CheckRideMarket

Privacy Policy

Effective date: 2026-05-08 Last updated: 2026-05-08

Founder's note. This document was drafted by the platform founder, not by qualified legal counsel. It describes how CheckRideMarket actually handles personal data as of the closed-beta launch — not aspirational behavior. Counsel review is planned before public launch. If you spot something wrong, email hello@checkride.o11r.com.

1. Who we are

CheckRideMarket (the "Platform", "we", "us") is a marketplace and workflow platform connecting pilots, FAA Designated Pilot Examiners ("DPEs"), and Certificated Flight Instructors ("CFIs"). The Platform is reachable at https://checkride.o11r.com.

For the purposes of this Privacy Policy, the operating company of the Platform is the data controller for the data described below. Stripe, SendGrid, Twilio, Google Cloud, and Firebase Auth are data processors acting on our behalf.

We are not the FAA, a flight school, a flight training provider, or the DPE's employer. (The full description is in our Terms of Service at /terms.)

2. Data we collect

We try to collect only what's needed to actually run the booking, payment, document review, and notification flows. The categories below mirror exactly what the Platform records.

2.1 From pilots / applicants

  • Identity and contact: legal name, email address, phone number, date of birth, FTN (FAA Tracking Number), home airport.
  • Aircraft and flight details: aircraft make/model, N-number, aircraft category/class.
  • Training relationships: CFI name, email, phone (so the CFI can be invited to upload endorsements), optional flight school name.
  • Documents you upload: photos or scans of FAA documents needed for the practical test — for example, knowledge test results, IACRA application output, endorsements, logbook excerpts, photo IDs (where the DPE requires it). These are sensitive eligibility data and are stored in a private Cloud Storage bucket with application-enforced access (signed URLs valid for ≤5 minutes; every access is audit-logged).
  • Payment method on file: managed entirely by Stripe via SetupIntent or PaymentIntent. We never see your full card number. We store only the Stripe customer ID and payment-method reference.
  • Cancellation policy acceptance: the exact policy text snapshot, the timestamp of acceptance (Gate 3), and your acceptance event in the audit log.

2.2 From DPEs

  • All of the above where applicable, plus:
  • FAA designee number and the public information associated with it (state, airports served, certificates authorized).
  • Profile bio and photo (you control what you publish).
  • Service area, base airport, fees, travel policy, cancellation policy.
  • Stripe Connect details (handled directly by Stripe; we store only the connected-account ID and KYC status).
  • Twilio number (when activated for the safe-harbor SMS flow).
  • PIN authentication data — only a bcrypt hash of your 4-digit PIN, plus a hashed device token; never the PIN itself.

2.3 From CFIs

  • Name, email, phone.
  • Endorsements you upload on behalf of a student (logbook screenshots, IACRA endorsement PDFs, etc.).

2.4 From everyone

  • Authentication metadata managed by Firebase Auth (email link sign-ins, Google OAuth tokens, session cookie identifiers).
  • IP address and basic device/browser information in server logs.
  • Structured logs of every booking-related action — slot held, document uploaded, document approved/rejected, greenlit, cancelled, refunded, etc. These power the audit log used for incident response and compliance.
  • Notification delivery metadata (recipient, template, status, provider message ID) for the SMS and email we send on your behalf.

We do not collect:

  • Continuous location, GPS, or device location.
  • Biometric data.
  • Marketing tracking data from third-party ad networks. We do not run ad-network pixels on the Platform.
  • Browsing data outside our own pages.

