Privacy Policy

Aviation Expert GPT is a service provided by ZEXOR DIGITAL, LLC ("Company," "we," "us," or "our"), a limited liability company organized under the laws of Delaware, United States, with its principal place of business at 131 Continental Dr, Suite 305, Newark, New Castle County, DE 19713, United States.

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use MRO Logix Aviation services, including our websites, mobile applications, and any other digital products or services we operate (collectively, the "Services").

This Privacy Policy explains:

1. What personal information we collect
2. Our lawful bases for processing under applicable laws (including GDPR)
3. How we use, share, and protect your information
4. Your rights and choices regarding your personal data
5. How to contact us about privacy concerns

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

We reserve the right to update this Privacy Policy at any time. The 'Last Updated' date at the top of this policy indicates when it was last revised. Any changes become effective when we post the revised Privacy Policy on our Services.

Material Changes: If we make material changes to this Privacy Policy, we will notify you through the Services, by email (if you have provided one), or by other legally required means at least 30 days before the changes take effect.

Your Continued Use: Your continued use of our Services following the posting of changes constitutes your acceptance of such changes. If you do not agree to the revised Privacy Policy, you must stop using our Services.

Personal Information/Personal Data: Any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Sensitive Personal Information: Includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning sex life or sexual orientation, and criminal conviction data.

Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

Data Controller: ZEXOR DIGITAL, LLC, as the entity that determines the purposes and means of processing personal data.

Scope: This Privacy Policy applies to all personal information collected through our Services, regardless of how it is collected or stored, and describes our practices for information collected through:

• Our websites and web applications
• Mobile applications
• API services
• Email and other electronic communications
• Offline interactions

Data Controller: ZEXOR DIGITAL, LLC Service Name: MRO Logix Aviation Address: 131 Continental Dr, Suite 305, Newark, New Castle County, DE 19713, United States Email: privacy@mro-logix.com

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, ZEXOR DIGITAL, LLC acts as the data controller for personal information collected through the Services.

For California residents, ZEXOR DIGITAL, LLC is the business that collects and processes your personal information as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

We process personal data based on one or more of the following legal bases:

1. Consent: You have given clear consent for us to process your personal data for specific purposes. You may withdraw consent at any time.

2. Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

3. Legal Obligation: Processing is necessary to comply with legal obligations, including tax, accounting, anti-money laundering, and data retention requirements.

4. Vital Interests: Processing is necessary to protect someone's life (rarely applicable to our Services).

5. Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where overridden by your fundamental rights and freedoms. Our legitimate interests include:

• Providing and improving our Services
• Ensuring network and information security
• Fraud prevention
• Direct marketing (with appropriate safeguards)
• Internal administrative purposes

6. Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (when applicable).

Special Categories of Data: We generally do not collect special categories of personal data. If we do, we will obtain your explicit consent or rely on another specific legal basis under Article 9 of the GDPR.

We collect information in the following categories:

A. Information You Provide Directly:

• Account Information: Name, email address, username, password, company name, job title
• Profile Information: Professional qualifications, certifications, license numbers
• Contact Information: Phone number, mailing address, emergency contacts
• Payment Information: Billing address, payment card details (processed by our payment processors)
• Communications: Messages, feedback, support requests, and other communications with us
• User Content: Information you submit through our Services, including maintenance records, reports, and documentation

B. Information Collected Automatically:

• Device Information: IP address, device type, operating system, browser type and version
• Usage Data: Pages visited, features used, time spent on pages, click-through rates, search queries
• Location Data: Approximate location based on IP address (we do not collect precise geolocation without consent)
• Log Data: Server logs recording access times, referring URLs, and technical errors
• Cookie Data: As described in our Cookie Policy section

C. Information from Third Parties:

• Business Partners: Information from companies that use our Services on your behalf
• Service Providers: Identity verification, payment processing, and analytics data
• Public Sources: Publicly available professional information

D. Sensitive Information: We generally do not collect sensitive personal information. If collection becomes necessary, we will obtain your explicit consent and implement additional safeguards.

California Privacy Rights (CCPA/CPRA): California residents have additional rights regarding the categories of personal information collected, which are detailed in the 'California Privacy Rights' section below.

