Aviagent.ai is an AI-assisted airworthiness directive (AD) compliance management platform designed for CAMO, MRO, and Part 145 organizations. It helps aviation professionals track, manage, and ensure compliance with ADs from multiple aviation authorities including FAA, EASA, TCCA, and ANAC.

Which aviation authorities does Aviagent support?

Aviagent currently supports airworthiness directives from four major aviation authorities: FAA (Federal Aviation Administration), EASA (European Union Aviation Safety Agency), TCCA (Transport Canada Civil Aviation), and ANAC (Agência Nacional de Aviação Civil - Brazil). Our database includes historical ADs dating back to 1994.

Does the AI make compliance decisions automatically?

No. Aviagent.ai is designed as a decision support tool, not an automated compliance system. The AI assists by matching ADs to your fleet based on aircraft model and serial numbers, and by drafting work orders. However, all critical compliance determinations require validation and approval by qualified airworthiness engineers.

Is there a free trial available?

Yes! We offer a 30-day free trial that includes full access to our AD library, support for up to 5 aircraft, and onboarding assistance. No credit card is required to start your trial.

Legal·v1.0

Privacy Policy

GDPR-Compliant Data Processing Notice

Effective: 1 April 2026·Scandic Cloud Solutions AS, Norway

1. Data Controller

The data controller for personal data processed through the Service is:

Scandic Cloud Solutions AS
Norway (org.nr. 918 786 791 MVA)
privacy[at]aviagent[dot]ai

2. Personal Data We Collect

2.1 Account Data

When you create an account, we collect: full name, work email address, organisation name, job title, country, and phone number (optional, for SMS authentication).

2.2 Authentication and Security Data

For multi-factor authentication and security purposes we collect: email OTP tokens (not stored after verification), TOTP authenticator secrets (stored encrypted), SMS verification codes (not stored after verification), IP addresses at login and Terms acceptance, and browser user agent strings.

2.3 Fleet and Compliance Data (Subscriber Data)

Aircraft registration numbers, aircraft type and serial number data, and maintenance compliance records entered by the Subscriber. This data may include personal data if the Subscriber enters information relating to individual maintenance engineers or accountable managers. Aviagent.ai acts as a data processor for this data category.

2.4 Usage Data

API access logs including endpoint, timestamp, IP address, and response code. Page access logs. Feature usage analytics (aggregated). Error and diagnostic data.

2.5 Payment Data

Payment processing is handled by our payment processor. Aviagent.ai does not store credit card numbers. We retain invoice data (amount, date, subscription plan) for accounting and VAT purposes as required by Norwegian law.

3. Legal Basis for Processing

Data Category	Legal Basis
Account Data	Contract performance (GDPR Art. 6(1)(b))
Authentication & Security Data	Legitimate interests — security (GDPR Art. 6(1)(f))
Fleet & Compliance Data	Contract performance on behalf of Subscriber
Usage Data	Legitimate interests — service improvement (GDPR Art. 6(1)(f))
Payment Data	Legal obligation — accounting/VAT (GDPR Art. 6(1)(c))

4. Data Retention

Data Category	Retention Period
Account Data	Duration of subscription + 30 days after termination
Subscriber Data (fleet/compliance)	30 days after account termination, then permanently deleted
Authentication logs	90 days
API access logs	90 days
Invoice and payment records	5 years (Norwegian Bookkeeping Act)
Legal acceptance records (ToS, Disclaimer)	5 years after account termination

5. Data Sharing and Third Parties

We do not sell personal data. We share personal data with the following categories of third parties only where necessary to operate the Service:

Processor	Purpose	Location
DigitalOcean	Cloud hosting and database infrastructure	EEA (AMS3)
Resend	Transactional email delivery	USA (SCCs in place)
Twilio	SMS authentication	EEA data centres available
Payment Processor	Payment processing	TBC before launch

6. Data Subject Rights

Under GDPR, individuals whose personal data we process have the following rights. To exercise any right, contact privacynospam[at]aviagent[dot]ai. We will respond within 30 days.

Right of access (Art. 15) — Obtain a copy of your personal data
Right to rectification (Art. 16) — Correct inaccurate personal data
Right to erasure (Art. 17) — Request deletion, subject to legal retention obligations
Right to restrict processing (Art. 18) — Limit how we use your data
Right to data portability (Art. 20) — Receive your data in machine-readable format
Right to object (Art. 21) — Object to processing based on legitimate interests
Right to withdraw consent — Where processing is consent-based (e.g. marketing)

Note: Some rights are subject to limitations where processing is required for compliance with legal obligations or for the performance of a contract.

7. Security

We implement the following technical and organisational security measures:

Encryption of data in transit using TLS 1.2 or higher
Encryption of sensitive data at rest (authentication secrets, TOTP keys)
Password hashing using bcrypt with appropriate work factor
JWT access tokens with short expiry periods
IP address logging for all authentication events
Access controls limiting employee access to personal data to those with a business need
Regular security reviews of application dependencies and infrastructure

In the event of a personal data breach that is likely to result in risk to individuals, we will notify the Datatilsynet (Norwegian Data Protection Authority) within 72 hours and, where required, notify affected individuals without undue delay.

8. International Transfers

The Service is hosted on DigitalOcean infrastructure located within the European Economic Area (EEA). Where we use processors outside the EEA (currently only Twilio, which has EEA data centres available), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

9. Cookies and Tracking

The Service uses the following types of cookies and local storage:

Strictly necessary: Session tokens required for authentication — cannot be disabled
Functional: User preferences (theme, language) — stored in localStorage
Analytics: Aggregated usage metrics — no individual tracking cookies

We do not use third-party advertising cookies or tracking pixels.

10. Complaints

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with:

Datatilsynet (Norwegian Data Protection Authority)
www.datatilsynet.no

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in our processing activities or in applicable law. Material changes will be notified by email at least 30 days before the effective date. The current version is always available at aviagent.ai/privacy.

Contact: privacy[at]aviagent[dot]ai · Scandic Cloud Solutions AS, Norway

Terms Privacy Disclaimer AUP