Privacy Policy

Last updated: March 1, 2026

1. Introduction

AeroDesk (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the Brazilian General Data Protection Law (LGPD — Lei 13.709/2018) and other applicable regulations.

2. Data We Collect

  • Account data: Name, email address, phone number, and company name when you register.
  • Listing data: Aircraft details, photos, pricing, and descriptions you submit.
  • Usage data: Pages visited, search queries, listing views, and interaction events (via PostHog analytics).
  • Communication data: Messages sent via the contact form or lead system.
  • Payment data: Processed by Stripe; we do not store card numbers or CVV codes.
  • Device data: IP address, browser type, and operating system for security and analytics.

3. How We Use Your Data

  • Operate and improve the AeroDesk marketplace
  • Connect buyers with sellers and dealers
  • Send transactional emails (account verification, lead notifications)
  • Process subscription payments
  • Detect fraud and enforce our Terms of Service
  • Comply with legal obligations

4. Legal Basis for Processing (LGPD)

We process personal data based on:

  • Consent (marketing communications)
  • Contract performance (account and listing services)
  • Legitimate interests (fraud prevention, analytics)
  • Legal obligation (tax records, compliance)

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase — database and authentication hosting
  • Stripe — payment processing
  • Vercel — web hosting and edge functions
  • PostHog — privacy-friendly product analytics
  • Anthropic — AI-powered valuation feature (no PII sent)

All processors are contractually bound to protect your data and may only use it as instructed.

6. Data Retention

We retain account data for as long as your account is active, plus 5 years for legal compliance. Listings are retained for 2 years after removal. You may request deletion at any time (see Section 8).

7. Cookies

We use essential cookies for authentication and session management, and analytics cookies (PostHog) to understand platform usage. You can disable non-essential cookies in your browser settings. Essential cookies cannot be disabled without affecting platform functionality.

8. Your Rights (LGPD)

Under the LGPD, you have the right to:

  • Confirm whether we process your data
  • Access a copy of your data
  • Correct inaccurate data
  • Request anonymization, blocking, or deletion
  • Withdraw consent at any time
  • Data portability
  • Lodge a complaint with the ANPD (Autoridade Nacional de Proteção de Dados)

To exercise these rights, email privacy@aerodesk.com.br. We will respond within 15 business days.

9. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, row-level access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. International Transfers

Your data may be processed in the United States (Supabase, Vercel, Stripe, PostHog). We ensure appropriate safeguards are in place through contractual clauses and processor certifications as required by LGPD Article 33.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a notice on the platform. The “last updated” date at the top reflects the most recent revision.

12. Contact & DPO

Data Protection Officer: privacy@aerodesk.com.br
AeroDesk — São Paulo, SP, Brazil

See also: Terms of Service