3. How we use your data

Strictly to run the Platform. Specifically:

  • Provide the service — let pilots discover DPEs, complete the 3-gate booking flow, exchange documents with their DPE and CFI, and receive checkride confirmations.
  • Process payments and payouts — via Stripe. We send Stripe the necessary metadata (booking ID, DPE ID, kind of charge); Stripe processes the funds.
  • Send transactional communications — booking confirmations, document review status, cancellation notices, refund notices, waitlist offers. We do not send marketing email without separate, explicit opt-in.
  • Apply per-DPE policies — including the snapshotted cancellation policy that governs your specific booking even if the DPE updates the policy later (per our published Refund Policy).
  • Detect and prevent fraud and abuse — including duplicate accounts, payment fraud, and scraping attempts.
  • Maintain an immutable audit log of revenue-touching actions, document review, and cancellation-fee captures, so we can investigate incidents and respond to chargebacks (this is referenced in our internal decision log as the basis for D-031 and related controls).
  • Comply with applicable law — including responding to lawful requests from authorities and meeting record-retention obligations described in Section 7.

We do not:

  • Sell your data.
  • Share data with third-party advertisers or data brokers.
  • Use your data to train external machine-learning models without your consent.

4. How we share your data

We share only what each recipient needs:

  • Across the booking parties. A pilot's contact details and uploaded documents are shared with the booked DPE (and, if invited, the CFI). The DPE's profile fields they chose to publish are visible to pilots browsing or booking.
  • Stripe — for all payment processing, payment method tokenization, payouts, and chargeback handling.
  • SendGrid — for transactional email delivery (booking confirmations, document status, cancellation notices, etc.).
  • Twilio — for SMS delivery on the consent-captured DPE-authorized intake flow and for waitlist alerts where consent is on file.
  • Google Cloud — Cloud SQL (Postgres) hosts the database; Cloud Storage hosts uploaded documents in a private bucket; Cloud Run hosts the application; Cloud Logging stores server logs.
  • Firebase Auth — for sign-in and session management.
  • Authorities and successors-in-interest — when required by law, court order, or in connection with a corporate transaction (merger, acquisition, financing); in the latter case we will give meaningful advance notice.

We have data-processing arrangements with our processors and select them with privacy and security in mind.

5. Document storage and retention

Per our internal data model:

  • Documents uploaded to the Platform are retained for 5 years by default (this mirrors FAA designee record-retention conventions). The retention window is computed at upload time and stored alongside the document record.
  • Document files in Cloud Storage are migrated to Nearline storage at 90 days but not deleted within the retention window.
  • Document deletion runs as a sweep job after retention expiry, subject to a hold if the parent checkride is still active or a related dispute is open.
  • Earlier versions of a re-uploaded document are marked superseded but kept until retention expiry — this matters because dispute response sometimes requires the version-history trail.

6. Pilot data deletion

Pilots may request account deletion via the in-app flow at /pilot/account/delete-request (or by emailing privacy@checkride.o11r.com if the in-app flow is not yet available in your environment).

When you request deletion:

  • The request is recorded in the database with a 30-day grace window (so you can recover the account if you change your mind).
  • After grace, we hard-delete your uploaded documents — except where an active checkride or open dispute requires us to keep them temporarily, in which case we delete as soon as the hold lifts.
  • We soft-delete your profile (name, email, phone become null on the live row).
  • The immutable audit log entries referencing your prior actions are preserved for accounting and compliance reasons. Where these include personal data, that data is the minimum needed to keep the audit trail meaningful.

7. DPE data retention

DPE accounts handle financial transactions, FAA-related records, and tax-relevant data. Because of those obligations:

  • We retain financial records (Stripe payout, fee, refund, chargeback records) for at least 7 years following the end of the tax year in question, consistent with U.S. federal and Florida state record-keeping conventions. Full retention windows are subject to refinement under counsel review.
  • We retain DPE profile data for the duration of your active account plus a reasonable wind-down period after closure, for audit and dispute resolution.
  • A DPE who wants to close their account should contact hello@checkride.o11r.com. We'll work through any outstanding bookings, payouts, and disputes before account closure.

8. Cookies and similar technologies

We use cookies and similar technologies sparingly:

  • Session cookie (essential) — issued by Firebase Auth via the Admin SDK as a 30-day HttpOnly, Secure, SameSite=Lax cookie on supported browsers. Without this cookie you cannot stay signed in.
  • Consent boundary cookies — used in flows where you accept the per-DPE cancellation policy at Gate 3. The acceptance is also recorded server-side.
  • Preference cookies (where applicable) — small flags storing UI preferences. Optional.