A. Rights Under GDPR (European Economic Area, UK, Switzerland):

1. Right to Access: Obtain confirmation of whether we process your data and access to your personal data
2. Right to Rectification: Correct inaccurate or incomplete personal data
3. Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data under certain circumstances
4. Right to Restrict Processing: Request limitation of processing under certain circumstances
5. Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
6. Right to Object: Object to processing based on legitimate interests, direct marketing, or research purposes
7. Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing
8. Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
9. Right to Lodge a Complaint: File a complaint with your local supervisory authority

B. Rights Under CCPA/CPRA (California Residents):

1. Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
2. Right to Delete: Request deletion of personal information, subject to exceptions
3. Right to Opt-Out: Opt-out of the sale or sharing of personal information
4. Right to Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights
5. Right to Correct: Request correction of inaccurate personal information
6. Right to Limit Use: Limit use and disclosure of sensitive personal information
7. Right to Access: Obtain specific pieces of personal information in a portable format

C. How to Exercise Your Rights:

To exercise any of these rights, please contact us at:

• Email: privacy@mro-logix.com
• Mail: ZEXOR DIGITAL, LLC, 131 Continental Dr, Suite 305, Newark, DE 19713
• Phone: 866-767-5850

We will respond to your request within the timeframe required by applicable law (generally 30 days under GDPR, 45 days under CCPA/CPRA).

Verification: We may need to verify your identity before processing your request. This may include asking for additional information to confirm your identity.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. We require written authorization and may need to verify both your and your agent's identity.

A. Privacy by Design: We incorporate privacy considerations into our development process through:

• Data minimization principles
• Privacy impact assessments for new features
• Regular privacy training for employees
• Privacy-enhancing technologies

B. Automated Decision-Making: We generally do not use automated decision-making that produces legal or similarly significant effects. If we implement such systems, we will:

• Provide clear notice
• Offer the right to human review
• Allow you to contest decisions

C. Complaints Process:

1. Contact us directly at privacy@mro-logix.com
2. We will acknowledge receipt within 7 days
3. We will investigate and respond within 30 days
4. If unsatisfied, you may escalate to supervisory authorities

D. Accessibility: This Privacy Policy is available in alternative formats upon request for individuals with disabilities.

E. Language: This Privacy Policy may be translated into other languages. In case of conflict, the English version prevails.

F. Severability: If any provision of this Privacy Policy is found to be unenforceable, the remaining provisions will continue in full force and effect.

G. Entire Agreement: This Privacy Policy, together with our Terms of Service, constitutes the entire agreement regarding our privacy practices.

A. What Are Cookies: Cookies are small text files placed on your device when you visit our Services. We use cookies and similar technologies (pixels, local storage, web beacons) to recognize you, customize your experience, and analyze usage.

B. Types of Cookies We Use:

1. Essential Cookies (Required):

• Enable core functionality like security, network management, and accessibility
• Cannot be disabled as they are necessary for the Services to function
• Examples: Authentication, security tokens, load balancing

2. Functional Cookies:

• Remember your preferences and settings
• Enhance personalization and user experience
• Examples: Language preferences, timezone, display settings

3. Analytics/Performance Cookies:

• Help us understand how visitors interact with our Services
• Collect aggregate data about traffic and usage patterns
• Examples: Google Analytics, internal analytics

4. Marketing/Advertising Cookies:

• Track activity across websites to provide targeted advertising
• Measure effectiveness of advertising campaigns
• We limit use of these cookies and obtain consent where required

C. Cookie Management:

Your Choices:

• Browser Settings: Most browsers allow you to block or delete cookies
• Cookie Banner: Use our cookie consent tool to manage preferences
• Do Not Track: We honor Do Not Track signals where legally required
• Global Privacy Control: We recognize GPC signals as opt-out requests

Impact of Disabling Cookies: Disabling certain cookies may limit functionality and personalization of our Services.

