behalf. Privacy questions about that data should be directed to the Flight Operation first; we will support them in responding.

3. Personal Information We Collect

A. Information you give us

• Account registration: name, email address, phone number, the name of your Flight Operation, airport identifier, role (admin, instructor, student, renter), and a password (handled by our identity provider, Clerk — we never see or store your password).
• Payment information for Summit subscriptions: your billing email and a token representing your card. We do not see or store full card numbers; the full card data is collected and held by Stripe (our subscription processor).
• Flight-operations records (Customer Data): anything you (or your Flight Operation's admin) puts into the Service — user profiles, certificates, medicals, TSA endorsements, insurance, aircraft details, hobbs/tach, inspections, maintenance logs, reservations, invoices, payments, transactions, syllabus progress, logbook entries and attachments, and any free-text notes.
• Communications: the contents of emails, support tickets, or other messages you send us.

B. Information collected automatically

• Usage data: the pages you visit, features you use, and timestamps of your activity.
• Device and connection data: IP address, browser type, operating system, device identifiers, language, and referring URL.
• Cookies and similar technologies: strictly-necessary cookies for authentication (Clerk session), and minimal first-party cookies for our own analytics/error reporting. We do not use third-party advertising cookies.
• Error reports: uncaught errors in the application may be reported to Sentry (our error-tracking provider) along with limited context (e.g., your user ID, the route, the error stack).

C. Information from third parties

• Stripe returns subscription status, last 4 digits of card, and card-brand metadata for display.
• Square (if your Flight Operation has connected Square) returns merchant id, location data, and customer/card metadata you initiate.
• Clerk (our identity provider) returns authentication state and email verification.
• Federal Aviation Administration registry / aircraft data may be consulted to validate tail numbers.

4. How We Use Personal Information

We use personal information to:

1. Operate, maintain, and improve the Service;
2. Authenticate you and secure your account;
3. Process subscription payments and invoice receipts;
4. Send transactional emails (reservation confirmations, cancellations, invoice receipts, password resets, security alerts) — these are not marketing;
5. Provide customer support and respond to your inquiries;
6. Comply with legal obligations and enforce our Terms of Service;
7. Detect, prevent, and respond to fraud, abuse, or security incidents;
8. Develop new features and analyze usage patterns (typically using aggregated or de-identified data);
9. With your separate consent, send product updates or marketing (you can opt out at any time using the unsubscribe link in any such email).

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with a "legal basis" framework, we rely on (a) contract to provide the Service you requested, (b) legitimate interest for security, fraud prevention, and product improvement, (c) legal obligation for tax, accounting, and compliance, and (d) consent for marketing and any cookies that are not strictly necessary.

5. How We Share Personal Information

We share personal information only as described below. We do not sell personal information, and we do not share personal information with third parties for their own direct-marketing purposes.

• Service providers (subprocessors) who help us run the Service, under contract and confidentiality:
  • Render (cloud hosting + Postgres database) — United States
  • Clerk (authentication) — United States
  • Stripe (subscription billing) — United States
  • Square (customer-side payments, only if your Flight Operation connects Square) — United States
  • Cloudflare R2 (file storage for logbook attachments) — United States
  • Resend (transactional email delivery) — United States
  • Sentry (error tracking) — United States
• Your Flight Operation. If you are a user of a Flight Operation that uses Summit (student, renter, instructor, staff), your profile and activity are visible to authorized admins and instructors of that Flight Operation per the school's permission configuration. The Flight Operation is the controller of that data.
• Platform administrators (Summit staff). Authorized Summit personnel may access tenant data for support, troubleshooting, billing, and abuse-response purposes. Such access is logged in an audit trail.
• Legal and safety. We may disclose personal information if we believe in good faith that disclosure is required to comply with a subpoena, court order, or other legal process; to enforce our Terms; to protect the security or rights of Summit, our users, or the public; or to respond to an emergency involving risk to life.
• Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred to the successor entity.
• With your consent. In any other case, with your separate consent.

6. Your Choices and Rights

A. Account access and updates

You can review and update much of your profile from inside the Service. If you need help, contact privacy@summitflightops.com.

B. Marketing emails

You can unsubscribe from marketing emails at any time using the link at the bottom of those emails. Transactional emails (reservation confirmations, invoice receipts, security alerts, etc.) are not optional while your account is active.

C. State privacy rights (California, Virginia, Colorado, Connecticut, Utah, and similar states)

Depending on your state of residence, you may have the right to:

• Know what personal information we have collected about you and how we use it.
• Access a copy of your personal information.
• Correct inaccurate personal information.
• Delete personal information, subject to legal exceptions.
• Opt out of "sales" or "sharing" of personal information for cross-context behavioral advertising (we do not engage in either).
• Limit the use of sensitive personal information (we do not use sensitive personal information beyond what is necessary to provide the Service).
• Non-discrimination for exercising your rights.
• Appeal a denial of your request.

To exercise these rights, email privacy@summitflightops.com. We will verify your identity and respond within the time frame required by applicable law (typically 30–45 days). You may use an authorized agent; we will require written authorization.

If your personal information was submitted by your Flight Operation, please contact that Flight Operation first.

D. European and UK rights (GDPR / UK GDPR)

If you are located in the EEA or UK, you also have the rights to data portability, restriction of processing, withdrawal of consent (where consent is the legal basis), and to lodge a complaint with your local supervisory authority. The list of EU authorities is at edpb.europa.eu.

We do not currently target the EU/UK markets. If you choose to use the Service from those regions, your data will be transferred to and processed in the United States. Where required, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses.

E. Cookies

You can configure your browser to refuse cookies or to alert you when a cookie is set. If you disable strictly-necessary cookies, parts of the Service (including sign-in) may not function.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest for the Postgres database and file storage, role-based access controls, least-privilege production access, and audit logging of cross-tenant administrative actions. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. See § 3 of the Terms of Service regarding our beta status and your responsibility to maintain backups.

If we become aware of a security breach affecting your personal information, we will notify you as required by applicable law.

8. Retention

We retain personal information for as long as your account is active, as needed to provide the Service, and as needed to comply with our legal obligations (including tax, accounting, anti-fraud, and dispute-resolution obligations). When your account is terminated, we may delete or anonymize your personal information after a reasonable wind-down period; backups may persist longer in accordance with our retention schedule.

If you are a user of a Flight Operation that uses Summit, the Flight Operation determines how long your data is retained. Contact your Flight Operation directly to request earlier deletion.

9. Children's Privacy

The Service is not directed to children under 13 (or under 16 in jurisdictions with a higher age threshold), and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@summitflightops.com and we will delete it.

Flight Operations using Summit may serve users under the age of majority in the context of flight training. In that case the Flight Operation is responsible for obtaining any required parental consent before submitting a minor's information to the Service.

10. International Users

Summit is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those of your jurisdiction. By using the Service, you consent to that transfer.

11. Third-Party Services

The Service may contain links to or integrations with third-party services (e.g., Stripe, Square, Clerk, FAA registry). This Privacy Policy does not apply to those third parties. Review their privacy policies for information about their practices.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent change. We will provide notice of material changes by email or through the Service.

13. Contact Us

Questions, requests, or complaints regarding privacy:

Summit Flight Ops LLC 2982 N 24th St Ste 115 PMB 441104 Phoenix, AZ 85016 privacy@summitflightops.com