Privacy Policy
Last updated: 25 April 2026
This Privacy Policy explains how VoilàLog(“we”, “us”, “our”) collects, uses, and protects your personal data when you use our service at voilalog.app. We are committed to complying with the General Data Protection Regulation (GDPR) and applicable data protection laws.
What data we collect and why — step by step
Step 1
When you sign in with Google
Data collected
- Your name and profile photo (from Google)
- Your email address (from Google)
Why
To create and identify your VoilàLog account.
Google permission requested: email, profile (openid scope)
What we DON’T access: your Gmail, your Drive, your contacts, or anything else.
Step 2 — Recommended — required for Google Sheet sync
When you connect your Google Drive
Data collected
- OAuth access token scoped to files VoilàLog creates in your Drive
Why
To create the VoilàLog/ folder in your Drive and to create and update your personal flight logbook spreadsheet inside it.
Google permission requested:
drive.file— access only to files our application creates: theVoilàLog/folder and your personal flight log Google Sheet. We cannot see, list, or access any other file in your Drive.
What we DON’T access: any pre-existing files, your Gmail, your calendar, or any other Google service.
Alternative: you can share a single folder manually with our service account instead of granting OAuth access.
Step 3 — Optional
When you complete your profile
Data collected
Required for automatic import
- Crew code (6-letter identifier)
Optional
- Base airport
- Pilot function (Captain / First Officer)
- Additional qualifications
- Contract type and salary information (for overtime calculation)
- Historical flight hours (for career totals)
Why
To provide accurate flight hour logging, PIC/SIC detection, overtime calculation, and career statistics.
This data is stored securely in our database and never shared with third parties.
Step 4
When your flights are processed
Data collected
Flight data extracted from your company’s verified email reports: flight number, route, times, crew names, aircraft registration, passenger count, fuel data.
Why
This is the core function of VoilàLog — to log your flights automatically.
We process your company’s flight reports on your behalf. These reports are provided by you and contain data about flights you operated. We do not collect any data beyond what is in these reports.
Import methods: You can submit your flight reports via:
- VoilàLog Bridge — Apple Shortcuts sends the email content to our API automatically. No email stored on our servers.
- Email forward — Forward to
log@mail.voilalog.app. The email text is extracted and then discarded. - Paste — Copy and paste the report text directly in the app.
- Photo / OCR — Photograph your iPad screen; AI extracts the text (see Step 5).
- Native iOS app — Share extension coming soon.
Step 5 — Optional
Roster parsing
Data collected
- Roster images or PDFs you submit via the in-app import tools or your shared service account folder (manual Drive mode)
- Extracted flight schedule data (dates, routes, times)
Why
To show your upcoming flights and calculate rostered hours.
How: Roster images, flight photos, and paper logbook scans are sent to Anthropic’s Claude API for text extraction only. The image content is transmitted for a single API call and then discarded — Anthropic does not retain it beyond the request.
Per Anthropic’s API terms, data submitted via the API is not used to train or improve Anthropic’s models. See Anthropic’s privacy policy for details.
Google API Limited Use Disclosure
VoilàLog’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We use Google Drive access (drive.file scope) exclusively to:
- Create the
VoilàLog/folder in your Google Drive - Create and update your personal flight logbook Google Sheet inside that folder
We do not access, list, watch, or modify any other files in your Drive. We access only files that VoilàLog itself created.
We do not use data obtained via Google Workspace APIs (Drive content or Sheets content) to develop, improve, or train AI or machine learning models — generalized or otherwise. Google Workspace data is used solely to provide the VoilàLog flight logging service to you.
We do not share this data with third parties and do not use it for advertising or profiling.
1. Data Controller
The data controller responsible for your personal data is:
VoilàLog
Contact: herve@voilalog.app
2. Data We Collect
We collect the following categories of personal data:
- Google account information: Your name, email address, and profile picture, obtained via Google OAuth when you sign in.
- Crew code:Your airline-issued pilot identifier (e.g. “JOHDOE”), entered manually by you. Used to identify your flights in company reports.
- Flight data: Flight number, date, origin, destination, off-block / on-block times, airborne / landing times, block time, flight time, scheduled block, aircraft registration and type, captain and first officer codes and names, pilot flying (takeoff), night time, actual PAX, fuel figures, delay, and remarks. Parsed from daily company reports you submit via VoilàLog Bridge, email forward, paste, photo OCR, or your shared service account folder (manual Drive mode).
- Roster data:Scheduled duties parsed from roster images submitted via VoilàLog’s import tools or your service account folder (manual Drive mode), including flight numbers, routes, STD/STA, duty types, and acknowledgement status.
