Privacy Policy

📄 Table of Contents

Who We Are
Data We Collect
How We Collect Data
How We Use Your Data
Local Storage & Browser Data
Data Sharing & Third Parties
Data Security
Data Retention
Your Rights
Children’s Privacy
Changes to This Policy
Contact Us

Your privacy is a core commitment at Aviotech Technologies, not an afterthought. This Privacy Policy explains exactly what personal data we collect, why we collect it, how we protect it, and the controls you have over it. Please read this alongside our Terms & Conditions.

1. Who We Are

Aviotech Technologies is an IT services and education company based in Worldwide. We are the data controller for personal data collected through our website, academy platform, and professional service engagements.

Contact: [email protected] · Contact Form

2. Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

Category	Examples	Source
Identity Data	Full name, username	Account registration
Contact Data	Email address	Registration, contact forms, newsletter
Account Data	Hashed password, account role (Student, Business Client)	Registration
Support Data	Ticket descriptions, category, priority, status	Support ticket submissions
Communication Data	Messages submitted via our contact form (name, email, subject, message)	Contact form
Usage Data	Course progress, section completion, quiz results	Academy platform interaction
Technical Data	Browser type (via localStorage only — no cookies or server-side logging)	Browser local storage

We do not collect payment card numbers, national ID numbers, biometric data, or sensitive categories of personal data (e.g. health or racial data) through our web platform.

3. How We Collect Data

We collect personal data through the following methods:

Direct Input: When you register for an account, enrol in a course, submit a support ticket, or use our contact form.
Newsletter Sign-Up: When you subscribe to Aviotech updates via our newsletter form.
Browser Local Storage: Our platform stores session data, user preferences, and interaction records in your browser’s localStorage (see Section 5).
Professional Engagements: When you engage us for IT services, we collect data necessary to deliver and administer the contracted work.

We do not use tracking cookies, advertising cookies, or third-party analytics on this platform.

4. How We Use Your Data

We process your personal data on the following lawful bases:

Contract Performance: To deliver services you have requested (courses, IT projects, support).
Legitimate Interests: To respond to enquiries, manage support tickets, improve our services, and maintain platform security.
Consent: To send newsletter communications (you may unsubscribe at any time).
Legal Obligation: To comply with applicable laws and regulations.

Specifically, we use your data to:

Create and manage your account and verify your identity at login.
Process and respond to support tickets within our 4-business-hour SLA.
Track and display your course progress within the Academy platform.
Respond to contact form enquiries and follow up on service requests.
Send occasional Aviotech updates to newsletter subscribers.
Detect and prevent fraud, abuse, or security incidents on our platform.

5. Local Storage & Browser Data

Aviotech’s current web platform operates primarily through your browser’s localStorage — a client-side storage mechanism that keeps data on your own device. This means:

Data such as your user session, support tickets, course progress, and preferences are stored locally in your browser.
This data is not automatically transmitted to our servers and is only accessible within the same browser on the same device.
If you clear your browser data or use a different browser/device, locally stored data will not be available there.
We do not use tracking cookies or third-party analytics scripts on this platform.

Your password is never stored in plain text. Passwords are hashed using PBKDF2-SHA256 with 310,000 iterations (OWASP 2023 standard) before being stored in your browser’s localStorage. We never transmit your raw password to any server.

✅ What this means for you: Your data stays on your device. No one at Aviotech can read your stored data unless you voluntarily submit it through a form (contact, ticket, registration). Clearing your browser storage removes all locally stored Aviotech data from that device.

7. Data Security

We take data security seriously and implement the following technical and organisational measures:

Password Hashing: PBKDF2-SHA256 with 310,000 iterations for all stored credentials (admin and user accounts).
XSS Protection: All user-supplied content is HTML-escaped before rendering to prevent cross-site scripting attacks.
Content Security Policy (CSP): A strict CSP header is enforced across all pages to limit script execution sources.
Rate Limiting: Login attempts are rate-limited (5 attempts triggers a 5-minute lockout) to mitigate brute-force attacks.
Secure Session Tokens: Admin sessions use cryptographically random tokens generated via the Web Crypto API.
No Referrer Leakage: All pages use referrer: no-referrer to prevent URL leakage to third parties.
Frame Protection: frame-ancestors: none is enforced to prevent clickjacking.

While we implement robust security measures, no system is 100% impenetrable. We encourage you to use a strong, unique password and to notify us immediately of any suspected security concern at [email protected].

8. Data Retention

Because data is currently stored in your browser’s localStorage:

User-controlled: You can delete all locally stored Aviotech data at any time by clearing your browser’s localStorage or site data via your browser settings.
Contact & Ticket Data: Any data submitted through forms (contact messages, support tickets) that is visible to Aviotech in the admin dashboard will be retained for as long as operationally necessary or as required by law.
Professional Services Data: Data related to professional service engagements is retained for a minimum of 7 years in compliance with international business record-keeping standards.

9. Your Rights

Subject to applicable international data protection laws (including GDPR and regional equivalents), you have the following rights regarding your personal data:

👁 Right to Access ✏️ Right to Rectification 🗑 Right to Erasure ⛔ Right to Object 📦 Right to Portability ⏸ Right to Restrict Processing

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. Note that locally stored data (localStorage) is within your direct control — you can access, modify, or delete it through your browser settings at any time.

You also have the right to lodge a complaint with the your regional data protection authority (e.g. ICO in the UK, CNIL in France, AEPD in Spain) if you believe your data protection rights have been violated.

10. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16 without verified parental or guardian consent. If you believe a child under 16 has submitted personal data to us without consent, please contact us immediately at [email protected] so we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this page periodically. Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For any privacy-related queries, data subject requests, or concerns, please contact our data controller:

Company: Aviotech Technologies
Location: Worldwide
Email: [email protected]
Contact Form: aviotech.com/contact

Privacy Questions or Data Requests?

We aim to respond to all privacy inquiries within 30 days. Don’t hesitate to reach out.

Contact Aviotech →