Logo
SolutionPricing
Compliance

Compliance and Data Use

Compliance information and required documentation.

sparengine is designed to support aviation operations while meeting high standards for regulatory compliance, data protection, and responsible data use. This page explains how sparengine handles data, how it is protected, and how it may be used in the context of providing and improving our services.

1. Data Controller

sparengine
Operated by Ascentis Technologies
Registered address: 229 RUE SAINT-HONORE, 75001 PARI

Ascentis Technologies acts as a data controller for account, administrative, and website data, and as a data processor for operational documents and customer-uploaded content under the GDPR.

2. Regulatory and Industry Context

sparengine operates in the aviation domain and aligns with industry expectations regarding:

  • Confidentiality of operational and technical documentation
  • Traceability and auditability of data processing
  • Security of safety-relevant information
  • Applicable data-protection laws, including the GDPR

sparengine does not act as a regulator and does not replace the legal responsibilities of operators, CAMOs, MROs, or other aviation stakeholders.

3. Data We Collect

Account and Administrative Data

  • Name, email, company
  • User roles and permissions
  • Billing and payment information

Operational and Uploaded Data

  • Documents uploaded by users (PDFs, records, manuals)
  • Structured or extracted data generated by the platform

Usage and Technical Data

  • Platform usage logs
  • Device and browser information
  • Security, performance, and error logs

sparengine does not intentionally collect sensitive personal data unless included by the customer.

4. Purpose and Legal Basis for Processing

Data is processed to:

  • Provide the service and process aviation documents
  • Secure and operate the platform
  • Support customers and communicate with them
  • Improve and develop the service
  • Comply with legal and regulatory obligations

Legal bases under the GDPR include:

  • Performance of a contract
  • Legitimate interests
  • Legal obligations
  • User consent where required

5. Data Use for Service Improvement and Market Intelligence

sparengine may analyse data to:

  • Improve accuracy and reliability
  • Enhance performance and functionality
  • Identify industry-level usage trends

Important clarifications:

  • sparengine does not sell customer data
  • No customer- or aircraft-specific data is shared for commercial use
  • Insights are produced only from aggregated, anonymised data

6. Data Sharing, Hosting, and International Transfers

sparengine shares data with trusted third-party service providers for operational purposes, including:

  • Hosting providers (e.g. AWS)
  • Databases (e.g. Supabase)
  • Email and payment providers
  • AI service providers for document processing

Some data may be processed or stored outside the European Union, for example in the United States. Where this occurs, appropriate safeguards are applied, including:

  • EU–US Data Privacy Framework (DPF)
  • Standard Contractual Clauses (SCCs)

A current list of subprocessors is available upon request.

7. Data Retention

Data retention follows customer configuration, contracts, and applicable law:

  • Account & billing data: kept during relationship + legal retention
  • Operational documents: retained per customer settings or deleted
  • Derived data: retained only as needed
  • Logs: retained for security and auditing

Data is deleted or anonymised when no longer required.

8. Use of AI and Automated Processing

  • AI is used only to deliver customer-requested services
  • Documents are not used to train public or third-party models
  • Human access is limited to authorised staff when necessary
  • Processing locations are selected with security in mind

9. Security Measures

  • Encryption in transit and at rest
  • Role-based access control
  • Segregated customer environments
  • Monitoring, logging, and backups

Security practices are reviewed and updated regularly.

10. User Rights

Under the GDPR, users may request:

  • Access, rectification, or deletion
  • Objection or restriction of processing
  • Data portability
  • Withdrawal of consent

Users may file complaints with their local supervisory authority, including the CNIL.

11. Cookies and Analytics

sparengine does not use cookies for advertising. Google Analytics and Google Search Console are used to understand site performance and improve content. Analytics data is aggregated and non-identifying, with IP anonymisation used where required.

12. Updates

This page may be updated to reflect regulatory changes or service evolution. The latest version will always be available on the sparengine website.