Privacy Policy

Version: 1.0
Effective Date: 2026-05-01
1. Who We Are

AirDealer ("the Platform," "we," "us," or "our") provides a specialized digital environment for managing aircraft assets, facilitating transactions, and supporting institutional aviation market participants.

This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with your access to and use of the Platform.

Contact Information:

Email: [email protected]

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), AirDealer acts as the data controller for personal data processed through the Platform, except where we process data on behalf of our clients as specified in separate agreements.

2. Scope

This Privacy Policy applies to personal data collected from:

  1. Representatives of organizations requesting access to the Platform
  2. Registered users and account administrators
  3. Users interacting with the Platform, including submitting requests, listings, and transaction-related information
This Policy does not apply to information that does not relate to an identified or identifiable individual. However, we may apply similar security and confidentiality measures to such information where appropriate.

3. Information We Process

We process information necessary to operate the Platform and support institutional transactions. This includes both personal data and non-personal business data, as described below.

3.1 Information Provided by Users

We process personal data that users and organizations provide directly, such as:

  1. Full name
  2. Business email address
  3. Organization name, role, and position
  4. Business contact details (e.g., phone number, office address)
  5. Information submitted during onboarding, due diligence, and verification
  6. Communications and requests related to listings, sourcing, or transactions
3.2 Platform Usage Data

When you access and use the Platform, we may process:

  1. Login activity and session data (e.g., timestamps, IP address, device/browser data)
  2. Interactions with listings, requests, portfolios, and Platform features
  3. System logs and technical diagnostics related to performance, availability, and security
This information is used primarily to operate the Platform, maintain security, and improve functionality.

3.3 Organizational and Transaction Data

In the course of facilitating transactions and managing aviation assets, the Platform processes data submitted by users and organizations, which may include:

  1. Information related to aircraft assets, components, engines, and portfolios
  2. Technical specifications, maintenance records, and supporting documentation
  3. Commercial information related to transaction structures, pricing terms, deal documentation, and financing arrangements
  4. Data submitted as part of asset listings, sourcing requests, or ongoing transactions
Such data may include business-sensitive technical and commercial information. While this information is generally not personal data, it may in certain cases be linked to identifiable individuals (e.g., contact persons, signatories, or representatives) and therefore fall within the scope of applicable data protection laws.

All such information is subject to strict access controls, confidentiality obligations, and security measures implemented by the Platform.

3.4 Information from Other Sources

Where permitted by law, we may receive information about users from:

  1. The user's employing or contracting organization
  2. Publicly available sources (such as professional or corporate registries)
  3. Service providers and partners supporting onboarding, compliance, or security checks
We use this information to verify organizations and user roles, maintain accurate records, and comply with applicable requirements.

4. How We Use Information

We process personal data for the following purposes:

  1. To verify organizations and user roles and grant access to the Platform
  2. To provide, operate, and maintain core Platform functionality
  3. To facilitate asset sourcing, listings, and transactions between institutional participants
  4. To process and manage technical and commercial information related to assets and transactions
  5. To manage user accounts, permissions, and organizational structures within the Platform
  6. To ensure the security, integrity, and availability of the Platform
  7. To monitor and prevent fraud, misuse, or unauthorized access
  8. To communicate with users regarding access, activity, updates, and support
  9. To analyze usage and improve Platform performance, features, and user experience
  10. To comply with legal and regulatory obligations that apply to us
We do not use personal data for unsolicited marketing purposes or sell personal data to third parties.

5. Legal Basis for Processing

Where applicable under data protection laws (such as the GDPR), we rely on the following legal bases for processing personal data:

  1. Performance of a contract: To provide access to the Platform, create and manage user accounts, and deliver requested services and functionalities.
  2. Legitimate interests: To operate, secure, and improve the Platform; to monitor and prevent abuse; to manage relationships with client organizations; to protect our rights and defend against claims, provided that such interests are not overridden by the rights and freedoms of data subjects.
  3. Legal obligations: To comply with applicable laws and regulatory requirements, including record-keeping, accounting, compliance, sanctions, and similar obligations.
  4. Consent: Where explicitly required by law (for example, for certain optional features or communications), we will obtain consent and allow users to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6. Data Sharing and Disclosure

We do not sell personal data.

We may share data in the following cases:

6.1 With Other Authorized Platform Participants

As necessary for listings, sourcing requests, negotiations, and transactions, in accordance with the roles and permissions defined by organizations and users.

6.2 With Service Providers

With trusted third-party providers that support infrastructure, hosting, data storage, security, analytics, communication, and other operational services required to run the Platform.

6.3 Within Our Corporate Group

With affiliated entities that support the operation, development, and administration of the Platform, subject to appropriate safeguards (if applicable).

6.4 With Professional Advisors

With legal, compliance, audit, or other professional advisors where necessary to protect our rights or comply with obligations.

6.5 Where Required by Law or Regulatory Authorities

To competent authorities, regulators, courts, or law enforcement where we are legally required to do so or where disclosure is necessary to protect our legitimate interests, rights, or the rights of others.

All third parties that process personal data on our behalf are subject to appropriate contractual confidentiality and data protection obligations.

