Contents
- Who we are
- What information we collect
- The encrypted vs. anonymous split
- How we use your information
- Who we share it with
- Where it's stored and how it's secured
- How long we keep it
- Your rights and choices
- Cookies and analytics
- Age requirement
- Cross-border data transfers
- Changes to this policy
- Contact
1. Who we are
MaxVne Solutions Inc. ("MaxVne," "we," "us," "our") is a Canadian company incorporated in British Columbia. We operate the MaxVne platform at www.maxvnesolutions.com and related subdomains (pilot.maxvnesolutions.com, engineer.maxvnesolutions.com, company.maxvnesolutions.com, admin.maxvnesolutions.com).
For privacy questions in British Columbia we are subject to the BC Personal Information Protection Act (PIPA); federally, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). For users in the European Union, we operate consistent with GDPR principles. For users in California, we operate consistent with the CCPA / CPRA.
Our registered office is 210 - 347 Leon Avenue, Kelowna BC V1Y 8C7, Canada.
2. What information we collect
2.1 Information you provide directly
- Account identity — email address, name, phone, postal address, date of birth.
- Professional qualifications — pilot certificate / engineer licence numbers, ratings, type ratings, hours-by-type, currency dates, medical class and expiry, flight review dates, instructor credentials.
- Documents you upload — credential PDFs, training records, reference letters, endorsements you've received.
- Logbook entries — flight date, route, aircraft, times, role (PIC / SIC / dual), and other operational data you log.
- Operator profile data (companies only) — company name, fleet, regions, hiring requirements, staff seat info.
- Communications — messages sent through the platform, support tickets, feedback.
2.2 Information collected through verification
- Identity verification — when you complete a verified-badge check, your government-issued ID and a real-time selfie are uploaded to Stripe Identity. These documents are not stored on MaxVne servers. MaxVne receives only the verification result (pass / fail) and an opaque session reference.
- Registry verification — when you submit a pilot or engineer licence number, MaxVne compares it against the public FAA Airmen Certification Database (or equivalent authority registries as they come online). The data flow is one-way; we read public records, we do not send your data to FAA.
2.3 Information collected automatically
- Web server logs — IP address, user agent, requested URLs, response codes, timestamps. Used for security, debugging, and rate limiting. Retained for up to 90 days.
- Session cookies — to keep you logged in. No third-party tracking cookies are currently set.
2.4 Information from third parties
- Stripe — payment status, subscription state, billing-related events.
- AWS Cognito — login events, multi-factor authentication state.
- Public airmen databases (FAA Airmen Certification Database and equivalents) — your published licence-level facts, used only to confirm your declared credentials match the public record.
3. The encrypted vs. anonymous split
This is the architectural promise that makes MaxVne different from a traditional job board. Your data is divided into two layers:
3.1 Encrypted personal layer
Your name, contact information, address, date of birth, identity verification reference, and any uploaded documents are encrypted at rest using AES-256. The decryption key is bound to your account. MaxVne staff cannot read this data without your active session. Even our admin tools display aggregate counts and your anonymous code — never your name or contact information.
3.2 Anonymous searchable layer
Your professional qualifications — hours, type ratings, currency status, region, authority — are stored in plain form so operators can search the marketplace. These records are keyed to your anonymous code (e.g. P099 for pilots, A005 for engineers). Operators see qualifications, not your name. Your identity is revealed only when you actively accept a specific operator's introduction.
3.3 What this means in practice
- If MaxVne suffered a database breach of the anonymous searchable layer, an attacker would see code numbers and qualifications — no names, no contact information, no documents.
- If the encrypted layer were breached, an attacker would need the per-user decryption key in addition to the database — and we do not store keys alongside the data they unlock.
- Our advertising and intel products are derived from aggregated, anonymized qualifications only. Individual identities are never used for marketing.
4. How we use your information
We use the information we collect to:
- Provide and operate the MaxVne service (logbook, planning, marketplace, intel).
- Match your anonymous qualifications to operator searches.
- Send transactional emails (verification, account changes, subscription receipts, expiry alerts).
- Verify your identity and credentials via the third parties listed in Section 5.
- Detect, prevent, and respond to fraud, abuse, security incidents, and policy violations.
- Comply with legal obligations, lawful requests, and applicable aviation-regulatory requirements.
- Improve the product through aggregate analysis. Individual user data is never sold; aggregate market intelligence (e.g. salary trends, hiring velocity by region) is derived from anonymized data with small-cell suppression.
5. Who we share it with
MaxVne does not sell your personal information. We share it only with the third-party processors listed below, each of which receives only the minimum data necessary to perform its function.
