// LEGAL
PRIVACY POLICY
Effective Date: February 18, 2026 | Last Updated: February 18, 2026
Also see our Terms of Service.
1. Introduction
Imagine Flying LLC ("we," "us," or "our"), a limited liability company based in Jacksonville, Florida, operates HeyDPE ("the Service"), an AI-powered web application that simulates FAA Designated Pilot Examiner (DPE) oral examinations for checkride preparation.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at aviation-oral-exam-companion.vercel.app or use our Service.
By using HeyDPE, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
We collect the following categories of information:
| Data | Source | Purpose |
|---|---|---|
| Email address | Registration | Contract performance |
| Password (hashed) | Registration | Authentication |
| Exam session data | App usage | Progress tracking |
| Voice input (transient) | Microphone / STT | Processed client-side via Web Speech API; NOT stored |
| Conversation transcripts | App usage | Sent to Anthropic API for AI assessment |
| Payment information | Stripe checkout | Billing |
| Device / browser info | Automatic (cookies) | Analytics |
| IP address | Automatic | Security |
| UTM parameters | URL query string | Marketing attribution |
| Usage analytics | GA4, Clarity cookies | Product analytics |
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and maintain the Service — delivering AI-powered exam simulations, tracking your progress, and personalizing your experience.
- Process payments — managing subscriptions, billing, and refunds through Stripe.
- Analytics and improvement — understanding how users interact with the Service to improve features, performance, and user experience.
- Fraud prevention and security — detecting and preventing unauthorized access, abuse, or security threats.
- Legal obligations — complying with applicable laws, regulations, and legal processes.
4. Third-Party Services
We share data with the following third-party service providers, each under their own privacy policies:
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase | Email, auth data | Database & authentication |
| Anthropic Claude API | Conversation text | AI examiner responses |
| OpenAI TTS API | Examiner text | Text-to-speech |
| Stripe | Payment details | Billing |
| Vercel | IP address, headers | Hosting |
| Google Analytics (GA4) | Anonymized usage | Traffic analysis |
| Google Ads | Conversion data | Ad attribution |
| Microsoft Clarity | Click / scroll behavior | UX analysis |
5. Voice Data
Important Disclosure
HeyDPE offers an optional voice input feature powered by your browser's Web Speech API. Here is exactly what happens with your voice data:
- Speech recognition runs in your browser. When you use voice mode in Google Chrome, your audio is sent to Google's servers for speech-to-text conversion as part of Chrome's built-in Web Speech API. This is a browser feature, not a HeyDPE feature.
- HeyDPE does NOT store your audio recordings. We never receive, store, or process raw audio data. Voice input is transient and processed entirely client-side.
- The resulting text transcript IS sent to Anthropic. Once your speech is converted to text by the browser, the text is sent to the Anthropic Claude API to generate examiner responses and assessments.
- You can always use text input instead. Voice mode is optional. You may type your answers at any time to avoid using the Web Speech API entirely.
6. Data Retention
- Account data — retained while your account is active, plus 30 days after account deletion to allow for recovery.
- Payment records — retained for 7 years as required by tax and financial regulations.
- Analytics data — retained for 26 months (Google Analytics default retention period).
- Voice recordings — not retained. Audio is never stored by HeyDPE (see Section 5).
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
General Rights
- Access — request a copy of the personal data we hold about you.
- Correction — request that we correct inaccurate or incomplete data.
- Deletion — request that we delete your personal data.
- Export — receive your data in a portable, machine-readable format.
- Opt-out of analytics — disable Google Analytics and Clarity tracking via your browser settings or cookie preferences.
CCPA Rights (California Residents)
- Right to know — what personal information we collect, use, and disclose.
- Right to delete — request deletion of your personal information.
- Right to opt-out of sale — HeyDPE does NOT sell your personal data to third parties.
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
GDPR Rights (EEA/UK Residents)
- Data portability — receive your data in a structured, commonly used format.
- Restrict processing — request that we limit how we use your data.
- Object to processing — object to our processing of your personal data.
- Lodge a complaint — file a complaint with your local data protection authority.
- Withdraw consent — withdraw your consent at any time where processing is based on consent.
To exercise any of these rights, contact us at pd@imagineflying.com.
8. Children's Privacy
HeyDPE is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at pd@imagineflying.com and we will take steps to delete such information.
9. Security
We implement industry-standard security measures to protect your personal data:
- TLS encryption — all data in transit is encrypted using TLS (HTTPS).
- Encryption at rest — database data is encrypted at rest via Supabase infrastructure.
- Password hashing — passwords are hashed using bcrypt and never stored in plaintext.
- Row-Level Security (RLS) — database access policies ensure users can only access their own data.
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will notify you by email at the address associated with your account and update the "Last Updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
11. Contact
If you have questions or concerns about this Privacy Policy, please contact us:
Imagine Flying LLC
Jacksonville, FL
Email: pd@imagineflying.com