7. Cookies and Similar Technologies

If you access the Platform through a web interface, we may use cookies and similar technologies to:

  1. Enable core Platform functionality (e.g., authentication, session management)
  2. Enhance security and detect fraudulent activity
  3. Remember user preferences and improve user experience
  4. Collect aggregated usage information to help us improve the Platform
Where required by applicable law, we will provide a cookie banner or settings mechanism and allow users to manage their cookie preferences. For more information, please refer to our Cookie Policy (if available) or contact us using the details below.

8. Data Security

We implement appropriate technical and organizational measures to protect data, including:

  1. Encryption in transit and at rest where appropriate
  2. Role-based access controls and authorization mechanisms
  3. Secure infrastructure, monitoring, and logging
  4. Separation of environments and restricted access to production systems
  5. Internal policies and procedures for incident response and access management
Access to data is limited to authorized users based on their role and organizational permissions, and to our authorized personnel and service providers who need access for the purposes described in this Policy.

9. Data Retention

We retain personal data only as long as reasonably necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law.

Retention Principles

Data Category

Retention Period

Account and profile data

Duration of relationship with client organization and for a reasonable period thereafter to address queries, disputes, and legal obligations

Transaction and related records

Period required by applicable laws (commercial, tax, or regulatory retention periods)

Technical logs and security data

Limited period necessary for security monitoring, troubleshooting, and audit, unless longer retention is required for investigations or legal claims


Table 1: General data retention principles by category
Where data is no longer needed for the purposes for which it was collected, we will delete or anonymize it, unless we are legally required or permitted to retain it longer.

10. International Data Transfers

The Platform may operate infrastructure or use service providers located in different countries. This can involve transferring personal data across jurisdictions.
Where data is transferred from the European Economic Area (EEA), the United Kingdom, or other regions with data transfer restrictions, we will use appropriate safeguards, such as:

  1. Standard contractual clauses or equivalent mechanisms approved by relevant authorities
  2. Additional technical and organizational measures to protect the data
  3. Secure processing environments with strict access controls
You may contact us for more information about the safeguards used for international transfers that concern your personal data.

11. User Rights

Depending on applicable law and subject to certain conditions, users may have the right to:

  1. Access their personal data and obtain a copy
  2. Request correction of inaccurate or incomplete personal data
  3. Request deletion of personal data (right to erasure)
  4. Request restriction of processing
  5. Object to certain processing, particularly where based on legitimate interests
  6. Request data portability, where technically feasible and applicable
Where processing is based on consent, users have the right to withdraw their consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

How to Exercise Your Rights

Requests to exercise these rights can be submitted using the contact details in Section 1. We may need to verify the requester's identity and may ask for additional information to process the request. Applicable laws may allow us to deny certain requests, in which case we will provide an explanation where required.

Right to Lodge a Complaint

Users also have the right to lodge a complaint with a competent supervisory authority if they believe their rights have been violated. Details of the relevant authority will depend on the user's location and our main establishment.

For users in the European Economic Area, a list of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

12. Confidentiality of Transactions and Business Data

The Platform is designed for institutional and professional use. Data submitted to the Platform may include business-sensitive technical and commercial information related to aviation assets and transactions.

We implement measures to ensure that:

  1. Access to such information is limited to authorized users, organizations, and our personnel on a need-to-know basis
  2. Internal and external recipients are subject to confidentiality obligations
  3. Sensitive transaction information is not broadly disclosed across the Platform
These measures apply regardless of whether the data qualifies as personal data under applicable law.

13. Roles: Data Controller and Data Processor

In many cases, AirDealer acts as a data controller for personal data relating to:

  1. User accounts and profiles
  2. Platform security, logging, and monitoring
  3. General operation, maintenance, and improvement of the Platform
In other cases, particularly where organizations use the Platform to store or process information relating to their own transactions, counterparties, or contacts, AirDealer may act as a data processor on behalf of the relevant client organization.

Where AirDealer acts as a data processor, we process personal data strictly in accordance with documented instructions of the relevant client organization and in line with the applicable agreement and data protection requirements.

Client organizations are responsible for determining their own legal bases, responsibilities, and obligations as controllers in relation to the personal data they upload or manage via the Platform.

Users remain solely responsible for ensuring that any data they upload, share, or make available on the Platform complies with applicable laws, contractual obligations, and internal policies.

14. Privacy by Design and Impact Assessments

We seek to integrate data protection and security considerations into the design and operation of the Platform ("privacy by design and by default"). This includes:

  1. Limiting the personal data we collect to what is necessary for defined purposes
  2. Implementing access controls and minimizing unnecessary visibility of sensitive information
  3. Regularly reviewing security measures and data handling practices
Where required by applicable law, we may conduct data protection impact assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms.

15. Automated Decision-Making

We do not use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects for users.

If we introduce such functionality in the future, we will update this Privacy Policy and, where required, provide additional information and safeguards.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionalities of the Platform.

Updates will be indicated by the "Effective Date" at the top of this document. Where changes are material, we will take reasonable steps to inform users through the Platform or by other appropriate means. Where required by law, we will seek renewed consent for certain changes.

Continued use of the Platform after the updated Policy takes effect indicates that you have read and understood the changes, to the extent permitted by applicable law.

17. Contact

For questions or requests related to this Privacy Policy or our data practices, please contact:

Email: [email protected]

We will review and respond to your request within a reasonable timeframe in accordance with applicable laws.

18. Governing Framework

This Privacy Policy is designed to align with applicable data protection standards, including the General Data Protection Regulation (GDPR), where applicable.

End of Privacy Policy