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Amazon Web Services | Hosting, storage, database, email delivery | All service data (encrypted at rest) | United States |
| Stripe | Subscription payments and billing | Email, name, payment method, billing address, subscription state | United States |
| Stripe Identity | Government-ID verification | Government-issued ID image, selfie, name, date of birth | United States |
| AWS Cognito | Authentication and account login | Email, hashed password, MFA state | United States |
| AWS SES | Transactional email delivery | Email address, message content | United States |
| CloudFront | Content delivery network | IP address, requested URLs | Global edge locations |
| Public airmen databases (FAA, TC) | Verifying your declared credentials match the public record | None outbound; we query, we don't send | United States / Canada |
We may also disclose information in response to a valid legal process (subpoena, court order, regulatory request) or to protect the rights, property, or safety of MaxVne, its users, or others. Where the law permits, we will notify you before complying with such a request.
In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring entity, which will be bound by this policy and any successor policy that materially preserves your rights.
6. Where it's stored and how it's secured
- Encryption at rest — personal data is encrypted using AES-256. Database backups inherit the same encryption.
- Encryption in transit — all connections to MaxVne use TLS 1.2 or higher.
- Access controls — internal access to production systems is gated by IAM roles, multi-factor authentication, and audit logging.
- Storage location — primary servers are in AWS US-East. Some data may be cached at global CloudFront edge locations to deliver content quickly.
- Vulnerability management — dependencies are updated regularly; security patches are applied promptly. We monitor for security incidents and will notify affected users in line with applicable breach-notification laws if a breach occurs.
7. How long we keep it
- While your account is active — for as long as your account exists. Your logbook entries and credential records are yours indefinitely.
- After cancellation or non-payment — you have a 12-month grace period to log back in and download your data. After 12 months of continuous inactivity following a closed account, data is permanently deleted from production systems.
- Backups — encrypted backups are retained for up to 90 days after deletion; after that, no copies remain.
- Legal retention — some data (e.g. transaction records for tax purposes) is kept longer where required by Canadian law. We retain only the minimum necessary in those cases.
- Web server logs — retained for up to 90 days, then deleted.
8. Your rights and choices
Regardless of where you live, you have the right to:
- Access — request a copy of the personal information we hold about you.
- Correct — fix any inaccurate or out-of-date information.
- Delete — ask us to delete your account and personal data, subject to legal retention requirements.
- Port — receive your data in a machine-readable format (CSV / JSON).
- Object / restrict — limit specific uses of your information (e.g. turn marketplace visibility off).
- Withdraw consent — for processing that depends on consent (you can withdraw at any time; the withdrawal does not affect prior processing).
Most of these you can exercise directly inside your account — toggle visibility, edit fields, request export from your profile settings. For anything you can't do yourself, email privacy@maxvnesolutions.com. We respond within 30 days.
If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the Office of the Information and Privacy Commissioner for British Columbia (oipc.bc.ca) or the Office of the Privacy Commissioner of Canada (priv.gc.ca).
9. Cookies and analytics
We currently use only essential cookies:
- Session cookies to keep you logged in.
- A small cookie to remember your dark-mode and authority preferences across visits.
We do not currently run third-party analytics, advertising trackers, retargeting pixels, or session-recording tools. This may change. When we add analytics — likely to understand which pages drive sign-ups and where users encounter friction — we will:
- Update this policy and notify users via email and a banner on the site.
- Use privacy-respecting tooling where reasonably possible (cookieless or IP-anonymizing where supported).
- Honour Do-Not-Track signals where the underlying tool supports them.
- Provide a cookie-preference control for users in jurisdictions that require opt-in consent (EU / UK / California).
10. Age requirement
MaxVne is intended for adults working in aviation. You must be at least 18 years old to create a paid account. If you are between 14 and 17 and want to use MaxVne for student-pilot purposes, we ask that a parent or legal guardian email privacy@maxvnesolutions.com first; we will not knowingly collect information from anyone under 14.
11. Cross-border data transfers
MaxVne is based in Canada but our primary infrastructure (AWS, Stripe) is located in the United States. By using the service, you understand and consent to your personal information being transferred to, stored, and processed in the United States. Both AWS and Stripe comply with the EU-US Data Privacy Framework where relevant.
If you are in the European Union, your data is transferred under appropriate safeguards (Standard Contractual Clauses with our processors, plus the EU-US Data Privacy Framework).
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email and via a notice on the website at least 30 days before they take effect, giving you time to review or, if you disagree, close your account. The "Last updated" date at the top of this page reflects the most recent version. Historical versions are available on request.
13. Contact
For privacy questions, requests to exercise your rights, or to report a privacy incident, contact:
MaxVne Solutions Inc.
Attn: Privacy Officer
210 - 347 Leon Avenue
Kelowna BC V1Y 8C7
Canada
privacy@maxvnesolutions.com