- Google Drive access: An OAuth refresh token scoped to files VoilàLog creates (
drive.file), stored securely in our database. This grants access only to theVoilàLog/folder and your personal flight log spreadsheet — both created by VoilàLog. No other Drive files are accessible. - Profile preferences: Base airport, aircraft qualifications, contract type, salary inputs for overtime calculation, and Google Sheets spreadsheet ID.
Google Services & Data Protection
Data we access via Google Sheets API
- Flight logbook data imported into VoilàLog (dates, times, routes, crew, aircraft)
- No other Google Sheets files in your Drive are accessed at any time
Data protection mechanisms
- All API calls are made server-side over HTTPS using TLS 1.3
- Your Google OAuth tokens are encrypted at rest in our database (Supabase, hosted in EU-West)
- Tokens are never logged, cached in plain text, or shared with third parties
- You can revoke VoilàLog’s access at any time via myaccount.google.com/permissions
- Deleting your VoilàLog account immediately revokes all tokens and permanently deletes all associated data
Retention: Google OAuth tokens are stored only for the duration of your VoilàLog account. Deleted immediately upon account deletion.
3. Purpose and Legal Basis
We process your data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Authenticate you via Google OAuth | Contract performance |
| Parse and store your flight hours automatically | Contract performance |
| Sync your logbook to your Google Sheet | Contract performance |
| Receive flight reports via Bridge, email forward, paste, or photo import | Contract performance |
| Parse roster images to display scheduled duties | Consent (service feature) |
| Calculate overtime (Malta Air France contract) | Consent (optional feature) |
| Service security and abuse prevention | Legitimate interest |
4. Data Storage and Security
Your data is stored in a PostgreSQL database hosted by Supabase, located in the EU (Ireland) region. Data is encrypted at rest and in transit using TLS.
VoilàLog is deployed on Vercel, which serves the application via EU edge nodes where possible. Our infrastructure does not transfer your personal data outside the European Economic Area except as described in Section 6 below.
5. Google Services
VoilàLog uses the following Google APIs on your behalf:
- Google OAuth 2.0 (scopes:
openid,email,profile): For authentication. We receive your name, email address, and profile picture. - Google Drive API (scope:
drive.file): Used exclusively to create and manage theVoilàLog/folder and your personal flight log spreadsheet — both of which VoilàLog created. We do not access, list, watch, or modify any other file in your Drive. - Google Sheets API: Write access to the single spreadsheet VoilàLog created in your Drive. We write your flight log rows to this spreadsheet only. We do not access any other spreadsheet.
Data obtained via Google APIs is used solely to provide the VoilàLog flight logging service. It is never used to develop, improve, or train AI or machine learning models. Google’s use of your data is governed by Google’s Privacy Policy and the limited-use requirements of the Google API Services User Data Policy.
6. Third Parties
We share data with the following trusted third-party processors only as necessary to provide the service:
| Processor | Role | Region |
|---|---|---|
| Supabase | PostgreSQL database hosting (EU Ireland, with Row Level Security) | EU (Ireland) |
| Vercel | Application hosting and edge delivery | EU edge |
| Authentication (OAuth), Drive folder creation, and Sheets sync | Google infrastructure | |
| Anthropic | AI text extraction from roster images, flight photos, and paper logbook scans | USA — see note below |
| Resend | Transactional email (welcome, first flight, error notifications, admin alerts) | USA / EU |
| Cloudflare Email Routing | Receives forwarded flight emails sent to log@mail.voilalog.app | Global CDN |
| Mapbox | Route map display only — no user data transmitted | USA |
Note on Anthropic:When you submit a roster image, flight photo, or paper logbook scan for parsing, the image is sent to Anthropic’s Claude API for text extraction only. Only the image content is transmitted — no other personal data. Images are processed for a single API call and then discarded; Anthropic does not retain them beyond the request and does not use API data to train or improve its models (per Anthropic’s API terms). Anthropic is located in the USA; this transfer is covered by standard contractual clauses.
We do not sell, rent, or share your personal data with any third party for advertising, marketing, or profiling purposes.
7. Data Retention
We retain your personal data for as long as your account is active. When you delete your account via the Danger Zone in Settings, all your flight data, roster data, profile information, and OAuth tokens are permanently deleted from our database within 30 days.
Anonymised, aggregated usage statistics (total flight count, no personal identifiers) may be retained for service improvement purposes.
8. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right of access: Request a copy of your personal data.
- Right to rectification: Correct inaccurate or incomplete data directly within the app.
- Right to erasure: Delete your account and all associated data via Settings → Danger Zone.
- Right to restriction: Request that we limit processing of your data.
- Right to data portability: Export your flight data via your linked Google Sheet or by contacting us.
- Right to object: Object to processing based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at herve@voilalog.app. You also have the right to lodge a complaint with your national data protection authority.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of VoilàLog after changes constitutes acceptance of the updated policy.
11. Contact
For any questions about this Privacy Policy or your personal data, contact us at: herve@voilalog.app