D. CalOPPA Compliance (California Online Privacy Protection Act):

• We disclose how we respond to Do Not Track signals
• You can opt-out of tracking for advertising purposes
• We provide clear information about third-party tracking

E. Other Tracking Technologies:

• Local Storage: Used for functionality and performance
• Session Storage: Temporary storage cleared when browser closes
• Pixels/Web Beacons: Track email opens and website interactions

For more information about cookies: https://allaboutcookies.org/

EU-U.S. Data Privacy Framework: ZEXOR DIGITAL, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Principles: We adhere to the Data Privacy Framework Principles of:

1. Notice
2. Choice
3. Accountability for Onward Transfer
4. Security
5. Data Integrity and Purpose Limitation
6. Access
7. Recourse, Enforcement, and Liability

Dispute Resolution:

• Direct Contact: First, contact us directly at privacy@mro-logix.com
• Alternative Dispute Resolution: If unresolved, you may invoke binding arbitration through JAMS
• Regulatory Authority: The Federal Trade Commission has jurisdiction over our compliance

Liability: We remain liable for the processing of personal data by third parties to whom we transfer it, unless we prove we are not responsible for the event giving rise to damage.

For More Information: Visit https://www.dataprivacyframework.gov/ to learn more about the Data Privacy Framework program.

We share your information only in the following circumstances:

A. Service Providers: We engage trusted third-party service providers who assist us in operating our Services:

• Cloud hosting: Vercel
• File Storage: Amazon AWS S3
• Database storage: Supabase
• Payment processing: Stripe, PayPal
• Email and communication services
• Analytics and performance monitoring
• Customer support tools
• Security and fraud prevention

All service providers are contractually obligated to:

• Process data only on our instructions
• Maintain confidentiality and security
• Delete data when no longer needed
• Comply with applicable privacy laws

B. Legal Requirements: We may disclose information when legally required:

• To comply with applicable laws, regulations, or legal processes
• To respond to lawful requests from public authorities
• To protect rights, privacy, safety, or property
• To enforce our terms and prevent fraud or security issues

C. Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control.

D. With Your Consent: We may share information with your explicit consent or at your direction.

E. Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably identify you.

Important Notes:

• We do not sell, rent, or trade your personal information to third parties
• We do not share your information with third parties for their direct marketing purposes
• For California residents: We do not sell or share personal information as defined under CCPA/CPRA

Third-Party Websites: Our Services may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Social Media Features: Our Services may include social media features (e.g., share buttons, login integrations). These features may collect information about your interaction with them and may use cookies to function properly. Your interactions are governed by the privacy policy of the social media company.

Third-Party Integrations: When you connect third-party services to our Services, you authorize us to access and use certain information from that service as permitted by their terms and privacy policy.

Disclaimer: We are not responsible for the privacy or security practices of third parties. The inclusion of a link does not imply endorsement of the linked site.

We use the information we collect for the following purposes:

A. Service Delivery:

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Manage your account and provide customer support
• Send administrative information, updates, and security alerts

B. Communication:

• Respond to your inquiries and fulfill your requests
• Send marketing communications (with your consent where required)
• Provide information about new features, products, or services

C. Improvement and Analytics:

• Analyze usage patterns to improve user experience
• Conduct research and analytics
• Test new features and functionality
• Monitor and analyze trends and usage

D. Legal and Security:

• Comply with legal obligations and regulatory requirements
• Protect against fraudulent, unauthorized, or illegal activity
• Enforce our terms of service and policies
• Protect our rights, privacy, safety, or property

E. Marketing and Advertising:

• Send promotional materials (where permitted)
• Personalize your experience
• Measure advertising effectiveness
• We do not sell your personal information to third parties

F. Business Operations:

• For auditing and accounting purposes
• To conduct business planning and management
• To operate our corporate group effectively

Retention: We retain personal information only for as long as necessary to fulfill the purposes outlined above, unless a longer retention period is required or permitted by law.

A. Storage Location:

• Primary data storage: United States
• Cloud infrastructure: Google Cloud Platform and Amazon Web Services
• Database hosting: Neon Database (ISO 27001, ISO 27701 certified)
• File storage: Google Cloud Storage

B. International Data Transfers:

For EEA/UK/Swiss Residents: When we transfer your personal data from the EEA, UK, or Switzerland to the United States or other countries, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent for specific transfers

Data Privacy Framework: We comply with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data.

C. Security Measures:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication
• Regular security audits and assessments
• Incident response procedures
• Employee training on data protection

D. Data Retention:

• Active account data: Duration of account plus 12 months
• Log files: 7-90 days depending on type
• Legal compliance data: As required by law
• Marketing data: Until consent withdrawn or 3 years of inactivity

We will notify you promptly of any data breach that may compromise your personal information, as required by applicable law.

