Privacy Policy
Last updated: March 2026
This Privacy Policy explains how VoilaLog(“we”, “us”, “our”) collects, uses, and protects your personal data when you use our service at voilalog.app. We are committed to complying with the General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
VoilaLog
Contact: herve@voilalog.app
2. Data We Collect
We collect the following categories of personal data:
- Google account information: Your name, email address, and profile picture, obtained via Google OAuth when you sign in.
- Crew code:Your airline-issued pilot identifier (e.g. “JOHDOE”), entered manually by you. Used to identify your flights in company reports.
- Flight data: Flight number, date, origin, destination, off-block / on-block times, airborne / landing times, block time, flight time, scheduled block, aircraft registration and type, captain and first officer codes and names, pilot flying (takeoff), night time, actual PAX, fuel figures, delay, and remarks. Parsed automatically from daily company reports you place in your Google Drive logbook folder.
- Roster data: Scheduled duties parsed from roster images uploaded to your logbook folder, including flight numbers, routes, STD/STA, duty types, and acknowledgement status.
- Google Drive access: An OAuth refresh token granting read access to your
logbook/Drive folder and write access to your personal spreadsheet, stored securely in our database. - Profile preferences: Base airport, aircraft qualifications, contract type, salary inputs for overtime calculation, and Google Sheets spreadsheet ID.
3. Purpose and Legal Basis
We process your data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Authenticate you via Google OAuth | Contract performance |
| Parse and store your flight hours automatically | Contract performance |
| Sync your logbook to your Google Sheet | Contract performance |
| Detect new files via Google Drive webhook | Legitimate interest |
| Parse roster images to display scheduled duties | Consent (service feature) |
| Calculate overtime (Malta Air France contract) | Consent (optional feature) |
| Service security and abuse prevention | Legitimate interest |
4. Data Storage and Security
Your data is stored in a PostgreSQL database hosted by Supabase, located in the EU (Ireland) region. Data is encrypted at rest and in transit using TLS.
VoilaLog is deployed on Vercel, which serves the application via EU edge nodes where possible. Our infrastructure does not transfer your personal data outside the European Economic Area except as described in Section 6 below.
5. Google Services
VoilaLog uses the following Google APIs on your behalf:
- Google OAuth 2.0: For authentication. We request your name, email, and profile picture.
- Google Drive API: Read-only access to your
logbook/folder to retrieve daily flight report files. We do not read any other Drive content. - Google Sheets API: Write access to a single spreadsheet created in your own Drive account. We write your flight log rows to this spreadsheet. We do not access any other spreadsheets.
Google’s use of your data when accessed via these APIs is governed by Google’s Privacy Policy and the limited-use requirements of the Google API Services User Data Policy.
6. Third Parties
We share data with the following trusted third-party processors only as necessary to provide the service:
| Processor | Role | Region |
|---|---|---|
| Supabase | PostgreSQL database hosting | EU (Ireland) |
| Vercel | Application hosting and edge delivery | EU edge |
| Authentication, Drive, and Sheets APIs | Google infrastructure | |
| Anthropic | Roster image parsing (AI model) | USA — see note below |
Note on Anthropic:When you upload a roster image for parsing, the image is sent to Anthropic’s API (Claude) for text extraction. Only the image content is transmitted — no other personal data. Roster images are not stored by Anthropic beyond the API request. Anthropic is located in the USA; this transfer is covered by standard contractual clauses.
We do not sell, rent, or share your personal data with any third party for advertising, marketing, or profiling purposes.
7. Data Retention
We retain your personal data for as long as your account is active. When you delete your account via the Danger Zone in Settings, all your flight data, roster data, profile information, and OAuth tokens are permanently deleted from our database within 30 days.
Anonymised, aggregated usage statistics (total flight count, no personal identifiers) may be retained for service improvement purposes.
8. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right of access: Request a copy of your personal data.
- Right to rectification: Correct inaccurate or incomplete data directly within the app.
- Right to erasure: Delete your account and all associated data via Settings → Danger Zone.
- Right to restriction: Request that we limit processing of your data.
- Right to data portability: Export your flight data via your linked Google Sheet or by contacting us.
- Right to object: Object to processing based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at herve@voilalog.app. You also have the right to lodge a complaint with your national data protection authority.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of VoilaLog after changes constitutes acceptance of the updated policy.
11. Contact
For any questions about this Privacy Policy or your personal data, contact us at: herve@voilalog.app