Personal Data Processing Policy

1. Data Controller

Wright Aviation Intelligence ("Wright", "we", or "our") is the data controller responsible for the personal data collected through the Wright web platform (hereinafter, "the Platform").

• Contact email: snellcssas@gmail.com
• Domicile: Colombia

2. Legal Framework

This policy is governed by the Political Constitution of Colombia (Article 15), Statutory Law 1581 of 2012, Regulatory Decree 1377 of 2013, and other applicable regulations on personal data protection.

3. Personal Data We Collect

We collect the following personal data:

• Identification data: full name and email address.
• Authentication data: password (stored as a secure hash; never in plain text).
• Profile data (optional): phone, address, city, country, zip code, and aviation role.
• Usage data: pages visited, features used, queries made to AI tools, and timestamps.
• Technical data: IP address, browser type, device type, and operating system.
• Communications: messages sent to our support team.
• AI queries: questions you submit to the artificial intelligence tools (NOTAM AI, RAC AI, AIP AI) are processed to generate responses and logged for usage control purposes.

We do not collect sensitive data as defined by Article 5 of Law 1581 of 2012. We do not collect payment card data directly; payments are handled by third-party payment processors.

4. Purposes of Data Processing

Personal data will be used for the following purposes:

• To provide, maintain, and improve the Platform services.
• To authenticate the data subject's identity and manage their user account.
• To control and limit AI tool usage according to the subscribed plan.
• To respond to inquiries and provide technical support.
• To send service-related notifications (security alerts, maintenance windows).
• To perform aggregate and anonymized statistical analysis to improve user experience.
• To comply with applicable legal obligations.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Subject Rights

In accordance with Law 1581 of 2012, as a data subject you have the right to:

• Access: request information about the personal data we hold.
• Update: request the update of inaccurate or incomplete data.
• Rectify: request the correction of erroneous data.
• Delete: request deletion of your data when it is no longer necessary for the authorized purposes, there is no legal duty to retain it, or when you revoke your authorization.
• Revoke authorization: revoke at any time the consent given for the processing of your personal data.
• Request information: know how your personal data has been used.
• File complaints: before the Superintendence of Industry and Commerce (SIC) for violations of Law 1581 of 2012.

6. Procedure to Exercise Your Rights

To exercise any of the rights above, you may:

• Send an email to snellcssas@gmail.com including: full name, registered email address, description of the request, and supporting documents if applicable.
• Use the "Delete Account" option available in the My Account section to request complete deletion of your data.
• Use the "Edit Profile" option in My Account to update or rectify your data directly.

We will respond to your request within ten (10) business days from the date of receipt. If it is not possible to address it within that period, we will inform you of the reasons and the estimated response date, which will not exceed five (5) additional business days.

7. Authorization

By creating an account on the Platform, the data subject grants prior, express, and informed authorization for the processing of their personal data in accordance with the purposes described in this policy. Authorization is obtained through the checkbox presented in the registration form.

8. AI Query Processing

Queries you make to the AI tools (NOTAM AI, RAC AI, AIP AI) are processed by third-party artificial intelligence providers (Anthropic) to generate responses. These queries are logged internally for usage control and service improvement purposes.

9. Data Processors

To provide our services, we use the following providers who may act as data processors:

• Vercel: web platform hosting.
• Neon: cloud PostgreSQL database.
• Anthropic: artificial intelligence query processing.
• Mapbox: aeronautical map visualization.
• Google / Microsoft: OAuth authentication (when the user chooses to sign in with Google or Microsoft).

10. Security Measures

We implement reasonable technical, human, and administrative measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Passwords are stored using secure hashing algorithms (bcrypt). Communications are encrypted via HTTPS/TLS.

11. Database Validity Period

Personal data will be retained as long as the data subject's account remains active or as long as it is necessary to fulfill the processing purposes. Once the account is deleted, personal data will be removed from our databases, except for data that must be retained due to legal obligations.

12. Changes to This Policy

Wright reserves the right to modify this policy at any time. Changes will be communicated to data subjects via notice on the Platform or by email at least fourteen (14) days in advance.

13. Contact and Complaints

For inquiries, claims, or requests related to the processing of your personal data:

• Email: snellcssas@gmail.com
• Supervisory authority: Superintendence of Industry and Commerce (SIC) — www.sic.gov.co