A. Additional Rights for California Residents:

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights:

1. Categories of Personal Information: We collect the following categories under California law:

• Identifiers (name, email, IP address)
• Commercial information (transaction history)
• Internet activity (browsing history on our Services)
• Geolocation data (approximate location from IP)
• Professional information (employment details)
• Inferences (preferences derived from your use)

2. Sources of Information:

• Directly from you
• Automatically through your use of Services
• Third-party service providers

3. Sale of Personal Information:

• We DO NOT sell your personal information
• We DO NOT share personal information for cross-context behavioral advertising

4. Sensitive Personal Information: We limit the use of sensitive personal information to purposes permitted under CPRA.

5. Right to Opt-Out: Visit our 'Do Not Sell or Share My Personal Information' page or email privacy@mro-logix.com

6. Financial Incentives: We do not offer financial incentives for personal information.

7. Shine the Light Law (CalOPPA Compliance):

• California residents may request a list of third parties to which we've disclosed personal information for direct marketing
• We do not share information with third parties for their direct marketing
• Our Services respond to browser 'Do Not Track' signals

B. How to Exercise Your California Rights:

• Online: Submit a request at [privacy portal link]
• Email: privacy@mro-logix.com

We will verify your identity before processing requests and respond within 45 days (with possible 45-day extension).

C. Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

A. Technical and Organizational Measures:

We implement comprehensive security measures including:

• Encryption: AES-256 encryption at rest, TLS 1.2+ in transit
• Access Control: Role-based access control, multi-factor authentication
• Infrastructure: ISO 27001/27701 certified data centers
• Monitoring: 24/7 security monitoring and intrusion detection
• Regular Audits: Annual security assessments and penetration testing
• Employee Training: Regular privacy and security awareness training
• Vendor Management: Security assessments of all third-party providers

B. Data Breach Response:

In the event of a data breach:

1. Immediate Response: Contain the breach and assess the scope
2. Investigation: Determine what data was affected and who is impacted
3. Notification Timeline:
   • GDPR: Within 72 hours to supervisory authorities, without undue delay to affected individuals
   • CCPA/CPRA: Without unreasonable delay
   • Other jurisdictions: As required by applicable law
4. Notification Content: Nature of breach, types of data, potential consequences, mitigation measures, contact information
5. Remediation: Implement measures to prevent future breaches

C. Your Security Responsibilities:

• Maintain strong, unique passwords
• Keep your account credentials confidential
• Notify us immediately of any unauthorized access
• Keep your contact information updated

D. Limitation of Liability: While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information. You provide information at your own risk.

Age Restrictions: Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16.

Parental Rights: If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@mro-logix.com. We will take steps to delete such information from our systems.

Age Verification: By using our Services, you represent that you are at least 16 years old or are using the Services under appropriate parental supervision.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect information from children under 13 without verifiable parental consent.

Compliance with Legal Obligations: We may disclose your personal information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, or compulsory legal processes
• Respond to valid government or law enforcement requests
• Protect and defend our rights or property
• Act in urgent circumstances to protect personal safety
• Protect against legal liability
• Investigate potential violations of our Terms of Service

Transparency Report: Where permitted by law, we will notify you of legal requests for your information unless prohibited by law or court order.

Data Requests: We carefully review each request to ensure it is legally valid and will challenge requests that are overly broad or inappropriate.

For Privacy Inquiries:

General Privacy Contact: Email: privacy@mro-logix.com

Mailing Address: ZEXOR DIGITAL, LLC Attn: Privacy Department 131 Continental Dr, Suite 305 Newark, New Castle County, DE 19713 United States

Response Time: We aim to respond to all privacy inquiries within 30 days (or sooner if required by applicable law).

Supervisory Authorities:

For EEA Residents: You may contact your local data protection authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en

For UK Residents: Information Commissioner's Office (ICO) Website: https://ico.org.uk

For California Residents: California Privacy Protection Agency Website: https://cppa.ca.gov

Accessibility: If you need this Privacy Policy in an alternative format, please contact us.

Contact Form: You can also reach us through our Contact Form.