Privacy Policy

Effective Date: April 9, 2026

Desert Skies Aviation ("we", "us", or "our") operates as a Part 61 flight school. We are committed to protecting your privacy and handling your personal information with care and transparency.

What Information We Collect

  • Name, contact details, and profile information
  • Training records, flight logs, and progress data
  • Documents you upload (certificates, licenses, etc.)
  • Communication and notification preferences
  • Google Calendar (if you connect it): With your explicit consent through Google’s OAuth screen, we may access:
    • Event data we read: Titles, start/end times, descriptions, locations, attendee metadata, and related fields from events on your primary calendar (within the date ranges our sync uses) so we can show conflicts and avoid double-booking.
    • Event data we write: We create, update, and delete calendar events that represent flight training sessions, discovery flights, and related scheduling—so your Google Calendar stays aligned with the portal.
    • Account identifiers: Your Google account ID and email address from Google’s userinfo service so we can label which calendar is connected and associate tokens with your portal profile.
  • OAuth credentials (server-side): If you connect Google Calendar, we store access tokens and refresh tokens (and related metadata such as expiry) on our servers (hosted database). These credentials are used only to call Google’s APIs on your behalf to provide the calendar features below. We do not use Google Calendar data for unrelated products.
  • Microsoft Outlook Calendar (if you connect it): We store Outlook OAuth tokens server-side and use them only to provide the same category of scheduling sync and conflict-avoidance features; we do not sell that data or use it for advertising.

How We Use Your Information

  • To provide and improve your training experience
  • To communicate important updates and notifications
  • To comply with FAA and regulatory requirements
  • For internal analytics and safety improvements
  • Google Calendar integration: We use data from Google only to operate user-facing scheduling features you expect when you connect a calendar: importing external busy times for conflict checks, exporting and maintaining training-related events, and keeping the portal schedule consistent with your calendar. We do not sell Google user data, do not use it for advertising, and do not use it to train generalized artificial intelligence or machine-learning models. Human access to the contents of your Google Calendar data is limited to what is needed to provide the service, security, comply with law, or support you when you contact us—and not for unrelated profiling.

Limited use of Google user data

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: we use that data only to provide or improve user-facing features that are prominent in our application; we do not transfer it except as necessary to provide those features, for security, to comply with law, or as part of a merger or similar transaction; and we do not use it for ads or sold data feeds.

Sharing of Information

  • We do not sell your personal information.
  • Your information may be shared with instructors, administrators, and regulatory authorities as required for your training and compliance.
  • Google Calendar: We do not sell or license your Google Calendar content to third parties. Google receives API requests directly from our servers when performing sync on your behalf; we do not otherwise share your calendar contents with unrelated third parties.

Data Security

  • We use industry-standard security measures to protect your data.
  • Access to your information is limited to authorized personnel only.
  • OAuth tokens are stored in our secure backend and are not exposed to other users’ browsers or sessions. Access to the database and credentials follows least-privilege practices.

Your Choices

  • You can update your profile and preferences at any time in the portal.
  • You may request deletion of your account and data, subject to regulatory retention requirements.
  • Google Calendar: You can disconnect at any time in the portal under Settings → Calendar integration (/settings/calendar). Disconnecting deletes your stored calendar connection and OAuth tokens from our application and stops all further Google Calendar API access from the portal for that connection. You can also remove our app’s access anytime from your Google Account (Third-party access / Security settings). Events we previously created in your Google Calendar remain in Google unless you delete them there; copies of imported or synced metadata in our systems may be retained for a period consistent with backups and operational logs unless you request deletion where applicable.

Contact Us

If you have questions about this policy, contact us at:

This policy may be updated from time to time. Significant changes will be communicated through the portal.