Privacy Policy
Website: www.parisair.com
Effective Date: June 16, 2026
Last Updated: June 17, 2026
1. Introduction
Welcome to Paris Air (“we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at www.parisair.com (the “Site”) and when you submit an application for enrollment through our school admission form.
This policy describes your privacy rights under applicable law, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
Please read this policy carefully. If you disagree with its terms, please discontinue use of our Site and do not submit an application.
2. Who We Are (Data Controller)
Paris Air, Inc.
Website: www.parisair.com
3300 Airport West Dr.
Vero Beach, FL 32960
Email: [email protected]
Phone: 1-772-770-2708
For GDPR purposes, Paris Air is the data controller responsible for your personal data. For questions about this policy or your data, contact our privacy contact at the details above.
3. Information We Collect
We collect personal information you voluntarily provide, and information automatically collected when you use our Site.
3.1 Information Collected via the School Admission Form
When you submit an application for enrollment, we collect the following categories of personal information:
| Category | Specific Data Collected |
|---|---|
| Basic Identifiers | Full legal name (first, middle, last as it appears on passport), email address |
| Contact Information | Physical address (street, city, state/province, ZIP/postal code, country), phone country code, phone number |
| Demographic Information | Date of birth, gender, city of birth, country of birth |
| Immigration & Nationality Information | Country of citizenship, passport number, country of passport issuance, passport expiration date |
| Government-Issued Identity Document | Upload of passport image (must contain photo, full name, date of birth, date of issue, expiration date, and passport number) |
| Academic & Training Information | Courses of interest (Fixed-Wing, Helicopter, or Other), current pilot license(s) held, desired enrollment start date |
| Language & Proficiency | English proficiency status (Native Language, TOEFL, Second Language), English proficiency declaration |
| Housing Information | Whether housing is needed; U.S. address (required prior to I-20 issuance) |
| Health & Physical Limitations | Any physical or health limitations relevant to flight training |
| Family Information | Whether applicant plans to bring family members or dependents |
| Marketing Attribution | How the applicant found us (Facebook, Google, Instagram, TikTok, Search Engine, Word of Mouth, or Other) |
| Additional Information | Any other information voluntarily provided in the “Additional Info” field |
3.2 Information Collected via the Website Generally
When you visit our Site, we and our third-party partners may automatically collect:
| Category | Examples |
|---|---|
| Internet/Network Activity | IP address, browser type, referring URLs, pages visited, time spent |
| Device Information | Device type, operating system, screen resolution |
| Cookies & Tracking Data | See our separate Cookie Policy |
| Geolocation Data | General location inferred from IP address |
| Bot Detection Signals | IP address, TLS fingerprint, user-agent header, and browser behavioral signals collected by Cloudflare Turnstile on protected pages and forms |
Cloudflare Turnstile: We use Cloudflare Turnstile, a privacy-preserving bot detection service provided by Cloudflare, Inc., on certain pages and forms of our Site — including our enrollment application form. Turnstile evaluates browser-level signals (such as IP address, TLS fingerprint, user-agent, and behavioral timing data) to distinguish human users from automated bots. It does not set persistent tracking cookies, does not profile users for advertising purposes, and does not collect personal information beyond what is strictly necessary for bot detection. Signals are processed ephemerally and are not used to identify, target, or track individual users across sites. Cloudflare acts as a data processor on our behalf under a Data Processing Agreement. For more information, see Cloudflare’s Turnstile Privacy Addendum.
3.3 Sensitive Personal Information We Collect
The following categories constitute sensitive personal information under applicable law (CPRA and GDPR). We collect them solely for the purposes of evaluating your application, processing enrollment, and complying with U.S. immigration and aviation regulatory requirements:
- Government-Issued Identification Numbers: Passport number
- Government-Issued Identity Documents: Passport image
- National Origin / Citizenship: Country of citizenship, country of birth, country of passport issuance
- Date of Birth
- Gender
- Physical Limitations / Health Information: Self-reported limitations relevant to flight training
We do not use sensitive personal information for inferring characteristics, profiling, or any purpose beyond what is strictly necessary for enrollment and regulatory compliance, as described in Section 4.
4. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Evaluate and process your flight school admission application | All admission form data | Contract (pre-contractual steps at your request) |
| Issue and process your I-20 Student Visa document | Name, address, passport data, citizenship, enrollment details | Legal Obligation (DHS/SEVIS regulatory requirement) |
| Verify your identity and travel document authenticity | Passport number, passport image, date of birth | Legal Obligation / Contract |
| Assess eligibility for aviation training | Pilot licenses held, physical limitations, English proficiency | Contract / Legitimate Interests |
| Arrange student housing (if requested) | Address, housing preference | Contract |
| Communicate about your application, enrollment, and training | Name, email, phone | Contract |
| Send marketing emails about promotions, new products, or services | Name, email, marketing attribution | Consent (you may opt out at any time) |
| Comply with FAA, DHS, and SEVIS reporting requirements | Enrollment data, immigration data | Legal Obligation |
| Detect and prevent fraud or document falsification | Passport data, identity data | Legitimate Interests / Legal Obligation |
| Detect and prevent automated bot activity, spam submissions, and abuse on our Site and forms (via Cloudflare Turnstile) | IP address, TLS fingerprint, user-agent, browser behavioral signals | Legitimate Interests — protecting the security and integrity of our Site and services (Art. 6(1)(f) GDPR) |
| Improve our Site and services | Website analytics | Consent / Legitimate Interests |
We will not use your personal information for purposes incompatible with those described here without first notifying you and obtaining any required consent.
5. Sharing Your Information
We do not sell or rent your personal information. We may share your data in the following circumstances:
5.1 Mandatory Government & Regulatory Disclosures
Because Paris Air is a DHS-certified Student and Exchange Visitor Program (SEVP) institution, we are legally required to share certain student information with government agencies, including but not limited to:
- U.S. Department of Homeland Security (DHS) and the Student and Exchange Visitor Information System (SEVIS): Required for I-20 issuance and M-1 visa student tracking.
- Federal Aviation Administration (FAA): As required for aviation training and certification records.
- U.S. Citizenship and Immigration Services (USCIS): As required in connection with visa-related inquiries.
These disclosures are mandatory and cannot be opted out of if you wish to enroll as an international student.
5.2 Service Providers
We share data with trusted third-party vendors who assist in operating our Site, processing applications, managing student records, and delivering communications. These parties include:
- Cloudflare, Inc. — Bot detection and Site security via Cloudflare Turnstile. Cloudflare processes browser-level signals on our behalf solely for the purpose of distinguishing human users from automated bots. Cloudflare acts as a data processor under a Data Processing Agreement and does not use Turnstile data for advertising or cross-site tracking.
All service providers are contractually bound to handle your data securely and only for the purposes we specify.
5.3 Housing Providers
If you request student housing, we share necessary information (name, contact details, enrollment dates) with our housing partners to facilitate arrangements.
5.4 Legal Requirements
We may disclose your information when required by law, court order, or governmental authority, or to protect the rights, property, or safety of Paris Air, our students, or others.
5.5 Business Transfers
In the event of a merger, acquisition, or asset sale, your personal data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
We do not share your personal information with third parties for their own independent marketing purposes.
6. International Data Transfers
Applicants from outside the United States should be aware that their information will be transferred to, stored, and processed in the United States, where our servers and operations are located.
Additionally, because I-20 issuance is a U.S. federal legal requirement, international student data must be entered into the U.S. government’s SEVIS system, regardless of the applicant’s country of residence.
Cloudflare Turnstile signals (IP address, user-agent, TLS fingerprint, and browser signals) may be processed by Cloudflare, Inc. on servers located in the United States or other countries where Cloudflare operates infrastructure. Cloudflare participates in the EU-U.S. Data Privacy Framework and relies on Standard Contractual Clauses (SCCs) for transfers of personal data from the EEA, UK, or Switzerland.
For all other transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses (SCCs) or equivalent safeguards where required.
7. Data Retention
We retain personal information only as long as necessary for the purposes described in this policy or as required by law.
| Data Type | Retention Period |
|---|---|
| Student enrollment records (enrolled students) | Minimum 5 years after last date of attendance (SEVP requirement) |
| I-20 and SEVIS records | As required by DHS regulations (typically 3 years after program end) |
| Passport copies and immigration documents | Duration of enrollment + 3 years, or as required by law |
| Application records (not enrolled) | 2 years from application date |
| Order and transaction records | 7 years (tax and legal compliance) |
| Marketing consent records | Until consent is withdrawn + 3 years |
| Website analytics data | 26 months |
| Cloudflare Turnstile bot detection signals | Approximately 25 hours (per Cloudflare’s data retention practices) |
| Inquiry/support communications | 3 years from last contact |
When data is no longer needed, it is securely deleted or anonymized.
