Privacy Policy

1. Controller

Athmos Media OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
Registry code: 17413806 · Managing director: Cedric Constantin Radeke
Email: support@airmancompanion.de

This policy describes how we process personal data when you use our website, learning platform, and the Toralf – Airman Companion Chrome extension.

2. Data we process

• Account & auth: email address, authentication tokens (via Supabase). Magic-link / OTP login on the website and in the extension.
• Learning platform: profile and bundle-related data as described when you register (e.g. flight school or student programmes).
• Toralf (AI): text you send and, if you choose, images or screenshots you upload. These are sent to our servers and to Anthropic (Claude) to generate answers. We track usage limits (requests / cost per billing period); we do not use your chats to train public models (Business API terms).
• Payments: processed by Stripe; we do not store full card numbers.
• Technical data: browser type, timestamps, security logs. We minimise IP retention.

3. Toralf Chrome extension

When you install and use our official extension from the Chrome Web Store:

• Side panel: the UI runs locally as part of the extension package (HTML/CSS/JavaScript). No remote code execution from third-party scripts.
• chrome.storage.local: stores session tokens and optional settings (e.g. API base URL for development) on your device only. Not used for advertising.
• Screenshots: captured only when you click the screenshot action; the image is sent to our API for Toralf to analyse, like an uploaded image.
• Network: HTTPS requests to Airman Companion (chat, extension login) and Supabase (authentication / token refresh). Host permissions are limited to our domains, Supabase, and localhost (development builds only).

Purpose: provide Toralf to logged-in customers alongside their normal browsing — not for tracking browsing history for ads or resale of data.

4. Purposes & legal bases (GDPR)

We process data to deliver the contract or pre-contract steps you request (Art. 6(1)(b) GDPR) — e.g. access to courses, Toralf, bundles, and extension login. Some processing relies on our legitimate interest in securing and improving the service (Art. 6(1)(f) GDPR), such as abuse prevention and limited logging.

5. Processors & transfers

We use vetted providers, including:

• Supabase — database & auth (EU region: Frankfurt, Germany).
• Vercel — hosting (may involve US entity; safeguards such as EU Standard Contractual Clauses where applicable).
• Stripe — payments (USA) · stripe.com/privacy
• Resend — transactional email (e.g. login codes).
• Anthropic — AI responses (USA, Business API).

Where data is transferred outside the EEA, we rely on appropriate safeguards (e.g. SCCs) as required by GDPR.

6. Retention

We keep data only as long as needed for your account, legal obligations (e.g. invoices), or security. Extension-local storage can be cleared by removing the extension or using Chrome's site data controls.

7. Your rights

You may request access, rectification, erasure, restriction, portability, and object where applicable (Articles 15–21 GDPR). Contact: support@airmancompanion.de. You may also lodge a complaint with a supervisory authority.

8. Children

Our services are aimed at flight students and schools. If you believe we have processed a child's data without proper consent, contact us and we will address it.

9. Changes

We may update this policy; the "Last updated" date will change. Material changes will be communicated as required by law.