Last Updated: 26.10.2024
1. Commitment to Data Protection and Security
This privacy policy details how we collect, use, and secure your personal data across our app and website in strict compliance with the Singapore Personal Data Protection Act (PDPA). We prioritize your privacy and ensure that all data handling meets the highest standards of security and confidentiality.
2. Data Collection and Usage
Who is responsible for data collection?
Data collected through our app and website is managed by Fibonacci Research LLP. Contact details are in the “Contact Information” section below.
How is data collected?
Data is collected either directly from you (e.g., via forms or feedback) or automatically by our IT systems (e.g., IP address, device data) to maintain and optimize our services. Collection methods are tailored to ensure security across both app and website.
Purpose of data collection
We collect data to:
- Ensure secure and efficient app and website functionality
- Enhance user experience and performance
- Facilitate user recognition across integrated services (e.g., VOR Tracker) where necessary.
Data minimization and confidentiality
We adhere to data minimization principles, collecting only the information essential for providing services. We handle all data in strict confidence and protect against unauthorized access.
3. Hosting, Data Security, and Encryption
Hosting and secure data storage
- Our website https://easyflighttraining.com is hosted on Cloudways, utilizing data centers at DigitalOcean in Frankfurt (Germany) and Singapore, to securely store and manage your information. All data is protected by advanced encryption protocols both at rest and in transit.
- Our app https://easyflighttraining.app is hosted on Microsoft Azure, utilizing data centers in Europe (mainly in Germany and Singapore depending on user location).
Hosting providers
- Cloudways – Cloudways manages the hosting environment.
- DigitalOcean – Data centers in Frankfurt/Germany and Singapore used for data storage.
- Microsoft Azure – Data centers in Frankfurt (Germany) and Singapore, used for app data and digital contents.
- Amazon Web Services (AWS) – Data center in Singapore used for data storage.
- SiteGround – Data center in Singapore used for data storage.
Additional security architecture
To protect our customer data and to maintain the stability and performance of our digital services, we use the following implementations on the website, among others:
- Cloudflare to secure our services (e.g. protection against hacker attacks, bot networks and DDoS attacks) and for the worldwide provision of content through their Content Delivery Network (CDN). Learn more about Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/
- Patchstack for a proactive security concept (e.g. securing newly discovered vulnerabilities with virtual patches before the official release by the respective software provider) and for hardening our website. Learn more about Patchstack’s privacy policy: https://patchstack.com/privacy-policy/
- MalCare for a strong firewall and a reactive security concept (e.g. after hacker attacks or if malware has already been installed on our website) and for hardening our website. Learn more about MalCare’s privacy policy: https://www.malcare.com/privacy/
Interaction between app and website
For security reasons, we have decided to differentiate between the hosting of our website (with customer data, orders, product information, …) and our app (digital product content, statistics, …): The only information with which the personalized app content (such as learning progress) can be traced back to a real person is the combination of user ID and store ID, which is stored in the app. The store ID is unique and permanently assigned to the website. The user ID is created by our website and is unique.
We design the interaction between the app and the website to be seamless while ensuring the highest possible level of security: When customers log in via our app with their account (which was initially created on the website), they go through specially developed and essential security measures of the security products listed above. The connection is permanently encrypted and follows established and proven security mechanisms.
AI-powered processes
For AI-supported learning content and other processes, we use OpenAI. Learn more about OpenAI’s privacy policy: https://openai.com/policies/row-privacy-policy/
4. General Information and Legal Obligations
Data security and protection
We secure all personal data with industry-leading security practices, including firewalls, SSL/TLS encryption, and multi-layered authentication processes to prevent unauthorized access, disclosure, or modification.
Contact information
Company Name: Fibonacci Research LLP
Address: 60 PAYA LEBAR RD #07-54
Location: Singapore 409051
UEN: T21LL1544A
GST Registration Number: Not GST Registered
Email: info@fibonacci.sg
Data retention and review
Data is retained only as long as necessary to fulfill the original purpose or as required by law. We regularly review stored data for relevance and compliance, ensuring minimal exposure and maximum security.
If the account is inactive or if subscriptions expire, the account, including learning progress and individual app content, will remain. Statistics on learning progress and other app content can continue to be used in certain constellations if the same subscription is purchased again. Only after an account has been deleted does a downstream process start to remove all associated app content. Account deletion can be requested by sending an email to info@easyflighttraining.com.
Data sharing and international transfers
We share data only with trusted third-party operators (e.g., VOR Tracker) under strict data protection agreements. All third parties adhere to high security standards and comply with international data protection regulations. Transfers outside Singapore are managed under contractual clauses that ensure equivalent protection standards.
5. Data Collection Methods
Cookies
Cookies are used on our app and website for improved functionality and user experience. By using our platforms, you consent to cookie usage as outlined here. Cookies can be disabled in your browser or app settings; however, this may limit functionality. View our cookie policy.
Third-party services for recognition and integration
To ensure seamless user experience across integrated services, we may share minimal data with trusted third-party providers (e.g., VOR Tracker) to enable user recognition across platforms. These partners comply with stringent data security standards and Singaporean data protection laws.
Feedback collection
We may publish user feedback on our services, using only your first name or an alias if requested. Last names are never published, and all feedback data is stored securely.
Contact forms and requests
Data submitted via contact forms is used only to respond to inquiries and stored securely until the query is resolved or the data is no longer needed.
Server log files and activity tracking
For security and maintenance, we log information including IP addresses and usage patterns, stored in highly secure environments and reviewed regularly for any unusual activity. This data helps us detect potential security issues proactively.
App content
As part of logging into our app and using the content provided, we collect further data stored according to the minimum principle for the purpose of providing the best possible customer experience, e.g. learning statistics and preferences. This data can be shared with other users in a completely anonymized form, aggregated with data from other users, to be able to assess one’s own assessment of learning progress with comparative values.
6. Third-Party Tools and Analytics
We use advanced analytics tools on both our app and website to improve functionality. Where possible, data is anonymized, and we strictly control third-party access to data, ensuring compliance with all applicable privacy regulations.
7. Payment Processing
PayPal & Wise
We use PayPal and Wise for secure payment processing. During transactions, essential payment data (e.g., name, payment amount, payment method) is shared with PayPal or Wise, who implement industry-standard security measures to safeguard transaction data. We do not store payment details directly.
8. User Rights and Contact
Your Rights
You have full rights to access, correct, delete, or withdraw consent for your personal data at any time. We will respond promptly to all data-related requests, ensuring compliance with PDPA.
For further details about our data protection practices or to exercise your rights, please contact us securely at info@fibonacci.sg.