8. Your Privacy Rights
8.1 Rights Under GDPR (EEA, UK, and Switzerland Residents)
If you are located in the EEA, UK, or Switzerland, you have the following rights:
- Right to Access — Request a copy of the personal data we hold about you.
- Right to Rectification — Request correction of inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”) — Request deletion of your personal data. Note: we may be unable to erase data we are legally required to retain (e.g., SEVIS records).
- Right to Restriction of Processing — Request that we limit how we use your data in certain circumstances.
- Right to Data Portability — Receive your data in a structured, machine-readable format.
- Right to Object — Object to processing based on legitimate interests (including bot detection via Cloudflare Turnstile) or for direct marketing.
- Right to Withdraw Consent — Where processing is based on consent (e.g., marketing emails), withdraw it at any time without affecting prior processing.
- Rights Related to Automated Decision-Making — We do not make solely automated decisions that produce legal or similarly significant effects on you.
To exercise these rights, contact us at [email protected]. We will respond within 30 days (extendable by 60 days for complex requests, with notice). You also have the right to lodge a complaint with your local data protection supervisory authority: https://edpb.europa.eu/about-edpb/board/members_en
8.2 Rights Under CCPA/CPRA (California Residents)
California residents have the following rights:
- Right to Know — Request disclosure of the categories and specific pieces of personal information collected about you, the sources, purposes, and categories of third parties with whom it is shared.
- Right to Delete — Request deletion of your personal information, subject to exceptions (e.g., legal obligations, SEVIS).
- Right to Correct — Request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information — You may request that we limit our use of sensitive personal information (passport data, national origin, date of birth, gender, health/limitations data) to what is necessary to provide our services. Note that limiting use of this data may prevent us from processing your enrollment or issuing an I-20.
- Right to Non-Discrimination — We will not deny services, charge different prices, or provide a lesser quality of service because you exercised your privacy rights.
To submit a CCPA/CPRA request:
Email: [email protected]
We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days with notice).
Authorized Agents: You may designate an authorized agent to submit requests on your behalf by providing written authorization and verifying your identity directly with us.
9. Security
We implement appropriate technical and organizational security measures to protect your personal information, with heightened protections for sensitive data such as passport documents and government identification numbers:
- Encryption (TLS/SSL): All data submitted via web forms, including passport uploads and personal identifiers, is encrypted in transit. Look for “https://” and the lock icon in your browser.
- Bot Detection (Cloudflare Turnstile): We deploy Cloudflare Turnstile on our web forms and protected pages to detect and block automated bot activity, including spam submissions and credential abuse. Turnstile operates without persistent tracking cookies and processes only the minimum browser-level signals necessary for this purpose.
- Access Controls: Access to sensitive records (passport images, immigration data) is restricted to authorized personnel with a documented need.
- Secure File Storage: Uploaded passport images and documents are stored in encrypted, access-controlled environments separate from general website data.
- Payment Security: Payment processing is handled by PCI-DSS-compliant third-party processors; we do not store raw card data.
- Secure Servers: All servers storing personally identifiable information are maintained in a secure environment.
No transmission over the internet is 100% secure. In the event of a personal data breach posing a risk to your rights, we will notify the appropriate supervisory authority within 72 hours (GDPR) and affected individuals without undue delay.
10. Children’s Privacy
Our flight school programs and this Site are not directed to children under the age of 16. We do not knowingly collect personal information from individuals under 16. If you believe a minor has submitted personal information to us, please contact us at [email protected] and we will delete it promptly.
11. Third-Party Links
Our Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies before providing personal information.
12. Do Not Track
Our Site does not currently respond to browser “Do Not Track” (DNT) signals. You may manage tracking preferences through our separate Cookie Policy.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we make material changes, we will update the “Last Updated” date and, where appropriate, notify you via email or a prominent notice on our Site. We encourage you to review this policy periodically.
14. Contact Us
For questions, concerns, or to exercise your privacy rights, please contact us:
Paris Air, Inc. — Privacy Inquiries
Email: [email protected]
Mailing Address:
Paris Air, Inc.
3300 Airport West Dr.
Vero Beach, FL 32960
This Privacy Policy was prepared in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and applicable U.S. Department of Homeland Security / SEVP regulations.
