Privacy Policy
Last Updated: April 15, 2026
Introduction
This Privacy Policy describes how Torque Aviation, LLC ("Torque," "we," "us," or "our") collects, uses, and protects information obtained through the Torque platform (the "Service"). Torque is a flight risk assessment and operational management system built for law enforcement aviation agencies.
IMPORTANT: By accessing or using the Service, you consent to the collection, use, and processing of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
Categories of Personal Data We Collect
1. Account Information
When you create a Torque account, we collect:
- Email address — used as your primary account identifier and for authentication.
- First and last name — associated with your user profile and crew records.
- Password — stored only in hashed form using industry-standard bcrypt encryption. We never store or have access to your plaintext password.
- Phone number (optional) — normalized to E.164 format, used solely for delivering operational SMS notifications if you opt in.
- SMS opt-in preference — your consent choice for receiving SMS notifications.
Purpose: We process this information to authenticate your identity, manage your account, and deliver operational notifications related to your duties. Your email address and password are required to sign in. Your phone number is collected only if you choose to receive SMS notifications.
2. Crew Member and Professional Information
When your agency profile is set up, the following professional data may be collected:
- Role and qualifications — pilot, TFO, supervisor, mechanic, or other aviation roles.
- Date of birth — used solely for FAA medical certificate validity calculations.
- Medical certificate information — class, issuance date, and computed expiration dates as required by FAA regulations.
- Flight review date — used for FAR 61.56 currency compliance tracking.
- Body weight — used exclusively for aircraft weight and balance calculations.
- Flight hours and experience — total flight hours, recent flight activity, recency data, and crew cohesion metrics for risk assessment and currency tracking.
- Pilot ratings and endorsements — certificate types, aircraft category/class ratings, and endorsements held.
- Training records — checkride dates, training completion dates, qualification status, and ground training records.
Purpose: This professional data is processed to perform flight risk assessments, validate crew currency and qualifications per FAA regulations, calculate weight and balance, generate training reports, and ensure operational safety compliance. This information is required for the core safety functions of the Service.
3. Aviation Operational Data
During use of the Service, we collect operational data including:
- Flight Risk Assessment Tool (FRAT) data — departure/destination airports, weather conditions, risk scoring factors, lighting conditions, mission type, density altitude, and other hazard assessments.
- IMSAFE self-assessments — crew member self-reported fitness-for-duty responses covering illness, medication, stress, alcohol, fatigue, and emotion. These are used solely for flight risk scoring.
- Flight logs — departure and destination airports, flight times, hobbs/tach readings, and mission type.
- Crew flight logs — individual crew debrief data including flight time breakdowns, takeoffs, landings, instrument time, and NVG operations.
- Shift and duty period records — duty period start/end times, assigned crew members, and linked operational records.
- Call for Service (CFS) records — incident type, case numbers, location descriptions, GPS coordinates (when manually entered by the user), disposition, and outcome data.
- Aircraft data — tail number, make, model, year, serial number, performance specifications, weight and balance configuration, hobbs/tach readings, and maintenance status.
- Maintenance records — scheduled and unscheduled maintenance items, completion records, and squawk reports.
- Daily Observation Reports (DOR) — training evaluations, skill ratings, and FTO observations for trainee crew members.
- Weight and balance calculations — computed takeoff/landing weights, center of gravity positions, and fuel burn trajectories.
Purpose: This operational data is the core of the Service's safety mission. It is processed to calculate flight risk scores, track crew currencies, manage aircraft maintenance, generate shift summary and activity reports, support training programs, and maintain regulatory compliance records. All operational data is scoped to your agency and is not accessible by other agencies.
4. Location and Airport Data
- Airport identifiers (ICAO codes) — entered by users to specify departure, destination, and alternate airports for flight planning and weather retrieval.
- GPS coordinates — optionally entered by users in Call for Service records to document incident locations. We do not automatically collect device GPS data.
Purpose: Airport identifiers are used to retrieve weather data (METAR/TAF) for risk assessments and to calculate distances. CFS coordinates are used solely for incident documentation purposes within your agency.
5. Technical and Security Data
When you use the Service, we automatically collect limited technical data:
- IP address — recorded in audit logs for security purposes and in DOR sign-off records for non-repudiation.
- Client application version — logged via the X-Client-Version request header to assist with troubleshooting and compatibility.
- Request timing — API response times are logged to monitor performance and identify issues.
Purpose: This technical data is processed to maintain the security and integrity of the Service, support audit requirements, troubleshoot issues, and ensure system reliability. We do not use this data for tracking, profiling, or advertising purposes.
6. Communication Records
When notifications are sent through the Service, we log:
- Notification delivery records — event type, delivery channel (email or SMS), delivery status, timestamp, and a brief message summary. We do not store the full content of SMS messages after delivery.
