Legal · last updated 12 February 2026
Privacy Policy
AiroSignal is operated by TAPECC B.V., the controller for the personal data described below. This policy explains what we collect, why we collect it, who we share it with, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR).
1. Data we collect
We collect the minimum we need to operate the service:
- Account data — email address, name, optional profile picture (if you sign in with LinkedIn), and a hashed session token.
- Profile data — the answers you give during onboarding: company, job title, expertise, regions, opportunity interests, and any free-text fields. This is what powers the matching engine.
- Usage data — which opportunities you opened (source clicks), when you last visited the dashboard, when you last triggered an AI re-rank.
- Technical data — IP address, browser user-agent, and request logs kept by our hosting provider for security and abuse-prevention purposes.
We do not collect special categories of personal data and we do not use tracking cookies.
2. Why we use it (legal basis)
- Performance of a contract — to provide the briefing, send the weekly digest, authenticate you and deliver the dashboard you signed up for.
- Legitimate interest — to detect abuse and keep the service secure, and to improve matching quality.
- Consent — for the explicit consent you give during onboarding to use your profile for AI-driven personalisation. You can withdraw it any time from
/profile. - Legal obligation — where we must retain limited records to comply with applicable law.
3. Sub-processors and third parties
AiroSignal relies on a small number of sub-processors to deliver the service. Each one is bound by a Data Processing Agreement and processes personal data only on our instructions.
- Vercel Inc. — application hosting, edge network, request logs (EU/US).
- Neon Inc. — managed PostgreSQL database (EU region).
- Resend — sending the weekly digest email and transactional messages.
- Anthropic PBC — large-language-model API (Claude) used for AI re-ranking of opportunities; the request includes the public opportunity content and the parts of your profile relevant to scoring.
- LinkedIn (Microsoft Ireland Operations Ltd.) — only when you choose to sign in with LinkedIn; we receive your name, email and (optionally) a profile picture via OpenID Connect.
- Public opportunity sources — TED (EU Tenders Electronic Daily), SAM.gov and Google News (via Serper). These are queried with non-personal keywords; no personal data is sent.
We do not sell your personal data, and we do not use it for advertising.
4. International transfers
Some sub-processors (notably Vercel, Resend and Anthropic) are based in the United States. Where personal data is transferred outside the EEA we rely on the European Commission’s Standard Contractual Clauses and supplementary measures so the data continues to enjoy an essentially equivalent level of protection.
5. How long we keep it
- Account & profile data — for as long as your account exists. Deleted within 30 days after you delete your account from
/profile. - Usage data (clicks, last-visit) — up to 13 months, then aggregated or deleted.
- Email logs — kept by Resend for 30 days for delivery diagnostics.
- Backups — encrypted backups may retain data for up to 35 days after deletion before they roll off.
6. Your rights
Under the GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectify — correct inaccurate data. Most of your profile is editable directly from
/profile. - Erase — delete your account and profile from
/profile, or email us. - Restrict or object — limit specific processing, including AI-personalised matching.
- Portability — receive your profile in a machine-readable format.
- Withdraw consent — for any processing based on consent, at any time and without affecting prior lawful processing.
- Complain — lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.
To exercise any of these rights, email info@tape.cc. We aim to respond within 30 days.
7. Security
We use HTTPS everywhere, store passwords (when present) as salted hashes, scope access to the production database to a small number of operators, and keep audit logs of changes. No system is perfect — if you suspect a vulnerability or compromised account, please email us immediately.
8. Cookies and similar technologies
We use a single first-party session cookie (ab_session) to keep you signed in. It is httpOnly, secure and has a sensible expiry. We do not use third-party tracking cookies and we do not load analytics scripts.
9. Children
AiroSignal is intended for aviation professionals and is not directed at children under 18. We do not knowingly collect personal data from minors.
10. Changes to this policy
We may update this policy from time to time. When we make material changes we will let you know by email or in the app at least 14 days before they take effect. The version date at the top of this page always reflects the latest update.
11. Contact
Privacy questions or requests can be sent to info@tape.cc.