top of page

Data Retention Policy
Wingman Pilot Logbook

This policy was last updated on 10 DEC 2025.
​​

1. Purpose & Scope

WINGMAN AVTECH PRIVATE LIMITED ("Wingman", "we", "us", or "our") is committed to protecting your privacy. This Policy explains how we collect, use, disclose, transfer, and store your data when you access any of our products, services, or applications. Currently, these include: Wingman Pilot Logbook


By accessing our applications, websites, or services, you agree to the practices described in this Policy.


This Data Retention & Deletion Policy describes how Wingman, specifically pertaining to the Wingman Pilot Logbook, processes, stores, retains, archives, restores, and deletes user data in accordance with applicable global data protection laws, including but not limited to, the EU General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA), and India’s Digital Personal Data Protection Act (DPDPA).

2. Definitions
 

  1. Active Subscriber: A user with an active paid subscription granting full access to Wingman services.

  2. Expired Account: An account whose subscription has ended but remains within the Grace Period.

  3. Grace Period: A 90-day window after subscription expiry during which the user retains limited, read-only access to historical data.

  4. Dormant Account: An account beyond the Grace Period where access to stored data is no longer provided.

  5. Archival Storage: Secure, access-controlled internal storage used for temporary preservation of historical records for regulatory compliance and potential recovery requests.

  6. Backup Storage: Encrypted disaster recovery copies maintained by infrastructure systems for business continuity, purged automatically based on standard infrastructure cycles (typically 30–90 days).

  7. Permanent Deletion: Irreversible removal of personal and operational data from all active systems, with encrypted backup traces removed during scheduled rotations.

  8. Anonymization: Irreversible transformation of operational records such that they can no longer be linked to an identifiable individual, consistent with GDPR Recital 26.
     

3. Data Retention Schedule


3.1 Active Subscribers

While a subscription remains active:

 

  • All personal data and flight records are stored and fully accessible.

  • Users may add, modify, or generate reports without restriction.

  • Data is maintained in operational systems for the duration of the subscription.


3.2 Expired Accounts (Within 90-Day Grace Period)

Upon subscription expiry:

 

  • The account transitions to a restricted, read-only mode.

  • No new entries, imports, edits, or exports may be performed.

  • The user retains visibility of their historical data for 90 days.

  • Renewal reminders may be issued to maintain continuity of access.

  • Restoration of full access requires subscription renewal.


3.3 Dormant Accounts (Post-Grace Period)
 

After the 90-day Grace Period:

  • User access to stored data is discontinued.

  • Data is withdrawn from active systems and maintained only in secure archival storage for a limited period.

  • Retrieval of archival data is not automatic and is subject to:

    1. Reactivation of a valid subscription, and

    2. Payment of a Data Restoration Handling Fee of $30 USD (or equivalent in local currency) to cover the administrative, technical, and compliance-related workload required to restore historical data.
       

Under GDPR Article 12(5) and DPDPA Section 8, controllers may charge a reasonable fee for actions requiring disproportionate effort or significant processing overhead. Data recovery from archival systems qualifies under these provisions due to the secure, manual nature of the restoration process.


3.4 Permanent Deletion

When the archival retention window concludes:

 

  • All associated data is permanently deleted from active systems.

  • Data is no longer recoverable under any circumstances.

  • Any residual encrypted fragments in disaster-recovery backups are removed automatically upon the next infrastructure-level backup rotation.

 

After deletion occurs, no user rights under GDPR/CCPA/DPDPA can be exercised because the data no longer exists.
 

4. User Data Rights

Users may exercise their rights to access, rectify, port, or request deletion of their personal data while the data exists within operational or archival systems.
These rights become unavailable after permanent deletion.

 

This policy aligns with:

 

  • GDPR Chapter III (Articles 12–23)

  • CCPA §§1798.100–1798.120

  • DPDPA Section 11

 

Wingman may request identity verification before fulfilling any data-rights request to prevent unauthorized access.


5. Voluntary Account Deletion (Active Subscribers Only)


Active subscribers may request complete account deletion by emailing Wingman from their registered email address.

Upon verification:

 

  • Deletion will be completed within 24 hours.

  • All personal identifiers will be removed.

  • Operational data becomes anonymized and can no longer be associated with the individual.

  • Encrypted backup traces, if present, remain only until overwritten by standard infrastructure processes (typically 30–90 days).

  • This action is permanent and cannot be reversed, even if the user subscribes again.


6. Backups & Archival Storage

  • Backup systems exist solely for disaster recovery and are encrypted, access-controlled, and automatically rotated.

  • Wingman does not retrieve user information from backups.

  • Archival storage is segregated from operational systems and used only for temporary preservation until restoration or deletion.

  • Recovery requires subscription reactivation and the Restoration Handling Fee due to the substantial technical and compliance steps needed to securely retrieve archived data.
    This approach satisfies GDPR Article 5(1)(f) regarding integrity, confidentiality, and secure processing of personal data.


7. Notification Procedures


Wingman may issue notices for:

  • Subscription expiry,

  • Grace Period reminders,

  • Impending archival transition, and

  • Impending permanent deletion (where applicable).

 

Notifications serve transparency obligations required under global privacy regulations.


8. User Responsibilities

Users are responsible for maintaining an active subscription to ensure continuous access to their digital logbook data.
Wingman is not responsible for the loss of access or deletion caused by failure to renew the subscription within the specified retention timelines.


9. Cross-Border Data Transfers

Wingman may process or store data in India or other jurisdictions as part of its global infrastructure.
All international transfers comply with:

 

  • GDPR Chapter V (adequacy, SCCs, or equivalent safeguards),

  • DPDPA cross-border requirements, and

  • Applicable local regulations governing international data movement.


10. Policy Review

This policy is reviewed annually or upon regulatory, infrastructural, or operational changes to ensure ongoing compliance with global data-protection laws. 

 

If you have questions regarding this Privacy Policy or your data, contact us:

 

WINGMAN AVTECH PRIVATE LIMITED
Legal Entity: Wingman Avtech Pvt Ltd
Legal Representative: Leonard Selvaraja
Email: support@wingman.zohodesk.com
 

bottom of page