We do not use third-party advertising cookies or cross-site tracking cookies.

9. Security

We invest in keeping the Platform secure. Highlights:

  • All traffic over TLS with HSTS enabled.
  • Row-Level Security (RLS) in Postgres, enforced by session GUCs set at the start of every request transaction. Anonymous database connections see nothing.
  • Application-enforced signed URLs for document downloads (V4 signed URLs valid for ≤5 minutes); every access is audit-logged.
  • bcrypt-hashed PINs for the DPE quick-unlock; rate-limited and locked after 5 failures.
  • Two-factor sign-in via Google OAuth (where you've enabled 2FA on your Google account) or via email magic link delivery.
  • Stripe handles card data end to end; we never see full card numbers.
  • Audit log of revenue-touching actions, document reviews, and access events.
  • Idempotency keys are required on revenue-touching endpoints to prevent duplicate charges from network retries.

No system is perfectly secure. If you suspect a security issue, email security@checkride.o11r.com (or hello@ until a separate inbox is provisioned). Please don't publicly disclose suspected vulnerabilities until we've had a reasonable chance to address them.

10. SMS consent

The Platform's SMS flow is DPE-initiated and consent-captured. Specifically:

  • We never send an unsolicited SMS to an applicant. Inbound applicant SMS to a DPE is forwarded by the DPE to the CheckRideMarket Twilio number, parsed, and only the DPE receives a one-tap reply. The DPE then explicitly authorizes (per applicant) the outbound SMS we send.
  • Every applicant-facing SMS we send is preceded by a row in our applicant_sms_consents table that records the consent type and evidence.
  • All marketing, transactional, and waitlist-alert SMS messages comply with U.S. CTIA guidelines and Twilio A2P 10DLC requirements. Recipients can opt out by replying STOP to any SMS we send. Help is available via HELP.
  • Standard message and data rates may apply.

11. CCPA, GDPR, and other privacy regimes

We honor reasonable user requests in line with the spirit of CCPA, GDPR, and similar privacy laws, even where the law may not strictly require us to. Specifically, we will:

  • Confirm what data we hold about you on request.
  • Provide a copy of your data in a portable format on request.
  • Correct inaccurate data on request.
  • Delete your data on request, subject to the retention rules in Sections 6 and 7 (and any legal hold).
  • Not discriminate against you for exercising any of these rights.

We do not currently claim full GDPR or CCPA compliance certification. We're a closed-beta marketplace for U.S. pilots and U.S.-located DPEs, not an enterprise data controller. Counsel review pre-public-launch will refine these statements.

To make a request, email privacy@checkride.o11r.com (or hello@ until the dedicated inbox is provisioned).

12. Minors

The Platform is not intended for, and not directed at, anyone under 18. Per our Terms, all account holders must be 18+. If you are a parent or guardian and believe a minor has signed up, contact privacy@checkride.o11r.com and we will delete the account and any associated data promptly.

13. International users

The Platform is hosted in the United States and operates under U.S. law. If you access the Platform from outside the United States, you consent to the transfer and processing of your data in the United States.

14. Changes to this Policy

We may update this Policy from time to time. When we make a material change, we'll:

  • Update the "Last updated" date at the top.
  • Notify active users by email and on the DPE workspace.
  • Give at least 14 days' notice before the change takes effect, unless the change is required by law or addresses a security risk.

Continued use of the Platform after the change takes effect counts as acceptance.

15. Contact

  • Privacy questions and data requests: privacy@checkride.o11r.com (or hello@checkride.o11r.com until the dedicated inbox is provisioned).
  • Security disclosures: security@checkride.o11r.com (or hello@ for now).
  • General support: hello@checkride.o11r.com.

Reminder. This document was drafted by the platform founder. Counsel review pending before public launch. Mistakes happen — email us at hello@checkride.o11r.com if you spot one.