Purpose: Communication records are maintained to ensure reliable notification delivery, troubleshoot delivery failures, and prevent duplicate notifications. These logs are used solely for operational purposes.
How We Use Your Information
We use the information we collect exclusively for the following purposes:
- Account Management — to create and maintain your account, authenticate your identity, and manage access permissions.
- Flight Safety Operations — to calculate flight risk scores, validate crew currencies, perform weight and balance calculations, and assess operational readiness.
- Regulatory Compliance — to track FAA currency requirements, medical certificate validity, flight review currency, and other regulatory obligations.
- Operational Notifications — to send you time-sensitive, operationally relevant notifications via email and/or SMS, such as IMSAFE assessment requests, flight log completion reminders, currency expiration warnings, and shift notifications.
- Reporting — to generate shift summary reports, activity reports, and training reports for your agency.
- Audit and Security — to maintain audit trails for accountability, support non-repudiation of official records, and detect security incidents.
- System Maintenance — to monitor performance, diagnose technical issues, and improve the reliability of the Service.
We do not use your information for marketing purposes. We do not use your information for advertising. We do not use your information to build user profiles for any purpose other than delivering the Service.
SMS and Phone Number Usage
If you provide your phone number and opt in to SMS notifications:
- Your phone number is used exclusively to deliver operational notifications related to your aviation duties through the Service.
- SMS messages may include IMSAFE assessment requests, flight log reminders, crew log reminders, currency expiration alerts, DOR sign-off requests, and other time-sensitive operational notifications.
- You may opt out of SMS notifications at any time by updating your notification preferences within the Service.
- We do not use your phone number for marketing, promotional messages, or any purpose unrelated to the operational functions of the Service.
- We do not sell, rent, or share your phone number with third parties for their marketing or promotional purposes.
- Message frequency varies based on your operational activity. Message and data rates may apply.
How We Share Your Information
We do not sell your personal information. We do not rent your personal information. We do not share your personal information with third parties for their marketing or promotional purposes.
We share information only with the following categories of service providers, solely to operate the Service:
Service Providers (Data Processors)
| Provider |
Data Shared |
Purpose |
| Twilio |
Phone number, SMS message content |
Delivery of operational SMS notifications |
| SendGrid |
Email address, email message content |
Delivery of operational email notifications |
| Supabase |
All application data (encrypted in transit and at rest) |
Database hosting and file storage (agency logos only) |
| Render.com |
Application runtime data |
Application hosting |
| AVWX |
Airport ICAO codes and coordinates |
Aviation weather data retrieval (METAR/TAF). No personal information is transmitted. |
These service providers process data solely on our behalf and are contractually prohibited from using your data for any purpose other than providing their services to us.
Legal and Safety Disclosures
We may disclose your information if required to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce our terms of service or other agreements.
- Protect the safety, rights, or property of Torque, our users, or the public.
- Detect, prevent, or address fraud, security, or technical issues.
Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit — all data is transmitted over TLS/HTTPS.
- Password hashing — passwords are hashed using bcrypt and are never stored in plaintext.
- JWT authentication — sessions are managed via cryptographically signed JSON Web Tokens.
- Two-factor authentication (2FA) — optional TOTP-based two-factor authentication is available.
- Agency data isolation — all data is scoped to your agency through multi-tenant architecture. Your agency's data is not accessible by other agencies.
- Audit logging — changes to critical records are tracked via database-level audit triggers, recording the user, action, and timestamp.
- Rate limiting — API endpoints are rate-limited to prevent abuse.
- Role-based access control — access to data and features is governed by a granular permission system based on user roles.
While we take extensive measures to protect your data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.
Data Retention
- Active accounts — we retain your personal data for as long as your account is active and your agency maintains its subscription to the Service.
- Operational records — flight logs, FRAT assessments, shift records, and other operational data are retained as long as the agency account is active, in accordance with aviation recordkeeping requirements.
- Soft-deleted records — certain records (shifts, flight logs, CFS records, maintenance items, currency logs) support soft deletion, meaning they are marked as deleted but retained for audit and compliance purposes.
- Audit logs — audit trail data is retained for the life of the agency account to support compliance and accountability requirements.
- Account deletion — upon request, we will delete or anonymize your personal data, subject to any legal or regulatory retention obligations.
Children's Privacy
The Service is designed for use by law enforcement aviation professionals and is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate personal data.
- Deletion — request deletion of your personal data, subject to legal retention requirements.
- Opt-out of SMS — update your notification preferences at any time to stop receiving SMS notifications.
- Data portability — request your data in a portable format where technically feasible.
To exercise any of these rights, contact us using the information provided below.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice within the Service. The "Last Updated" date at the top of this policy indicates when the most recent revisions were made. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Torque Aviation, LLC
Email: support@torqueaviation.com
This Privacy Policy is effective as of April 15, 2026.